Re: [PATCH 1/1] KVM: pass through CPUID(0x80000006)

[Takahiro Itazuri <itazur@amazon.com>]

Please forgive me if this is an absurd question.

Date:   Tue, 14 Apr 2020 19:37:26 -0700
From:   Sean Christopherson <sean.j.christopherson@intel.com>
>   Return the host's L2 cache and TLB information for CPUID.0x80000006
>   instead of zeroing out the entry as part of KVM_GET_SUPPORTED_CPUID.
>   This allows a userspace VMM to feed KVM_GET_SUPPORTED_CPUID's output
>   directly into KVM_SET_CPUID2 (without breaking the guest).

I noticed that CPUID 0x80000005 also returns cache information (L1 Cache
and TLB Information) when looking at AMD APM, while it is marked
reserved on Intel SDM. What do you think about passing through CPUID
0x80000005 to guests?

To be honest, I'm not sure if it is harmless from security and
performance perspectives in the first place.

Regard security aspect, I'm a bit concerned that it could help malicious
guests to know something to allow cache side channel attacks. However,
CPUID 0x80000006 has already passed through L2 Cache and TLB and L3
Cache Information. If passing through CPUID 0x80000006 is really fine,
I'm guessing it is the case with CPUID 0x80000005 as well.

In terms of performance, as far as I know, some softwares utilizes cache
information to achieve better performance. To simply put, by letting
guests know cache information, they may gain some benefits. Having said
that, if I understand correctly, guests can be scheduled on CPUs that do
not belong to the same group of CPUs that they run last time, unless
guests are pinned to a specific set of host physical CPUs. In such
cases, guests may not benefit from using cache information.

If I'm missing something or say something wrong, I'd appreciate it if
you could correct me. If it sounds no problem, I'd like to send a patch
for it.

Best regards,
Takahiro Itazuri