Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp5918385pxj; Wed, 23 Jun 2021 11:50:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwQb2PNu477BbSETGJsHpP3CsnNf9tBDb86r2yM8/KGD0d/5FFjp/BetFhAFkt0FXPliH/b X-Received: by 2002:a02:c808:: with SMTP id p8mr955993jao.109.1624474219652; Wed, 23 Jun 2021 11:50:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1624474219; cv=none; d=google.com; s=arc-20160816; b=H5MZoFmnLBWKCXu6aa59DzGWu7AHF0OxhFsYIX52nub2sdXKxGjrybPV8k8QjzDihV +tN/OvEkzP+NDSKPAtSOAUs4bOrNNUQOQ2vbOIV2rZp1tEfHeoI9gF/E1w+EQi9DPlPc r5yEQqj761AKV7XBF2ZNenuJyIuT4AMwwg6+1dHAqmWwulOXL4+tiVwrsK6HYqKaYHIe JvPeXfzGh7XrHe+reNxxmq5Nsbub5mw9tOABB5w8nF1NrEz85CbihHAIwk6VxkAttXY3 8Xew9gIgSiHAznmDBXD7nyeD4mC84f+nDaIeM6L5JSAsPGJUl+iPzoJ11A+a5ZGojMPQ Y58g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:dkim-signature; bh=Ex6/mXcaG+GKeUSD+NCcVoWSuyt20fqJHwV5zAiTy0I=; b=U1gOCz3JtgdknqVqxWr9JcdcGtWh/QK6mB6J4HNsrpjElK59UnH8OFNqpOIBohlOIC flMEf0apsGfPZlbYF7qs6nNOQRE5ZbqheK4PPVlqmoWLsFybhyYt0QgDpK8G7wmaExhe mCSIdBdMSkpr6uJA49brX48Rx3HOn+BvnzQyDZK5ZFveUZlbUwv3yhEjA8YWbprTirah cyCaSCHdTcIR8lxV2frvMdUyJO7bnh/r2W4aB//cnMlMNojVsh83nPJVBIef/A7WQMiX ZCxU7OWq0szIkin/ZOnmZONzCsHm2afgorbwhSKqtgCKP3S2/OTyEWMvcQdvY71rZgDG 58ZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=a3EjOxTP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e16si755342iom.90.2021.06.23.11.50.05; Wed, 23 Jun 2021 11:50:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=a3EjOxTP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229759AbhFWSvx (ORCPT + 99 others); Wed, 23 Jun 2021 14:51:53 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:52140 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229523AbhFWSvw (ORCPT ); Wed, 23 Jun 2021 14:51:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1624474174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ex6/mXcaG+GKeUSD+NCcVoWSuyt20fqJHwV5zAiTy0I=; b=a3EjOxTPmmEiU1UZJ63w60f+XGaj0Xwd6WkNHwVxX1bvC2sp2yVhEjZiYM71IaJ+k6pVau DBIdSgNL8MQ4EsHRA0I3DkV8j68yungAcbEuToxGAruUVR1M/mmIjfs5RsmLh6Mzfi95oW /FEbGqxkQUeQelhCsO28bIxujMVTafI= Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-568-QQwVnFSHMhy3EUtX9FEuzw-1; Wed, 23 Jun 2021 14:49:33 -0400 X-MC-Unique: QQwVnFSHMhy3EUtX9FEuzw-1 Received: by mail-ed1-f69.google.com with SMTP id z5-20020a05640235c5b0290393974bcf7eso1849211edc.2 for ; Wed, 23 Jun 2021 11:49:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=Ex6/mXcaG+GKeUSD+NCcVoWSuyt20fqJHwV5zAiTy0I=; b=bNE9BajmG3c0cL/l9wr3WKUZ4QyHeSeVKxbFYie2cDzjGqx9XDcum235S8W9XVjX4L 1x1y5j4BN080LQM3pc0wgjAa+/HYDa88Ig6FStUj/QbGD2bN0MvNYnIOf5dZWFwFI9lE xmDc0VZHAgmCxB5ibO87G3ahyrmP5iXDnL1x9amG4fcXlNej8+5Bnv8cwg4UmtBAwxJl Jza6cbXnMa9pC0F685eWiPp3H1iIYmiroue7re4IBWnujDEh1VAZbdLuV/p7MUy7dEPL c1dvwjxm6PjXECm8tXZs+8ePN4Zt2271sOEyQ0I+vU8DmCEP1+K9zXUGesI694706sFo tDoQ== X-Gm-Message-State: AOAM533lCTtKkoF70vwq1393KCdc9AvyRWosT6HBT4L7aqbSdwXnUx+X ZXybTpiZaKffGleo+ypWdjwZbszMl1ZuLzcf7+zidAGPVPWjDBWEdvBeJ6dpopQh3YJbrgyFw1A JcZXSZdV/59tQOclkW3fJh/co X-Received: by 2002:a05:6402:1d07:: with SMTP id dg7mr1709152edb.298.1624474171845; Wed, 23 Jun 2021 11:49:31 -0700 (PDT) X-Received: by 2002:a05:6402:1d07:: with SMTP id dg7mr1709131edb.298.1624474171621; Wed, 23 Jun 2021 11:49:31 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:c8dd:75d4:99ab:290a? ([2001:b07:6468:f312:c8dd:75d4:99ab:290a]) by smtp.gmail.com with ESMTPSA id v5sm478265edt.55.2021.06.23.11.49.30 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 23 Jun 2021 11:49:31 -0700 (PDT) Subject: Re: [PATCH 07/54] KVM: x86: Alert userspace that KVM_SET_CPUID{,2} after KVM_RUN is broken To: Jim Mattson Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , kvm list , LKML , Yu Zhang , Maxim Levitsky References: <20210622175739.3610207-1-seanjc@google.com> <20210622175739.3610207-8-seanjc@google.com> <6f25273e-ad80-4d99-91df-1dd0c847af39@redhat.com> From: Paolo Bonzini Message-ID: Date: Wed, 23 Jun 2021 20:49:29 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.10.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 23/06/21 20:11, Jim Mattson wrote: > On Wed, Jun 23, 2021 at 10:11 AM Paolo Bonzini wrote: >> Nah, that's not the philosophy. The philosophy is that covering all >> possible ways for userspace to shoot itself in the foot is impossible. >> >> However, here we're talking about 2 lines of code (thanks also to your >> patches that add last_vmentry_cpu for completely unrelated reasons) to >> remove a whole set of bullet/foot encounters. > > What about the problems that arise when we have different CPUID tables > for different vCPUs in the same VM? Can we just replace this > hole-in-foot inducing ioctl with a KVM_VM_SET_CPUID ioctl on the VM > level that has to be called before any vCPUs are created? Are there any KVM bugs that this can fix? The problem is that, unlike this case, it would be effectively impossible to deprecate KVM_SET_CPUID2 as a vcpu ioctl, so it would be hard to reap any benefits in KVM. BTW, there is actually a theoretical usecase for KVM_SET_CPUID2 after KVM_RUN, which is to test OSes against microcode updates that hide, totally random example, the RTM bit. But it's still not worth keeping it given 1) the bugs and complications in KVM, 2) if you really wanted that kind of testing so hard, the fact that you can just create a new vcpu file descriptor from scratch, possibly in cooperation with userspace MSR filtering 3) AFAIK no one has done that anyway in 15 years. Paolo