Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4213097imw; Thu, 7 Jul 2022 14:51:06 -0700 (PDT) X-Google-Smtp-Source: AGRyM1ujUv11C2FHuNqxEillpmBwRFhactv4e93RcKAcct7thQqZxZpsryoKRgP7c4y3TLUV+VOx X-Received: by 2002:a65:6bc4:0:b0:3c2:2f7c:cc74 with SMTP id e4-20020a656bc4000000b003c22f7ccc74mr170257pgw.307.1657230666587; Thu, 07 Jul 2022 14:51:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657230666; cv=none; d=google.com; s=arc-20160816; b=oxWh61ky6xeettFk7eVr1a4c5jPsdmwIK+C27gPnZiIU/8Uqbz3eUYeFoEWV0plLaT NboBQd/2es7nX8RrqHGNq0VOwWA/9bytpcBfjd5W2rKw3WndykaztEDbDD12fTBrUsOB FKZzP3G+KQTPFzbeEx2BZMmp+OjKoJQ3VVdkfXf1j3+Y654xpphiQIBSmiIa/JPf6AE4 Vdz7yquFuDJBYse8Yvjr/frQh/S7JnRPiYig0SaC+QgOLcR0/tGMeS5gXYyAgTAqe6Kb tXcRgz545xeT+lF5srENsPfs1fQ8zome/YKoXvweGtySqBivbDlqgCR4DyvxgJFlw0sv lmfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=u2SOYnoMdx8IBvrKnymTBSvcOZ/zbN6d4SkV8cqAn1A=; b=Eh83XO03q1K+WX3Ygi7719HL3cJAs47bRSkejDv/9EFcyVV10OIw1dgW0JORJBSc5+ 2zI+H+qRZdHtIswfHidQbpzry4mQ2ZknDfiwXY1EdtV6T/W2T4FWFM2ReCbqTGWBohAF JtjEdHSASYm4N4sAHRotPuJn1bdBSVo608iCMimRe9U1HUm74QlzLQX9JN/BRwTB9PYk AtpyHMFZl1ggEUT5e1w7pltxkYRF3lNfJ6Cd7PBSlt3YsTDtBRafl21OVgqYYTET9uIh cmyC+R0TAtBRV2Tb9F9+brKc6yLgEfSQWCfBrGgE3BHfwSTfJf+NCTbJVhc6bTrVcI1+ TNrw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=AgJgdrch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s16-20020a056a00195000b0050d80e4935fsi25603914pfk.256.2022.07.07.14.50.53; Thu, 07 Jul 2022 14:51:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=AgJgdrch; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236823AbiGGVcj (ORCPT + 99 others); Thu, 7 Jul 2022 17:32:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236587AbiGGVch (ORCPT ); Thu, 7 Jul 2022 17:32:37 -0400 Received: from mail-oo1-xc30.google.com (mail-oo1-xc30.google.com [IPv6:2607:f8b0:4864:20::c30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3A9332EEC for ; Thu, 7 Jul 2022 14:32:36 -0700 (PDT) Received: by mail-oo1-xc30.google.com with SMTP id v33-20020a4a9764000000b0035f814bb06eso3693511ooi.11 for ; Thu, 07 Jul 2022 14:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=u2SOYnoMdx8IBvrKnymTBSvcOZ/zbN6d4SkV8cqAn1A=; b=AgJgdrchkINgAqJ5cUSpp2w3dE9d5buWYCk1EA95XAOB4LlsuZCYvaEYLdSxf0BwZz /fVuGNye+0hpTvhVidCOmJYs/EUeeE7s0DUvPcgzyPisUNnMG3IVIPAFW24LiAvk5iIC x82LbBwvo6xxdcDldjKYPFemNgn8bZbG0ZarJrXucisGdTpD50A+HdKsiFfDGAP4gVwW wTp/wYGVy1tFgcxgitSin9UUl1Uh1Wz4lxSQfMFEAaQQb0NnV0FpDcItk+bbuh1Qzuey 5+mWwh384fZobG8PsIjShS24XRO+s/331QvWBLQLln1CzuIKDFGWp4MRo5JjLH8+bZ1J sgDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=u2SOYnoMdx8IBvrKnymTBSvcOZ/zbN6d4SkV8cqAn1A=; b=6QzMhNGUGWtfOLwv0l+NhOpCBWf+ht7w+OJQFYtjRBmV9W+NX3NNsDTLgSJ/5dYjKn PcxK9b+bOWX8mC0gdc+3OJWR3Jtx7gTtKxqerRVc1bYb2Grc70ws8Wie6vmIvFU1wbrb 8OHoikqP1yoKX3+uYFcCvODcHjp1XeoEFAbBD595PPuWDq+kKzclVjYibu1xKAUEq02W 0W3l0Jrd9n0zMrFKYxXACm+WhpeM3mvXcICkfBPrM9fOVH51p2bQctXafU9y3J8+QOlV 6bDkTyPZ1hmgCI9HnVHV++Qlwj7kCjxqS2eP3Hd6BHtiTyMAPoYkrGQZ7KQ9LcS4DMgb Vj3w== X-Gm-Message-State: AJIora+6JPjowrJt3igDN2q6nwuPkA/1cq81bCKt4JcPGZmcp+sjUi5c +XzQl+kTceG+Cscao9g1HkUZjLpDv3bBT2OGE/2DwA== X-Received: by 2002:a4a:b306:0:b0:425:8afc:a3d8 with SMTP id m6-20020a4ab306000000b004258afca3d8mr75934ooo.47.1657229555846; Thu, 07 Jul 2022 14:32:35 -0700 (PDT) MIME-Version: 1.0 References: <20220629150625.238286-1-vkuznets@redhat.com> <20220629150625.238286-23-vkuznets@redhat.com> <87wncpotqv.fsf@redhat.com> In-Reply-To: From: Jim Mattson Date: Thu, 7 Jul 2022 14:32:25 -0700 Message-ID: Subject: Re: [PATCH v2 22/28] KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup To: Sean Christopherson Cc: Vitaly Kuznetsov , kvm@vger.kernel.org, Paolo Bonzini , Anirudh Rayabharam , Wanpeng Li , Maxim Levitsky , linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 7, 2022 at 12:30 PM Sean Christopherson wrote: > > On Thu, Jul 07, 2022, Vitaly Kuznetsov wrote: > > Jim Mattson writes: > > > > > On Wed, Jun 29, 2022 at 8:07 AM Vitaly Kuznetsov wrote: > > >> > > >> From: Sean Christopherson > > >> > > >> Clear the CR3 and INVLPG interception controls at runtime based on > > >> whether or not EPT is being _used_, as opposed to clearing the bits at > > >> setup if EPT is _supported_ in hardware, and then restoring them when EPT > > >> is not used. Not mucking with the base config will allow using the base > > >> config as the starting point for emulating the VMX capability MSRs. > > >> > > >> Signed-off-by: Sean Christopherson > > >> Signed-off-by: Vitaly Kuznetsov > > > Nit: These controls aren't "obsoleted" by EPT; they're just no longer > > > required. > > Isn't that the definition of "obsolete"? They're "no longer in use" when KVM > enables EPT. There are still reasons to use them aside from shadow page table maintenance. For example, malware analysis may be interested in intercepting CR3 changes to track process context (and to enable/disable costly monitoring). EPT doesn't render these events "obsolete," because you can't intercept these events using EPT. > > I'm going to update the subject line to "KVM: VMX: Clear controls > > unneded with EPT at runtime, not setup" retaining your authorship in v3 > > That's fine, though s/unneded/unneeded.