Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2753610pxj;
        Mon, 10 May 2021 09:59:10 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyXeTy4dG3u3y0crmxfE8pORWnuaQfNT3zwYd7e7igNulqqyaQSvp5N+ojGQZuoRR51OvaK
X-Received: by 2002:a5d:9c9a:: with SMTP id p26mr19004158iop.94.1620665950706;
        Mon, 10 May 2021 09:59:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1620665950; cv=none;
        d=google.com; s=arc-20160816;
        b=OL2WHFt4hZUzbPb//CMz8r6vQO1s2cc6hNBpbDUWrtYgsoVHCDCOzt+OjkgkNNTN/k
         vK/27WnUJ8WM9nnQBT4kx7GjFCfzSvqZvY8M6TXya6rWT/pfOjtAuLZdCr+Pwip74qe9
         +k70Tz6yf93FE+guXn0HxajPXR6jN985PWzUVIVsjyL36lsM1W0bfB1keZFrwFGYJBB2
         82jVLTp81UogSh+ZHfKk7H4BQTosxGsTEySfeDAMq0WVP5NFtDozFY5kxL7SdDx50L1q
         gP9MEkDwywB8ioa6BZiJBEQLXStn+uRAyp4ghXGpOaORsGaOeG6vEfLiRHYdXgmL+Pqv
         ldGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=Ie5AYmqK63xzjFssLcNkkP7A6mi6riGq/9HKzXNVk6A=;
        b=ey5nYYq27m9Fd6ld5tlVi+dGtCI7zBfN8Qd9jqu6M5MTOoBtxSAVZog30HQNRatB5w
         tiQfy/CYTMrXbhxTxLUQ96bx/1Oa5+Jmk+CB6f98VZlL7+miFSUnZM/w/o/ENm5j/rVN
         h56AwQha4p5TlF/LXKDFMIcfHjwY1NMbREcXPmeN8xQJnBRe083onHlj2JbfI+eikYdk
         5y65Xcu4HRsb+WiZRcZugzPHele81W70eu2dZmuNwSdWKjfJH++/pYULPO2alb6R5Pqz
         jVCuAEHh0cFrbPBylsgXhwTABoDryhMIKubQ3IakUPzrNVNIQLf6zwPhdHQdjGf6mWff
         6jqw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=SepcazzD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id d13si10379563ion.63.2021.05.10.09.58.57;
        Mon, 10 May 2021 09:59:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=SepcazzD;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231562AbhEJQ5n (ORCPT <rfc822;lkmldmj@gmail.com> + 99 others);
        Mon, 10 May 2021 12:57:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40624 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230286AbhEJQ5h (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 10 May 2021 12:57:37 -0400
Received: from mail-pl1-x62d.google.com (mail-pl1-x62d.google.com [IPv6:2607:f8b0:4864:20::62d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 24610C061574
        for <linux-kernel@vger.kernel.org>; Mon, 10 May 2021 09:56:32 -0700 (PDT)
Received: by mail-pl1-x62d.google.com with SMTP id n16so9437980plf.7
        for <linux-kernel@vger.kernel.org>; Mon, 10 May 2021 09:56:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=Ie5AYmqK63xzjFssLcNkkP7A6mi6riGq/9HKzXNVk6A=;
        b=SepcazzDfwcqb7zkKwhVhYcOakZPshV+SlDOgSATAzQaPDFRyfm0SCzNeTyVwrxU+N
         buq8UGFWATYjEHXZoW4ieGWKBhxiD2ERcd/i5FZ+6W6C48Js1KQo7Sg2THdAXARR8GPk
         Q0yf9N6Wmso6uB0rrEOEyZ6Z8SlfmXnVpYo9uISLbfL2QLt52sgsLnjaS5Of9P1/35zI
         vJTWUV6/c2tdjwNa6tVQbVikPDB5Vzuqnz4dw4HIOq5kxaOhzh4qBqV2Hceruzjvq0Tb
         DOXY/0FN0UxeWWZBJElv0U+O7O41D1n98sgg+hGppVwb61UN/YTaV8h2yrQCY7XZrjGl
         czsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=Ie5AYmqK63xzjFssLcNkkP7A6mi6riGq/9HKzXNVk6A=;
        b=LRo5MCr1ZWjlVTfNOp1PHIYoNJPx9yKXEvNHRIxdGVHZYQV5Zu2xEv5w+IVLOPORKZ
         9ICXAru09bWd1FY3dZ69WWxrfNysw1yVrR3PbzC37JLXo0apq8HZELNMHrrwfDei47Jd
