Re: [PATCH 29/61] KVM: x86: Add Kconfig-controlled auditing of reverse CPUID lookups

From: Paolo Bonzini
Date: Tue Feb 25 2020 - 10:02:57 EST

Next message: Vitaly Kuznetsov: "Re: [PATCH 61/61] KVM: x86: Move VMX's host_efer to common x86 code"
Previous message: Joe Lawrence: "Re: [PATCH 0/3] Unexport kallsyms_lookup_name() and kallsyms_on_each_symbol()"
In reply to: Sean Christopherson: "Re: [PATCH 29/61] KVM: x86: Add Kconfig-controlled auditing of reverse CPUID lookups"
Next in thread: Paolo Bonzini: "Re: [PATCH 29/61] KVM: x86: Add Kconfig-controlled auditing of reverse CPUID lookups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 24/02/20 23:46, Sean Christopherson wrote:
>>> static __always_inline u32 *__cpuid_entry_get_reg(struct kvm_cpuid_entry2 *entry,
>>> const struct cpuid_reg *cpuid)
>>> {
>>> +#ifdef CONFIG_KVM_CPUID_AUDIT
>>> + WARN_ON_ONCE(entry->function != cpuid->function);
>>> + WARN_ON_ONCE(entry->index != cpuid->index);
>>> +#endif
>>> +
>>> switch (cpuid->reg) {
>>> case CPUID_EAX:
>>> return &entry->eax;
>>
>> Honestly, I was thinking we should BUG_ON() and even in production builds
>> but not everyone around is so rebellious I guess, so
>
> LOL. It's a waste of cycles for something that will "never" be hit, i.e.
> we _really_ dropped the ball if a bug of this natures makes it into a
> kernel release.

There are quite a few WARN_ONs like that already. I'd say each
non-constant-folded call to __cpuid_enty_get_reg is a waste of cycles,
if you're counting them. :)

Paolo

Next message: Vitaly Kuznetsov: "Re: [PATCH 61/61] KVM: x86: Move VMX's host_efer to common x86 code"
Previous message: Joe Lawrence: "Re: [PATCH 0/3] Unexport kallsyms_lookup_name() and kallsyms_on_each_symbol()"
In reply to: Sean Christopherson: "Re: [PATCH 29/61] KVM: x86: Add Kconfig-controlled auditing of reverse CPUID lookups"
Next in thread: Paolo Bonzini: "Re: [PATCH 29/61] KVM: x86: Add Kconfig-controlled auditing of reverse CPUID lookups"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]