From: Chao Gao <chao.gao@intel.com>
To: "Huang, Kai" <kai.huang@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>, "Christopherson,,
Sean" <seanjc@google.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"Guo, Xuelian" <xuelian.guo@intel.com>,
"robert.hu@linux.intel.com" <robert.hu@linux.intel.com>
Subject: Re: [PATCH v7 2/5] KVM: x86: Virtualize CR3.LAM_{U48,U57}
Date: Wed, 26 Apr 2023 11:05:09 +0800 [thread overview]
Message-ID: <ZEiU5Rln4uztr1bz@chao-email> (raw)
In-Reply-To: <14e019dff4537cfcffe522750a10778b4e0f1690.camel@intel.com>
On Wed, Apr 26, 2023 at 06:48:21AM +0800, Huang, Kai wrote:
>... when EPT is on, as you mentioned guest can update CR3 w/o causing VMEXIT to
>KVM.
>
>Is there any global enabling bit in any of CR to turn on/off LAM globally? It
>seems there isn't because AFAICT the bits in CR4 are used to control super mode
>linear address but not LAM in global?
Right.
>
>So if it is true, then it appears hardware depends on CPUID purely to decide
>whether to perform LAM or not.
>
>Which means, IIRC, when EPT is on, if we don't expose LAM to the guest on the
>hardware that supports LAM, I think guest can still enable LAM in CR3 w/o
>causing any trouble (because the hardware actually supports this feature)?
Yes. But I think it is a non-issue ...
>
>If it's true, it seems we should trap CR3 (at least loading) when hardware
>supports LAM but it's not exposed to the guest, so that KVM can correctly reject
>any LAM control bits when guest illegally does so?
>
Other features which need no explicit enablement (like AVX and other
new instructions) have the same problem.
The impact is some guests can use features which they are not supposed
to use. Then they might be broken after migration or kvm's instruction
emulation. But they put themselves at stake, KVM shouldn't be blamed.
The downside of intercepting CR3 is the performance impact on existing
VMs (all with old CPU models and thus all have no LAM). If they are
migrated to LAM-capable parts in the future, they will suffer
performance drop even though they are good tenents (i.e., won't try to
use LAM).
IMO, the value of preventing some guests from setting LAM_U48/U57 in CR3
when EPT=on cannot outweigh the performance impact. So, I vote to
document in changelog or comments that:
A guest can enable LAM for userspace pointers when EPT=on even if LAM
isn't exposed to it. KVM doens't prevent this out of performance
consideration
next prev parent reply other threads:[~2023-04-26 3:05 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-04 13:09 [PATCH v7 0/5] Linear Address Masking (LAM) KVM Enabling Binbin Wu
2023-04-04 13:09 ` [PATCH v7 1/5] KVM: x86: Virtualize CR4.LAM_SUP Binbin Wu
2023-04-04 13:09 ` [PATCH v7 2/5] KVM: x86: Virtualize CR3.LAM_{U48,U57} Binbin Wu
2023-04-06 12:57 ` Huang, Kai
2023-04-09 11:36 ` Binbin Wu
2023-04-11 23:11 ` Huang, Kai
2023-04-12 11:58 ` Huang, Kai
2023-04-13 1:36 ` Binbin Wu
2023-04-13 2:27 ` Huang, Kai
2023-04-13 4:45 ` Binbin Wu
2023-04-13 9:13 ` Huang, Kai
2023-04-21 6:35 ` Binbin Wu
2023-04-21 11:43 ` Huang, Kai
2023-04-21 15:32 ` Chao Gao
2023-04-22 4:51 ` Chao Gao
2023-04-22 8:14 ` Huang, Kai
2023-04-22 3:32 ` Binbin Wu
2023-04-22 4:43 ` Chao Gao
2023-04-27 13:19 ` Huang, Kai
2023-04-29 4:56 ` Binbin Wu
2023-04-25 22:48 ` Huang, Kai
2023-04-26 3:05 ` Chao Gao [this message]
2023-04-26 5:13 ` Binbin Wu
2023-04-26 8:44 ` Huang, Kai
2023-04-26 8:50 ` Binbin Wu
2023-04-26 8:43 ` Huang, Kai
2023-04-26 10:52 ` Binbin Wu
2023-04-27 13:23 ` Huang, Kai
2023-04-17 7:24 ` Chao Gao
2023-04-17 8:02 ` Binbin Wu
2023-04-04 13:09 ` [PATCH v7 3/5] KVM: x86: Introduce untag_addr() in kvm_x86_ops Binbin Wu
2023-04-18 3:08 ` Zeng Guang
2023-04-18 3:34 ` Binbin Wu
2023-04-19 2:30 ` Chao Gao
2023-04-19 3:08 ` Binbin Wu
2023-04-21 7:48 ` Binbin Wu
2023-04-21 8:21 ` Chao Gao
2023-04-04 13:09 ` [PATCH v7 4/5] KVM: x86: Untag address when LAM applicable Binbin Wu
2023-04-06 13:20 ` Huang, Kai
2023-04-10 3:35 ` Binbin Wu
2023-04-18 3:28 ` Zeng Guang
2023-04-18 3:38 ` Binbin Wu
2023-04-19 6:43 ` Chao Gao
2023-04-21 7:57 ` Binbin Wu
2023-04-21 8:36 ` Chao Gao
2023-04-21 9:13 ` Binbin Wu
2023-04-04 13:09 ` [PATCH v7 5/5] KVM: x86: Expose LAM feature to userspace VMM Binbin Wu
2023-04-21 9:40 ` [PATCH v7 0/5] Linear Address Masking (LAM) KVM Enabling Binbin Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZEiU5Rln4uztr1bz@chao-email \
--to=chao.gao@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=robert.hu@linux.intel.com \
--cc=seanjc@google.com \
--cc=xuelian.guo@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox