Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1947162rwb; Mon, 7 Nov 2022 07:31:16 -0800 (PST) X-Google-Smtp-Source: AMsMyM6IDCD1c4J2cw3j/RgP62Iiyi7g79p0IUB8kPmBGb1LL5YXOqocQ6o0vZ2IEa/rddSiLfkp X-Received: by 2002:a63:6383:0:b0:46f:ef6b:f062 with SMTP id x125-20020a636383000000b0046fef6bf062mr29452910pgb.112.1667835075755; Mon, 07 Nov 2022 07:31:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1667835075; cv=none; d=google.com; s=arc-20160816; b=0zW4JRqrxB6U36xW5vBjD5A6mu7styv59IiHoVlwLJx8l5VkYoOmTWY7XfPwq82dU1 wtiUQcTOxhcMhuNLaEvCF2ezxnRtTphMfxtyjif2Es04H4w+0MSJIjJu2Z6wqc+/czKd M0OA4+vNiM4XZX3NDy9v1T/UwBWfnq5yOr8zVq+6TcLny0cza2F3TYnggWlhMMU0Et0Q DOMpSuhvXPnO9H6aZXwcV0Uw25z4aGIvJ/ik8nikd8tc7GzS33AQFuHV43CE8id+1l+6 RYryHoyXmfnqGEC2Q190cKHyKybUJkxNw936gfIyTcptt+uqkPkHdkZIIaBBLgpNXW7p C+Fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=l4jFCPlwpZWg2Kjtokjyu7cu6qRmEgh93f73kVu+XEs=; b=nG48/Oj5P5IBe7T2wjIkalwjmrm+z/Wpu7EIn+QLD+PYqsdU/EQRC6d3E46Qb+1WqU gpTJoczacCDqKQmVsOqQlCikd4M2wCPCY+MKZ+XaIRB0ZJOZ5ifNwJ036riXehMAdbNH 4ColqYlDPvXUCR89VcnyQiFhRJdHdm/Fou/6AxYSnrpyy6gXFbz3udtj8A4630nIFYmn az9fOLN1jVce4kiRe4odLaRuK+0ddPMmH53ExrPIUiEEzEIC4NJzYe3kQ855G94dLnPm TPPvOPgRQg4WVO+ocXKCPAau+PNXpBbTGnuGGnJi6O3C6exLSyf4zut9LC4mC8ncBBFu Ktew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=oetFNYCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q207-20020a632ad8000000b00462566bfda8si10948755pgq.788.2022.11.07.07.31.03; Mon, 07 Nov 2022 07:31:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=oetFNYCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232746AbiKGPHA (ORCPT + 94 others); Mon, 7 Nov 2022 10:07:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232792AbiKGPG4 (ORCPT ); Mon, 7 Nov 2022 10:06:56 -0500 Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DA4671DA54 for ; Mon, 7 Nov 2022 07:06:55 -0800 (PST) Received: by mail-pf1-x42f.google.com with SMTP id k15so10891006pfg.2 for ; Mon, 07 Nov 2022 07:06:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=l4jFCPlwpZWg2Kjtokjyu7cu6qRmEgh93f73kVu+XEs=; b=oetFNYCegdWD6vOJl36CdI66m/Wa0Uf+gSJkovRd88RWPXZj123nsB23AcVtywVBBz 8HnLArsVb1sUWBGrLHq8O4Hn1sQFwfM+MQI/ycQXMdUM+pUr5MhW7STxzPEA6h8p0OYK XCAfu2pwVTPtaUcYKrSCfzzPtucZamwvuzDOcX/8mC8z6wDQWEc8RnSQdlcve05CQhgz 3QF4WlvR/vZC69/xcvSAwSnYTGZhbS7OgWTy+N6e0juLxMzhPQN2TO6NQKhwrniOsraQ 0/+7gf10khshzbB/90u4EAJsgz1PDu7DAs7QqO0m9OsDdw/F4Zua4DDq+U+JO4eYCPNE ZEkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=l4jFCPlwpZWg2Kjtokjyu7cu6qRmEgh93f73kVu+XEs=; b=kIVNOZL2zeXkzRAyrMWAY3F5/2rTIPlFNLGAYkLj9MRGnaQ+bZsXbT4z+Cq0ySHsCK 8Mq/bbrS6rwir4CbiIZj0HXPGgnIieNMkUZ6QccSaggwAc9TbfG3jHsEhxZrFlScqISE 1ru0nUt7GHWmInsCF7H2KkXUuhFRZThgFm893dN8bmZcJ1SwQfcGaG6IqzRlMbsG46Ol vwTYg+FRcLznxBZR58fT2f92P+3En1UuxfO7EGVofrsq/w1BJPHJBh6SSxMOyiaqNp1T VCpTsWMRcdyEdhYa4MUQNi2y/EUr188kV0CgUtdfaOhX6awxs5KNB2QMjjGdq7jz+ioA