Received: by 2002:a05:6a10:8395:0:0:0:0 with SMTP id n21csp703862pxh; Tue, 9 Nov 2021 17:49:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJw3GmKUln9El7V+T6KYf2kbszQDXwNjfODOz79Z3r0YFInzKQ7LXGd+ZAgeM7uXqhEZqGLc X-Received: by 2002:a17:906:a14a:: with SMTP id bu10mr15513621ejb.540.1636508962911; Tue, 09 Nov 2021 17:49:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1636508962; cv=none; d=google.com; s=arc-20160816; b=MySdMYLw9IuLevWSXzO1MVdV1N9s5OClO/sjcbajhX7yuwPugALm3R3xhs1jlRMgX+ 6Vskg8Fbxyyyv531nzhf1RgexgQdPgGdi9fNd+vSFBLzNOsROlxxGJuPJ8yeyD2AB3Nx rLaZQrNvkcNNVXpbUI+J1W37WS8H1VAr/DNaxDiaMZYoI7vF7/3ySpgwmSe/9kGyVwMg 2RZxV77AEXEzi5x2dCzutsNKUo/JcIJr48eAXVnvcgTMW6nDacinLj2EI5rnHHGJxrJk PFLh+/QDsNkWr8VgQOzPQQJBo2ld3oW1WEenz0rrCUX+K+p/c9p4vUGjIBp6Is2083SZ FdyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id; bh=4SXJ81jkZjLZv351EPl6RD34IuRnYOU+0cH9YTUfCew=; b=a02Pt9Ntc8sYca2k8LYuBuQbjjJgKPmQIarbN8wHAw/8SJyg+Ce8Lxy51i7oTmBgPJ 69yUV1ZNLBg8ft/FOExaBmN2EQ87q7y9T1c5k0LOxSFcctQseuN3Dix4n+LJGiOeZjyr 4TqK6LKwFAss1EceUGV/tgOM2REJvAlVuqKFVvps6w85+ykieJDRv7DzmI3TNYyUbaOT oM7RjKmU8W4TRLWoFoPhjWPFv/jJLzHo6naSjuhuZA6aF7wySFEfUs3OSwaw2S3xeNCv B3zVeoSTobMEdH267mJce84OJANFK5JIuUBBxwiopfAa+PGOat/LZbdUDFPEujsW/3lg bU8Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o24si31863928ejd.504.2021.11.09.17.48.58; Tue, 09 Nov 2021 17:49:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229742AbhKJBso (ORCPT + 99 others); Tue, 9 Nov 2021 20:48:44 -0500 Received: from mga01.intel.com ([192.55.52.88]:24355 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229473AbhKJBso (ORCPT ); Tue, 9 Nov 2021 20:48:44 -0500 X-IronPort-AV: E=McAfee;i="6200,9189,10163"; a="256262318" X-IronPort-AV: E=Sophos;i="5.87,222,1631602800"; d="scan'208";a="256262318" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2021 17:45:57 -0800 X-IronPort-AV: E=Sophos;i="5.87,222,1631602800"; d="scan'208";a="503752418" Received: from unknown (HELO [10.239.13.123]) ([10.239.13.123]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2021 17:45:52 -0800 Message-ID: <82145eab-5b0b-bc26-8f8e-2bd68b9e7b28@intel.com> Date: Wed, 10 Nov 2021 09:45:50 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 Thunderbird/91.3.0 Subject: Re: [RFC PATCH v2 24/69] KVM: x86: Introduce "protected guest" concept and block disallowed ioctls Content-Language: en-US To: Paolo Bonzini , Tom Lendacky Cc: isaku.yamahata@gmail.com, "Yamahata, Isaku" , x86@kernel.org, Joerg Roedel , Jim Mattson , Wanpeng Li , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H . Peter Anvin" , Vitaly Kuznetsov , erdemaktas@google.com, Connor Kuehl , Sean Christopherson , linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <482264f17fa0652faad9bd5364d652d11cb2ecb8.1625186503.git.isaku.yamahata@intel.com> <02ca73b2-7f04-813d-5bb7-649c0edafa06@redhat.com> <209a57e9-ca9c-3939-4aaa-4602e3dd7cdd@amd.com> <6f0d243c-4f40-d608-3309-5c37536ab866@intel.com> <3966eaf0-ed8e-c356-97dd-f8c5c3057439@redhat.com> From: Xiaoyao Li In-Reply-To: <3966eaf0-ed8e-c356-97dd-f8c5c3057439@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/10/2021 1:15 AM, Paolo Bonzini wrote: > On 11/9/21 14:37, Xiaoyao Li wrote: >> >> Tom, >> >> I think what you did in this commit is not so correct. It just >> silently ignores the ioctls insteaf of returning an error to userspace >> to tell this IOCTL is not invalid to this VM. E.g., for >> kvm_arch_vcpu_ioctl_get_fpu(), QEMU just gets it succesful with fpu >> being all zeros. > > Yes, it's a "cop out" that removes the need for more complex changes in > QEMU. > > I think for the get/set registers ioctls > KVM_GET/SET_{REGS,SREGS,FPU,XSAVE,XCRS} we need to consider SEV-ES > backwards compatibility.  This means, at least for now, only apply the > restriction to TDX (using a bool-returning function, see the review for > 28/69). > > For SMM, MCE, vCPU events and for kvm_valid/dirty_regs, it can be done > as in this patch. > thank you Paolo, I will go with this direction.