Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4211277imw; Thu, 7 Jul 2022 14:48:52 -0700 (PDT) X-Google-Smtp-Source: AGRyM1vVXLZvVj79OW+qXcHeSw7SkXycbLWHxHLgE4PG+A9opFD8wfh8tf3izkvVy5VZtvCQERcc X-Received: by 2002:a17:902:db0a:b0:16b:f92d:e8f6 with SMTP id m10-20020a170902db0a00b0016bf92de8f6mr192930plx.143.1657230532268; Thu, 07 Jul 2022 14:48:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657230532; cv=none; d=google.com; s=arc-20160816; b=Zy0m2gWzT1V56geVAQ1qJrhdQhZxh5rRxIMSBneZdLAnxDHvvQPlHYI3EwIIDc/MbQ sFhx1yVqY96u6CeMcE/9BvSFpufc/qDs0P5QvxEO9Cr5FhLGDWDzlx221szbcthJvElC ricl2Gpw2f7UGO5w610iijchwgM+QE26zuVXl+NjIxFC00M/z0yFXV1l0+MnATW35oD8 Y1Fs29N5pBCfN+aeRhzxQZUTYH7MamcBRSGHYrnE17+++1X369q01ghow77t3b0D91Oy 0zLwPTuCv8FoqSZ8BzRZqpiHghSlbE+MG6poi+mxo6BqJWo8IwkkXRr8FMgE8ue2tHlU Nu0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=pfzUOZFFSsLuWvtbAH4LMoUMhR9nzwLEUQr6Uj+RyfE=; b=zWJajyI0fjZrIeDXvBaEzEl5DUK5oda0Q/0h9Dh43Y5f36QQhTCxTDG4YtkuG9gTQN LRtzPwo7RrlUzspjcuOILk0i4gCWxLcV6otnhX7CPBNOgju6YwUq1DA3G2RgWEsZsvGo khv90H11zRNzek3hrJ3N2cXlOKR2wtwW5Wcjgs4mkujQo4+CwDlJWhHQNmgVg+ljgAhm lCJ0VKmtztAvNMLwGfm9KXDHaXT7mh5bJ/Yn0oGFyRhNa4eqlfMjuLQ4xAsaB1BOBZEv GoDypiVoWs3pOXFUlKs8Nz5xRBuNpaJxh7+2VE1APtpq5ZY+qrEE6Qn4Drrwcn07RJ96 Il5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BSa2kJop; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p4-20020a17090a748400b001efa6cbe9f0si116369pjk.111.2022.07.07.14.48.39; Thu, 07 Jul 2022 14:48:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=BSa2kJop; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236905AbiGGVjS (ORCPT + 99 others); Thu, 7 Jul 2022 17:39:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48736 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236907AbiGGVjO (ORCPT ); Thu, 7 Jul 2022 17:39:14 -0400 Received: from mail-pg1-x536.google.com (mail-pg1-x536.google.com [IPv6:2607:f8b0:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4061A31DE9 for ; Thu, 7 Jul 2022 14:39:13 -0700 (PDT) Received: by mail-pg1-x536.google.com with SMTP id s206so20770753pgs.3 for ; Thu, 07 Jul 2022 14:39:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=pfzUOZFFSsLuWvtbAH4LMoUMhR9nzwLEUQr6Uj+RyfE=; b=BSa2kJoprXwY2CZT2npE1CSWSjmIwWOpFZWlvkar8d8Gl16Ryhzpl8WN3rwPjgTDh4 HJ1wT+OV1RSHfhBhU3wvcb5bdBdiTRRgoz12ZminSlgYmz8YIn27FYiykjJ5NCu+c5Qc 57FMJh3kCzsZIP+wVshzI1LiNCghBoOJxCKSgEqtK8vARyPgLz/IPxqkpVKAtDwDOsnx CKqeEybQjMOCHWWVGXxTubXH6lWBBR09m+9JrbQixkuuDubznA2QyL3JeCUC+ERweCWC 0wH3Van6zZQKjSUKOhKWyRckl5AyDB+8NfQuF4zy4wLXYLNlf0qpqiEenD8tOWzpDj6d qLTg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=pfzUOZFFSsLuWvtbAH4LMoUMhR9nzwLEUQr6Uj+RyfE=; b=l1cGDQD75ca14p42t57dXrToyTAw5vKho2/Z26bAxdYuns759m+eG/mVv7jD8rtVEC 5j7gNHgcmAA+kzAH/ryUDYg6Lt3CEyF0Ybe0j8MWNcQ/UCOSQdvm+w4pubTqLETJKEDb 2AOM58+sDtN/zaP6cRTlPB5avkoCAyw0Ly3WT9Ik0ZSFfc8xPoc8yCFLosdS/Qoh//O1 vNM3a5K65EjSzV2zGJs5nlcP73GcEexxNYHMWYAoscC7+7U79xFghjFxi2mDzOQur5h8 