WI/Q== X-Gm-Message-State: ACrzQf19ySRPIdupjDICC+9+ULVzMQASAi3xnd+rRggLbMrGtrRaqUzf qxmmL4fr6jtTgsOok/31ZL80gw== X-Received: by 2002:a63:cf4e:0:b0:470:3be8:4d5f with SMTP id b14-20020a63cf4e000000b004703be84d5fmr13875271pgj.269.1667833615172; Mon, 07 Nov 2022 07:06:55 -0800 (PST) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id k9-20020a17090a3cc900b00212d9a06edcsm6196927pjd.42.2022.11.07.07.06.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Nov 2022 07:06:54 -0800 (PST) Date: Mon, 7 Nov 2022 15:06:51 +0000 From: Sean Christopherson To: Yu Zhang Cc: Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Eric Li , David Matlack , Oliver Upton , Liu Jingqi Subject: Re: [PATCH v5 05/15] KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value Message-ID: References: <20220607213604.3346000-1-seanjc@google.com> <20220607213604.3346000-6-seanjc@google.com> <20221031163907.w64vyg5twzvv2nho@linux.intel.com> <20221101101801.zxcjswoesg2gltri@linux.intel.com> <20221102085414.fk2xss74jvtzs6mr@linux.intel.com> <20221107082714.fq3sw7qii4unlcn2@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221107082714.fq3sw7qii4unlcn2@linux.intel.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 07, 2022, Yu Zhang wrote: > On Thu, Nov 03, 2022 at 04:53:11PM +0000, Sean Christopherson wrote: > > Ideally, KVM should NEVER manipulate VMX MSRs in response to guest CPUID changes. > > That's what I was referring to earlier by commits: ... > Thanks Sean. Let me try to rephrase my understandings of your statement( > and pls feel free to correct me): > > 1> For now, what vmx_adjust_secondary_exec_control() does, is to enable/ > disable a feature in VMX MSR(and nVMX MSR) based on cpuid changes. > 2> What makes sense is, if a feature is > a. disabled by guest CPUID, it shall not be exposed in guest VMX MSR; > b. enabled by guest CPUID, it could be either exposed or hidden in > guest VMX MSR. > 3> So your previous change is to guarantee 2.a, and userspace VMM can choose > to follow follow either choices in 2.b(depending on whether it believes this > feature is correctly supported by KVM in nested). > > Is above understanding correct? Not quite. Again, in an ideal world, KVM would not modify the VMX MSRs based on guest CPUID. But it's possible userspace is relying on KVM to hide a feature from L2 if it's hidden from L1, so to avoid breaking an otherwise valide userspace config, it's worth enforcing that in KVM. > But what if userspace VMM sets guest CPUID first, disabling a feature, and > then sets the guest VMX MSR bit with this feature enabled? Does KVM need to > check guest CPUID again, in vmx_restore_control_msr()? No. It's not KVM's responsibility to provide a sane, valid vCPU model. So long as KVM is not endangered by a bad config, userspace can do whatever it wants.