Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2753610pxj; Mon, 10 May 2021 09:59:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXeTy4dG3u3y0crmxfE8pORWnuaQfNT3zwYd7e7igNulqqyaQSvp5N+ojGQZuoRR51OvaK X-Received: by 2002:a5d:9c9a:: with SMTP id p26mr19004158iop.94.1620665950706; Mon, 10 May 2021 09:59:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620665950; cv=none; d=google.com; s=arc-20160816; b=OL2WHFt4hZUzbPb//CMz8r6vQO1s2cc6hNBpbDUWrtYgsoVHCDCOzt+OjkgkNNTN/k vK/27WnUJ8WM9nnQBT4kx7GjFCfzSvqZvY8M6TXya6rWT/pfOjtAuLZdCr+Pwip74qe9 +k70Tz6yf93FE+guXn0HxajPXR6jN985PWzUVIVsjyL36lsM1W0bfB1keZFrwFGYJBB2 82jVLTp81UogSh+ZHfKk7H4BQTosxGsTEySfeDAMq0WVP5NFtDozFY5kxL7SdDx50L1q gP9MEkDwywB8ioa6BZiJBEQLXStn+uRAyp4ghXGpOaORsGaOeG6vEfLiRHYdXgmL+Pqv ldGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Ie5AYmqK63xzjFssLcNkkP7A6mi6riGq/9HKzXNVk6A=; b=ey5nYYq27m9Fd6ld5tlVi+dGtCI7zBfN8Qd9jqu6M5MTOoBtxSAVZog30HQNRatB5w tiQfy/CYTMrXbhxTxLUQ96bx/1Oa5+Jmk+CB6f98VZlL7+miFSUnZM/w/o/ENm5j/rVN h56AwQha4p5TlF/LXKDFMIcfHjwY1NMbREcXPmeN8xQJnBRe083onHlj2JbfI+eikYdk 5y65Xcu4HRsb+WiZRcZugzPHele81W70eu2dZmuNwSdWKjfJH++/pYULPO2alb6R5Pqz jVCuAEHh0cFrbPBylsgXhwTABoDryhMIKubQ3IakUPzrNVNIQLf6zwPhdHQdjGf6mWff 6jqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SepcazzD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d13si10379563ion.63.2021.05.10.09.58.57; Mon, 10 May 2021 09:59:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=SepcazzD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231562AbhEJQ5n (ORCPT + 99 others); Mon, 10 May 2021 12:57:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40624 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230286AbhEJQ5h (ORCPT ); Mon, 10 May 2021 12:57:37 -0400 Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24610C061574 for ; Mon, 10 May 2021 09:56:32 -0700 (PDT) Received: by mail-pl1-x62d.google.com with SMTP id n16so9437980plf.7 for ; Mon, 10 May 2021 09:56:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Ie5AYmqK63xzjFssLcNkkP7A6mi6riGq/9HKzXNVk6A=; b=SepcazzDfwcqb7zkKwhVhYcOakZPshV+SlDOgSATAzQaPDFRyfm0SCzNeTyVwrxU+N buq8UGFWATYjEHXZoW4ieGWKBhxiD2ERcd/i5FZ+6W6C48Js1KQo7Sg2THdAXARR8GPk Q0yf9N6Wmso6uB0rrEOEyZ6Z8SlfmXnVpYo9uISLbfL2QLt52sgsLnjaS5Of9P1/35zI vJTWUV6/c2tdjwNa6tVQbVikPDB5Vzuqnz4dw4HIOq5kxaOhzh4qBqV2Hceruzjvq0Tb DOXY/0FN0UxeWWZBJElv0U+O7O41D1n98sgg+hGppVwb61UN/YTaV8h2yrQCY7XZrjGl czsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=Ie5AYmqK63xzjFssLcNkkP7A6mi6riGq/9HKzXNVk6A=; b=LRo5MCr1ZWjlVTfNOp1PHIYoNJPx9yKXEvNHRIxdGVHZYQV5Zu2xEv5w+IVLOPORKZ 9ICXAru09bWd1FY3dZ69WWxrfNysw1yVrR3PbzC37JLXo0apq8HZELNMHrrwfDei47Jd Vq8XIBYpi4+RFSwdh47M5qytsckTO+Lz9rg8rkpwLurcIg+E/i1/bBTNYE//aVmdBvkW VCrDZyWRuFBXEseKCP5ZCtc8mF2CCdF8bXEvgrk67JqZHK3qo3xeGwJZoKTY/iyhxQo5 2AmsguNan/Wp4mMpjl7hiOU3AKW1UfIa/R2ml7UeLnOfG13Ae2NrWpjUIJ3aMVrIGyXo gqEQ== X-Gm-Message-State: AOAM532rd7HFVbNjMWDatr/q/3YsoKgWLK9cj/7CY9Vy1765MNL4vdaB FSembpHok91TccVLBGmNRUszGQ== X-Received: by 2002:a17:90b:370a:: with SMTP id mg10mr28773364pjb.219.1620665791522; Mon, 10 May 2021 09:56:31 -0700 (PDT) Received: from google.com (240.111.247.35.bc.googleusercontent.com. [35.247.111.240]) by smtp.gmail.com with ESMTPSA id d18sm11877725pgo.66.2021.05.10.09.56.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 10 May 2021 09:56:31 -0700 (PDT) Date: Mon, 10 May 2021 16:56:27 +0000 From: Sean Christopherson To: Maxim Levitsky Cc: Jim Mattson , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , kvm list , LKML , Xiaoyao Li , Reiji Watanabe Subject: Re: [PATCH 03/15] KVM: SVM: Inject #UD on RDTSCP when it should be disabled in the guest Message-ID: References: <20210504171734.1434054-1-seanjc@google.com> <20210504171734.1434054-4-seanjc@google.com> <1b50b090-2d6d-e13d-9532-e7195ebffe14@redhat.com> <4a4b9fea4937da7b0b42e6f3179566d73bf022e2.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4a4b9fea4937da7b0b42e6f3179566d73bf022e2.camel@redhat.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 10, 2021, Maxim Levitsky wrote: > On Tue, 2021-05-04 at 14:58 -0700, Jim Mattson wrote: > > On Tue, May 4, 2021 at 2:57 PM Paolo Bonzini wrote: > > > On 04/05/21 23:53, Sean Christopherson wrote: > > > > > Does the right thing happen here if the vCPU is in guest mode when > > > > > userspace decides to toggle the CPUID.80000001H:EDX.RDTSCP bit on or > > > > > off? > > > > I hate our terminology. By "guest mode", do you mean running the vCPU, or do > > > > you specifically mean running in L2? > > > > > > > > > > Guest mode should mean L2. > > > > > > (I wonder if we should have a capability that says "KVM_SET_CPUID2 can > > > only be called prior to KVM_RUN"). > > > > It would certainly make it easier to reason about potential security issues. > > > I vote too for this. Alternatively, what about adding KVM_VCPU_RESET to let userspace explicitly pull RESET#, and defining that ioctl() to freeze the vCPU model? I.e. after userspace resets the vCPU, KVM_SET_CPUID (and any other relevant ioctls() is disallowed. Lack of proper RESET emulation is annoying, e.g. userspace has to manually stuff EDX after vCPU creation to get the right value at RESET. A dedicated ioctl() would kill two birds with one stone, without having to add yet another "2" ioctl().