From: Sean Christopherson <seanjc@google.com>
To: "Chang S. Bae" <chang.seok.bae@intel.com>
Cc: kvm@vger.kernel.org, pbonzini@redhat.com,
linux-kernel@vger.kernel.org, yang.zhong@intel.com
Subject: Re: [RFC PATCH 1/2] KVM: x86: Add a new system attribute for dynamic XSTATE component
Date: Wed, 24 Aug 2022 21:42:32 +0000 [thread overview]
Message-ID: <YwabSPpC1G9J+aRA@google.com> (raw)
In-Reply-To: <20220823231402.7839-2-chang.seok.bae@intel.com>
On Tue, Aug 23, 2022, Chang S. Bae wrote:
> == Background ==
>
> A set of architecture-specific prctl() options offer to control dynamic
> XSTATE components in VCPUs. Userspace VMMs may interact with the host using
> ARCH_GET_XCOMP_GUEST_PERM and ARCH_REQ_XCOMP_GUEST_PERM.
>
> However, they are separated from the KVM API. KVM may select features that
> the host supports and advertise them through the KVM_X86_XCOMP_GUEST_SUPP
> attribute.
>
> == Problem ==
>
> QEMU [1] queries the features through the KVM API instead of using the x86
> arch_prctl() option. But it still needs to use arch_prctl() to request the
> permission. Then this step may become fragile because it does not guarantee
> to comply with the KVM policy.
But backdooring through KVM doesn't prevent usersepace from walking in through
the front door (arch_prctl()), i.e. this doesn't protect the kernel in any way.
KVM needs to ensure that _KVM_ doesn't screw up and let userspace use features
that KVM doesn't support. The kernel's restrictions on using features goes on
top, i.e. KVM must behave correctly irrespective of kernel restrictions.
If QEMU wants to assert that it didn't misconfigure itself, it can assert on the
config in any number of ways, e.g. assert that ARCH_GET_XCOMP_GUEST_PERM is a
subset of KVM_X86_XCOMP_GUEST_SUPP at the end of kvm_request_xsave_components().
next prev parent reply other threads:[~2022-08-24 21:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-23 23:14 [RFC PATCH 0/2] KVM: x86: Add a new attribute to control dynamic XSTATE components Chang S. Bae
2022-08-23 23:14 ` [RFC PATCH 1/2] KVM: x86: Add a new system attribute for dynamic XSTATE component Chang S. Bae
2022-08-24 21:42 ` Sean Christopherson [this message]
2022-08-24 22:49 ` Chang S. Bae
2022-08-25 16:19 ` Sean Christopherson
2022-08-25 20:45 ` Chang S. Bae
2022-08-25 21:54 ` Sean Christopherson
2022-08-23 23:14 ` [RFC PATCH 2/2] selftests: kvm: Use the KVM API to enable dynamic XSTATE features Chang S. Bae
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YwabSPpC1G9J+aRA@google.com \
--to=seanjc@google.com \
--cc=chang.seok.bae@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=yang.zhong@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox