Received: by 2002:a05:6602:18e:0:0:0:0 with SMTP id m14csp850116ioo; Thu, 26 May 2022 16:57:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwTFyN3bBpIGPt63wC87ctJsKBocik6TTwDeTCsmEOLDqp123xsVfLIc+mSwau+dt884Uko X-Received: by 2002:a17:90b:3b46:b0:1e0:80d:ebc8 with SMTP id ot6-20020a17090b3b4600b001e0080debc8mr5210831pjb.229.1653609428786; Thu, 26 May 2022 16:57:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653609428; cv=none; d=google.com; s=arc-20160816; b=T4Fjq8VtCJb0bMIhuQUkz7zdAY2JDCb95wGHpXp3/+Doi9VgILL+IS3KCSqHJ8YKRk EUrF4AwQ/uqA6L/nGGt0lTdkmEiur+CxlRaJZZqfgXT2QgKohJ1sszC4lXZUvMQvd+t+ QOldTVLQJls/eCBeRRRDvn6eZkTe6QkmQW7wjz5IOMvdJL5mod+LjZMjokQ0VMrXgXlW /+MDrUaSXGOgVto1NbJhEowrY0967PtUk4Aa0k/SbMnmPlfY7yCsrKMKsd71PrDqp04t GLpkuDkf2iyg08+PyOD232+o4S5rKgBDKBOrloCQDLFUZ6zSWvp/wl0hDZpfIQyg9+HT ToGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=rESdkCwPqse6sStO4+DauKtPsPwAWSccX3gNyrYzPo4=; b=NxulaCJLUzSvORTfgD1r7qe0HtACtvj+pjDEl9lv4C3zp8fR9wEAo33rDLXbLOt2F0 fuwsc5rPuL7DnIQPZhl0r0uGoJUdf8nEPRdcmjSZHNwSkWmjOiWnh4jXyztGZAPeCJ56 uha05UKqBg4iWdRD5MkPTZ8B60rGnDYaODA66hwXvCR+ChtWdvka2zDdkzpsYAfch0Rm gkmS7QyCxOfde7XSA4vr/rcodgG4mexEJbCY1e6tQv3NKGlijpIb4LfhUcURG2ZKKcbD l5u8Pdslx35HNjbYRbbjg2OkgP8Pdb1XfyQ/16pXpuSSQ0m+vyFU5jVqX4aVmuD9qJrU l1Vg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=cIZ5ZG53; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a24-20020a63cd58000000b003dba528c905si4174954pgj.324.2022.05.26.16.56.57; Thu, 26 May 2022 16:57:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=cIZ5ZG53; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245295AbiEZBAu (ORCPT + 99 others); Wed, 25 May 2022 21:00:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58082 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345819AbiEZBAi (ORCPT ); Wed, 25 May 2022 21:00:38 -0400 Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35B5369CE8 for ; Wed, 25 May 2022 18:00:36 -0700 (PDT) Received: by mail-ot1-x32e.google.com with SMTP id e11-20020a9d6e0b000000b0060afcbafa80so115607otr.3 for ; Wed, 25 May 2022 18:00:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=rESdkCwPqse6sStO4+DauKtPsPwAWSccX3gNyrYzPo4=; b=cIZ5ZG536zr5k7KHC1Q2keKZ3UzihzmKNsNtKJZ8RAE6TvCSgB1RLGApmzcAS/dZRP QV6bCinfKsMLL8f3eK3XxqPXB3NhmPe0VZD2nftSF8fxdP2lBPphTnEotg81hgnX/SiN UUnnEEDb09XFjjB8JR67zLVW1qA0SK0/LtEL4UZ+NHH72LckHLOWA0C+qjt9edEjM+xJ HARYdTAxCxCUkRRpZ3UEznN+SrXlUBWWTsnEY+HyOGeZ4iSQ0KnXheHSSn3oa3kHIc4z JDTSOzM4G5NfXXGXGqQCG7hSrYi5SvItORMf5rdyZQHxRPgLOlmcIifLIUX9kkgE3YpI YxqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=rESdkCwPqse6sStO4+DauKtPsPwAWSccX3gNyrYzPo4=; b=OGBOQX3eubIrd04/8Fa4YFjC7eewhhaSgs5Y6bqBgjtuoeo3DkTTmBSNJgCJhM67If EcKCDO+KZqgL4XsIfPHDuc/ODJGWvLuCLZh7Id9pX7WGiqkuHtGcpX/DpgD5wVOpvaOO JkNsHlmC9ZikExP5lLc6SigV/UhVuiyPbovSal6j5SYddAHSvyaFlVHWt1d/gIFHv6XQ T+2xYcShCxHFE85yBGBFZ+aZLh8fLWHc0X2wkook+xhDf4m8wF/S5UuAMjJzAOBBVFyt W2vCNvjyqNXFBZa4eL3xMqIlMhVzyUXxxpmaLQuPwsz6HDMURhxDVgAVqtlXDEL7wAmR wAow== X-Gm-Message-State: AOAM5323WBWDYiAjdFzOPAKGKhBzwVAz1Tob9hVQVZxlst0N67ZX/amB c7VLi/Ttb4LwPA2R2OAd+yCXRusGpuaCu756ylgtQA== X-Received: by 2002:a9d:6ac8:0:b0:60b:cce:eff0 with SMTP id m8-20020a9d6ac8000000b0060b0cceeff0mr7768045otq.75.1653526835206; Wed, 25 May 2022 18:00:35 -0700 (PDT) MIME-Version: 1.0 References: <20220525210447.2758436-1-seanjc@google.com> <20220525210447.2758436-3-seanjc@google.com> In-Reply-To: From: Jim Mattson Date: Wed, 25 May 2022 18:00:24 -0700 Message-ID: Subject: Re: [PATCH 2/2] KVM: VMX: Add knob to allow rejecting kvm_intel on inconsistent VMCS config To: Sean Christopherson Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Chenyi Qiang , Lei Wang Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, May 25, 2022 at 5:45 PM Sean Christopherson wrote: > > On Wed, May 25, 2022, Jim Mattson wrote: > > On Wed, May 25, 2022 at 2:04 PM Sean Christopherson wrote: > > > > > > Add an off-by-default module param, reject_inconsistent_vmcs_config, to > > > allow rejecting the load of kvm_intel if an inconsistent VMCS config is > > > detected. Continuing on with an inconsistent, degraded config is > > > undesirable when the CPU is expected to support a given set of features, > > > e.g. can result in a misconfigured VM if userspace doesn't cross-check > > > KVM_GET_SUPPORTED_CPUID, and/or can result in poor performance due to > > > lack of fast MSR switching. > > > > > > Signed-off-by: Sean Christopherson > > > --- > > There are several inconsistent VMCS configs that are not rejected here > > (e.g. "enable XSAVES/XRSTORS" on a CPU that doesn't support XSAVES). > > Do you plan to include more checks in the future, or should this be, > > "reject_some_inconsistent_vmcs_configs"? :-) > > I have no plan, it was purely a reaction to continuing on with a known bad entry/exit > pair handling being awful. I hesitated to even apply it to the EPT/VPID stuff, but > again it seemed silly to detect an inconsistency and do nothing about it. > > I'm not opposed to adding more checks, though there is definitely a point of > diminishing returns. I'm just picking the really low hanging fruit :-) The usual KVM approach to a misconfigured guest is to let userspace shoot itself in the foot, as long as it doesn't put the host at risk. This change seems to run counter to that.