Re: [PATCH] KVM: VMX: expose the host's ARCH_CAPABILITIES MSR to userspace
From: Radim KrÄmÃÅ
Date: Wed Mar 07 2018 - 10:40:35 EST
2018-03-07 16:10+0100, Paolo Bonzini:
> On 07/03/2018 15:56, Radim KrÄmÃÅ wrote:
> > The MSR_F10H_DECFG default is questionable -- MSR_F10H_DECFG is an
> > architectural MSR, so we'd be changing the guest under the sight of
> > existing userspaces.
> > A potential security risk if they migrate the guest to a CPU that
> > doesn't serialize LFENCE. ARCH_CAPABILITIES are at least hidden by a
> > new CPUID bit.
>
> Good point. Perhaps we should add a KVM-specific CPUID bit for
> serializing LFENCE.
I reckon it wouldn't help much in the wild: we'd need userspace changes
(at least for QEMU) and at that point, userspace can as well just
implement MSR_F10H_DECFG and use an unmodified guest.
We can't easily intercept LFENCE to emulate the feature either, so it
seems like a waste of effort to me.