Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3517738pxb; Mon, 4 Apr 2022 19:36:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxzG69f/tp8k91p1A6IkhXd0rl8M/6Co0AGn1RT5VZX28iZXAn6f7qCL9+TkQT9FCzRE38Y X-Received: by 2002:a17:902:f60c:b0:156:82c9:e44b with SMTP id n12-20020a170902f60c00b0015682c9e44bmr1150401plg.106.1649126213516; Mon, 04 Apr 2022 19:36:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649126213; cv=none; d=google.com; s=arc-20160816; b=LJfTaKtn8S1vxN1sLMRDAMkEyL4kDzA+SwFc6omwXVbpaAcjCZuyhXUeXS6wFS/yE8 wGVzmeJwfuwaBXha92HNIAQlvrtCqMRvpaDHyJAyvOsssJmiDlI67LPxZ5OpeZlxGrv4 R+pqqjuiWa+4jIhdphkoBoqAjrRbJWfvpxICKq2bTrM39AOA+0svAb1ezeIHXtyKfBH1 bwArkWWpI8Ug3FVCCOuS63MzcDDOoqR2ayb5z57o3xfZOqaGgvR1kfd3Fo+szB5742pm SHTOEO4NR/XuiZBiao7eyPVah7i/xAiTn0J2vTw2SPImofYFLTkrDdSncnq+1d9KuqQJ rDng== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=mgnV7xI4qUCKfrqlWFwfqK4AIab4DaYNplYu5ZnU12A=; b=NfGwhVWvXiWrvcFLifoqNEQaNiuSz3fhV//15lgBiquPZ2hrTV5MTmk47xEeErdNe5 ggzT6SnQq7693ysaR6wVJ/20P32qctWZluaiBtNh2O1U1d/csuCvcXsc8dU+iK91chv4 Wmi0WGMzA4+L7jA6IsFFIvKoG4NaR7PkchAtpzcs0fvii4yhoT80o8IAWR7X6Hyrshve rOyk4HISSTXCUIPIbhGUiViVMRfABq0LBfWG8fNnVhXHHtdslmai7Sg3PdF08BRSmSWf fNYKDI3WpgtXFwKNOD59q7KvhTkTdbljKd1G3HzAzgpy89bYRek9LzQZh+P8yQiBQrax cIFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=h6IOoYbe; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id m29-20020a638c1d000000b003816043f14esi11526795pgd.835.2022.04.04.19.36.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 19:36:53 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=h6IOoYbe; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 82ED513EF99; Mon, 4 Apr 2022 18:00:26 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1381434AbiDDWIT (ORCPT + 99 others); Mon, 4 Apr 2022 18:08:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1379541AbiDDR1S (ORCPT ); Mon, 4 Apr 2022 13:27:18 -0400 Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9AC9A31909 for ; Mon, 4 Apr 2022 10:25:22 -0700 (PDT) Received: by mail-pl1-x634.google.com with SMTP id i11so8686332plg.12 for ; Mon, 04 Apr 2022 10:25:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=mgnV7xI4qUCKfrqlWFwfqK4AIab4DaYNplYu5ZnU12A=; b=h6IOoYbeGqsTOT85hNSp30Z6S3z/0oyrH77ylDcQCzYqAx2ZHRLm2YfmqSFB6NClJu kJcZx7FPEq1+GT1+BVhpf6hwXjOBLbp1YTYM8YeAerFOwniYHATjFWcncbG6zs4uc6lH D88N/qv4s8ZVGSl86KP8gRLyF0TEI/eJIvNpSlCtRlVqEnCJ37G+eGGqZ6VKZiksrR7/ f975k9mhAdFYWZ6szHTXhJ8FN8tFh7MppB6ZV6jJSdiwgzfuf9i/XV/f4wxmXlEauKwx Jdu6TE4dO0MoCr/z3O/HM6LiRiNFGaXRzJlLG1c4sNEbtr1FVbATJkiOaKRHQaYmNWJG QSpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to; bh=mgnV7xI4qUCKfrqlWFwfqK4AIab4DaYNplYu5ZnU12A=; b=uTfwXtvSGoW/AeDF0Ln6A1kDN7+CuADSbrsajJOjc/CuRGRzWxxHED8ZauE3gCL/vm 1iy+FyISdsdfPj2O06bNKQFkjgItWfmytivNSWrORMrnSGsX+havCmciF8m4uBojInM6 kGIrTGjWd2VOERCts1DMh1du0X/hcE251nZfQ2TxbYiWUQD4b+PgJrER4FelHYzNXZQD m2Ler/BCwiX4oB8oeX9E/ZJK2sXBb+oVFg5dyf6/asaDiqNi2exXwseO0lcYpPiuoQ+b dR27Skw9kGHYaMTevdsR4cmg9K66ZVtYi8n38xrtrIrEdpcqczXKSrYei9hyKZslhSKL sC8g== X-Gm-Message-State: AOAM530s8Wiho4eaJjfMnxMFunoKs58cKaf6Usuy5hvDwPVoSYvaoiaC yAuAmjb9KzbfNvSZPfMjJyiaPA== X-Received: by 2002:a17:90b:38cd:b0:1ca:64dd:4747 with SMTP id nn13-20020a17090b38cd00b001ca64dd4747mr232081pjb.55.1649093121770; Mon, 04 Apr 2022 10:25:21 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id bx22-20020a056a00429600b004fa936a64b0sm12144176pfb.196.2022.04.04.10.25.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 10:25:20 -0700 (PDT) Date: Mon, 4 Apr 2022 17:25:17 +0000 From: Sean Christopherson To: Zeng Guang Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , "kvm@vger.kernel.org" , Dave Hansen , "Luck, Tony" , Kan Liang , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Kim Phillips , Jarkko Sakkinen , Jethro Beekman , "Huang, Kai" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "Hu, Robert" , "Gao, Chao" Subject: Re: [PATCH v7 7/8] KVM: x86: Allow userspace set maximum VCPU id for VM Message-ID: References: <20220304080725.18135-1-guang.zeng@intel.com> <20220304080725.18135-8-guang.zeng@intel.com> <60879468-c54f-e7f1-2123-ba4cf4128ac3@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <60879468-c54f-e7f1-2123-ba4cf4128ac3@intel.com> X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 03, 2022, Zeng Guang wrote: > > On 4/1/2022 10:01 AM, Sean Christopherson wrote: > > Amusingly, I think we also need a capability to enumerate that KVM_CAP_MAX_VCPU_ID > > is writable. > > IIUC, KVM_CAP_*? has intrinsic writable attribute. KVM will return invalid > If not implemented. Yes, but forcing userspace to do a dummy write to detect support is rather ugly. I'm not totally opposed to it. Probably a Paolo question. Paolo? > > > + if (cap->args[0] <= KVM_MAX_VCPU_IDS) { > > > + kvm->arch.max_vcpu_id = cap->args[0]; > > This needs to be rejected if kvm->created_vcpus > 0, and that check needs to be > > done under kvm_lock, otherwise userspace can bump the max ID after KVM allocates > > per-VM structures and trigger buffer overflow. > > Is it necessary to use kvm_lock ? Seems no use case to call it from multi-threads. There's no sane use case, but userspace is untrusted, i.e. KVM can't assume that userspace will do the right/desired thing.