Re: [PATCH 2/2] Documentation/x86: Explain guest XSTATE permission control

From: Chang S. Bae
Date: Thu Jun 23 2022 - 19:55:51 EST

Next message: Steven Rostedt: "Re: [RFC][PATCH] ftrace,objtool: PC32 based __mcount_loc"
Previous message: Sean Christopherson: "Re: [PATCH v7 19/23] KVM: x86/mmu: Zap collapsible SPTEs in shadow MMU at all possible levels"
In reply to: Dave Hansen: "Re: [PATCH 2/2] Documentation/x86: Explain guest XSTATE permission control"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/16/2022 3:49 PM, Dave Hansen wrote:

On 6/16/22 14:22, Chang S. Bae wrote:

+In addition, a couple of extended options are provided for a VCPU thread.
+The VCPU XSTATE permission is separately controlled.
+
+-ARCH_GET_XCOMP_GUEST_PERM
+
+ arch_prctl(ARCH_GET_XCOMP_GUEST_PERM, &features);
+
+ ARCH_GET_XCOMP_GUEST_PERM is a variant of ARCH_GET_XCOMP_PERM. So it
+ provides the same semantics and functionality but for VCPU.

This touches on the "what", but not the "why". Could you explain in
here both why this is needed and why an app might want to use it?

[ while studying on this a bit further, found a few things here ]

They (ARCH_{REQ|GET}_XCOMP_GUEST_PERM) provide a userspace VMM to request & check guest permission.

In general, KVM looks to have an API as a set of ioctls [1]. A guest VMM uses KVM_GET_DEVICE_ATTR::KVM_X86_XCOMP_GUEST_SUPP to query the available features [2][3]. ARCH_GET_XCOMP_SUPP is not usable here because KVM wants to control those exposed features [4] (via KVM_SUPPORTED_XCR0).

But oddly this mask does not appear to be actively referenced by those two arch_prctl options. I can see this ioctl attribute is currently disconnected from these arch_prctl options.

Also I failed to find the documentation about this KVM_X86_XCOMP_GUEST_SUPP interface:

$ git grep KVM_X86_XCOMP_GUEST_SUPP ./Documentation/
$

I guess people will be confused with having these two options only. I think documenting this has to come along with these missing pieces (and potential fix). So I'm inclined to drop this one at the moment.

Thanks,
Chang

[1] https://kernel.org/doc/html/latest/virt/kvm/index.html
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/testing/selftests/kvm/lib/x86_64/processor.c#n641
[3] https://github.com/qemu/qemu/blob/58b53669e87fed0d70903e05cd42079fbbdbc195/target/i386/kvm/kvm.c#L428
[4] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/arch/x86/kvm/x86.c#n9008

Next message: Steven Rostedt: "Re: [RFC][PATCH] ftrace,objtool: PC32 based __mcount_loc"
Previous message: Sean Christopherson: "Re: [PATCH v7 19/23] KVM: x86/mmu: Zap collapsible SPTEs in shadow MMU at all possible levels"
In reply to: Dave Hansen: "Re: [PATCH 2/2] Documentation/x86: Explain guest XSTATE permission control"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]