         Vq8XIBYpi4+RFSwdh47M5qytsckTO+Lz9rg8rkpwLurcIg+E/i1/bBTNYE//aVmdBvkW
         VCrDZyWRuFBXEseKCP5ZCtc8mF2CCdF8bXEvgrk67JqZHK3qo3xeGwJZoKTY/iyhxQo5
         2AmsguNan/Wp4mMpjl7hiOU3AKW1UfIa/R2ml7UeLnOfG13Ae2NrWpjUIJ3aMVrIGyXo
         gqEQ==
X-Gm-Message-State: AOAM532rd7HFVbNjMWDatr/q/3YsoKgWLK9cj/7CY9Vy1765MNL4vdaB
        FSembpHok91TccVLBGmNRUszGQ==
X-Received: by 2002:a17:90b:370a:: with SMTP id mg10mr28773364pjb.219.1620665791522;
        Mon, 10 May 2021 09:56:31 -0700 (PDT)
Received: from google.com (240.111.247.35.bc.googleusercontent.com. [35.247.111.240])
        by smtp.gmail.com with ESMTPSA id d18sm11877725pgo.66.2021.05.10.09.56.30
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 10 May 2021 09:56:31 -0700 (PDT)
Date:   Mon, 10 May 2021 16:56:27 +0000
From:   Sean Christopherson <seanjc@google.com>
To:     Maxim Levitsky <mlevitsk@redhat.com>
Cc:     Jim Mattson <jmattson@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        Wanpeng Li <wanpengli@tencent.com>,
        Joerg Roedel <joro@8bytes.org>, kvm list <kvm@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Xiaoyao Li <xiaoyao.li@intel.com>,
        Reiji Watanabe <reijiw@google.com>
Subject: Re: [PATCH 03/15] KVM: SVM: Inject #UD on RDTSCP when it should be
 disabled in the guest
Message-ID: <YJlluzMze2IfUM6S@google.com>
References: <20210504171734.1434054-1-seanjc@google.com>
 <20210504171734.1434054-4-seanjc@google.com>
 <CALMp9eSvXRJm-KxCGKOkgPO=4wJPBi5wDFLbCCX91UtvGJ1qBg@mail.gmail.com>
 <YJHCadSIQ/cK/RAw@google.com>
 <1b50b090-2d6d-e13d-9532-e7195ebffe14@redhat.com>
 <CALMp9eSSiPVWDf43Zed3+ukUc+NwMP8z7feoxX0eMmimvrznzA@mail.gmail.com>
 <4a4b9fea4937da7b0b42e6f3179566d73bf022e2.camel@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4a4b9fea4937da7b0b42e6f3179566d73bf022e2.camel@redhat.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, May 10, 2021, Maxim Levitsky wrote:
> On Tue, 2021-05-04 at 14:58 -0700, Jim Mattson wrote:
> > On Tue, May 4, 2021 at 2:57 PM Paolo Bonzini <pbonzini@redhat.com> wrote:
> > > On 04/05/21 23:53, Sean Christopherson wrote:
> > > > > Does the right thing happen here if the vCPU is in guest mode when
> > > > > userspace decides to toggle the CPUID.80000001H:EDX.RDTSCP bit on or
> > > > > off?
> > > > I hate our terminology.  By "guest mode", do you mean running the vCPU, or do
> > > > you specifically mean running in L2?
> > > > 
> > > 
> > > Guest mode should mean L2.
> > > 
> > > (I wonder if we should have a capability that says "KVM_SET_CPUID2 can
> > > only be called prior to KVM_RUN").
> > 
> > It would certainly make it easier to reason about potential security issues.
> > 
> I vote too for this.

Alternatively, what about adding KVM_VCPU_RESET to let userspace explicitly
pull RESET#, and defining that ioctl() to freeze the vCPU model?  I.e. after
userspace resets the vCPU, KVM_SET_CPUID (and any other relevant ioctls() is
disallowed.

Lack of proper RESET emulation is annoying, e.g. userspace has to manually stuff
EDX after vCPU creation to get the right value at RESET.  A dedicated ioctl()
would kill two birds with one stone, without having to add yet another "2"
ioctl().