Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN

From: Paolo Bonzini
Date: Mon Jan 17 2022 - 06:20:39 EST

Next message: Borislav Petkov: "Re: RIP: 0010:radeon_vm_fini+0x15/0x220 [radeon]"
Previous message: Heikki Krogerus: "Re: [Bug][5.17-rc0] Between commits daadb3bd0e8d and 455e73a07f6e, the kernel stops loading on my devices."
In reply to: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Next in thread: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/17/22 10:55, Vitaly Kuznetsov wrote:

No, honestly I was thinking about something much simpler: instead of
forbidding KVM_SET_CPUID{,2} after KVM_RUN completely (what we have now
in 5.16), we only forbid to change certain data which we know breaks
some assumptions in MMU, from the comment:
"
* KVM does not correctly handle changing guest CPUID after KVM_RUN, as
* MAXPHYADDR, GBPAGES support, AMD reserved bit behavior, etc.. aren't
* tracked in kvm_mmu_page_role. As a result, KVM may miss guest page
* faults due to reusing SPs/SPTEs.
"
It seems that CPU hotplug path doesn't need to change these so we don't
need an opt-in/opt-out, we can just forbid changing certain things for
the time being. Alternatively, we can silently ignore such changes but I
don't quite like it because it would mask bugs in VMMs.

I think the version that only allows exactly the same CPUID is the best, as it leaves less room for future bugs.

Paolo

Next message: Borislav Petkov: "Re: RIP: 0010:radeon_vm_fini+0x15/0x220 [radeon]"
Previous message: Heikki Krogerus: "Re: [Bug][5.17-rc0] Between commits daadb3bd0e8d and 455e73a07f6e, the kernel stops loading on my devices."
In reply to: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Next in thread: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]