3NtP8sFLt/CUpmb2Oe4mEq6Hl0Tk4t6vZLG8pfYzkx46+gcKtM0Sm7bkS1Q8eXGyQAMp NtwA== X-Gm-Message-State: AJIora+uXyoT/c9wRJaajN2Ljrkwq+3ExtcqkAu4Ph+aB3d6bRHKYfQM jKAc2WUouOYn/CeEVIoB6ahQ6Q== X-Received: by 2002:a63:87c6:0:b0:415:f6f:4469 with SMTP id i189-20020a6387c6000000b004150f6f4469mr122283pge.491.1657229952597; Thu, 07 Jul 2022 14:39:12 -0700 (PDT) Received: from google.com (123.65.230.35.bc.googleusercontent.com. [35.230.65.123]) by smtp.gmail.com with ESMTPSA id u13-20020a62790d000000b0052896629f66sm2085630pfc.208.2022.07.07.14.39.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 07 Jul 2022 14:39:12 -0700 (PDT) Date: Thu, 7 Jul 2022 21:39:08 +0000 From: Sean Christopherson To: Jim Mattson Cc: Vitaly Kuznetsov , kvm@vger.kernel.org, Paolo Bonzini , Anirudh Rayabharam , Wanpeng Li , Maxim Levitsky , linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 22/28] KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup Message-ID: References: <20220629150625.238286-1-vkuznets@redhat.com> <20220629150625.238286-23-vkuznets@redhat.com> <87wncpotqv.fsf@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 07, 2022, Jim Mattson wrote: > On Thu, Jul 7, 2022 at 12:30 PM Sean Christopherson wrote: > > > > On Thu, Jul 07, 2022, Vitaly Kuznetsov wrote: > > > Jim Mattson writes: > > > > > > > On Wed, Jun 29, 2022 at 8:07 AM Vitaly Kuznetsov wrote: > > > >> > > > >> From: Sean Christopherson > > > >> > > > >> Clear the CR3 and INVLPG interception controls at runtime based on > > > >> whether or not EPT is being _used_, as opposed to clearing the bits at > > > >> setup if EPT is _supported_ in hardware, and then restoring them when EPT > > > >> is not used. Not mucking with the base config will allow using the base > > > >> config as the starting point for emulating the VMX capability MSRs. > > > >> > > > >> Signed-off-by: Sean Christopherson > > > >> Signed-off-by: Vitaly Kuznetsov > > > > Nit: These controls aren't "obsoleted" by EPT; they're just no longer > > > > required. Actually, they're still required if unrestricted guest isn't supported. > > Isn't that the definition of "obsolete"? They're "no longer in use" when KVM > > enables EPT. > > There are still reasons to use them aside from shadow page table > maintenance. For example, malware analysis may be interested in > intercepting CR3 changes to track process context (and to > enable/disable costly monitoring). EPT doesn't render these events > "obsolete," because you can't intercept these events using EPT. Fair enough, I was using "EPT" in the "KVM is using EPT" sense. But even that's wrong as KVM intercepts CR3 accesses when EPT is enabled, but unrestricted guest is disabled and the guest disables paging. Vitaly, since the CR3 fields are still technically "needed", maybe just be explicit? KVM: VMX: Adjust CR3/INVPLG interception for EPT=y at runtime, not setup