Re: [PATCH v7 7/8] KVM: x86: Allow userspace set maximum VCPU id for VM

From: Sean Christopherson
Date: Mon Apr 04 2022 - 18:08:55 EST

Next message: Krzysztof Kozlowski: "Re: (subset) [PATCH v3 8/8] ARM: dts: exynos: remove deprecated unit address for LPDDR3 timings on Odroid"
Previous message: Krzysztof Kozlowski: "Re: (subset) [PATCH V2 1/2] dt-bindings: memory: snps,ddrc-3.80a compatible also need interrupts"
In reply to: Zeng Guang: "Re: [PATCH v7 7/8] KVM: x86: Allow userspace set maximum VCPU id for VM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Apr 03, 2022, Zeng Guang wrote:
>
> On 4/1/2022 10:01 AM, Sean Christopherson wrote:
> > Amusingly, I think we also need a capability to enumerate that KVM_CAP_MAX_VCPU_ID
> > is writable.
>
> IIUC, KVM_CAP_* has intrinsic writable attribute. KVM will return invalid
> If not implemented.

Yes, but forcing userspace to do a dummy write to detect support is rather ugly.
I'm not totally opposed to it. Probably a Paolo question.

Paolo?

> > > + if (cap->args[0] <= KVM_MAX_VCPU_IDS) {
> > > + kvm->arch.max_vcpu_id = cap->args[0];
> > This needs to be rejected if kvm->created_vcpus > 0, and that check needs to be
> > done under kvm_lock, otherwise userspace can bump the max ID after KVM allocates
> > per-VM structures and trigger buffer overflow.
>
> Is it necessary to use kvm_lock ? Seems no use case to call it from multi-threads.

There's no sane use case, but userspace is untrusted, i.e. KVM can't assume that
userspace will do the right/desired thing.

Next message: Krzysztof Kozlowski: "Re: (subset) [PATCH v3 8/8] ARM: dts: exynos: remove deprecated unit address for LPDDR3 timings on Odroid"
Previous message: Krzysztof Kozlowski: "Re: (subset) [PATCH V2 1/2] dt-bindings: memory: snps,ddrc-3.80a compatible also need interrupts"
In reply to: Zeng Guang: "Re: [PATCH v7 7/8] KVM: x86: Allow userspace set maximum VCPU id for VM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]