Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V

From: Paolo Bonzini
Date: Tue Jun 14 2022 - 13:29:23 EST

Next message: Shuah Khan: "Re: [PATCH] userfaultfd/selftests: Fix typo in comment"
Previous message: Catalin Marinas: "Re: [PATCH 3/3] mm/kmemleak: Prevent soft lockup in first object iteration loop of kmemleak_scan()"
In reply to: Anirudh Rayabharam: "Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V"
Next in thread: Anirudh Rayabharam: "Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/14/22 17:13, Anirudh Rayabharam wrote:

Sanitize at the end might not work because I see some cases in
nested_vmx_setup_ctls_msrs() where we want to expose some things to L1
even though the hardware doesn't support it.

Yes, but these will never include eVMCS-unsupported features.

How are you so sure?

For example, SECONDARY_EXEC_SHADOW_VMCS is unsupported in eVMCS but in
nested_vmx_setup_ctls_msrs() we do:

6675 /*
6676 * We can emulate "VMCS shadowing," even if the hardware
6677 * doesn't support it.
6678 */
6679 msrs->secondary_ctls_high |=
6680 SECONDARY_EXEC_SHADOW_VMCS;

If we sanitize this out it might cause some regression right?

Yes, you're right, shadow VMCS is special: it is not supported by enlightened VMCS, but it is emulated rather than virtualized. Therefore, if L1 does not use the enlightened VMCS, it can indeed use shadow VMCS.

Paolo

Next message: Shuah Khan: "Re: [PATCH] userfaultfd/selftests: Fix typo in comment"
Previous message: Catalin Marinas: "Re: [PATCH 3/3] mm/kmemleak: Prevent soft lockup in first object iteration loop of kmemleak_scan()"
In reply to: Anirudh Rayabharam: "Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V"
Next in thread: Anirudh Rayabharam: "Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]