Re: [PATCH 2/2] Documentation/x86: Explain guest XSTATE permission control

From: Chang S. Bae
Date: Tue Aug 23 2022 - 19:34:38 EST


On 6/23/2022 4:55 PM, Chang S. Bae wrote:
On 6/16/2022 3:49 PM, Dave Hansen wrote:

This touches on the "what", but not the "why".  Could you explain in
here both why this is needed and why an app might want to use it?

[ while studying on this a bit further, found a few things here ]

They (ARCH_{REQ|GET}_XCOMP_GUEST_PERM) provide a userspace VMM to request & check guest permission.

In general, KVM looks to have an API as a set of ioctls [1]. A guest VMM uses KVM_GET_DEVICE_ATTR::KVM_X86_XCOMP_GUEST_SUPP to query the available features [2][3]. ARCH_GET_XCOMP_SUPP is not usable here because KVM wants to control those exposed features [4] (via KVM_SUPPORTED_XCR0).

But oddly this mask does not appear to be actively referenced by those two arch_prctl options. I can see this ioctl attribute is currently disconnected from these arch_prctl options.

Also I failed to find the documentation about this KVM_X86_XCOMP_GUEST_SUPP interface:

    $ git grep KVM_X86_XCOMP_GUEST_SUPP ./Documentation/
    $

I guess people will be confused with having these two options only. I think documenting this has to come along with these missing pieces (and potential fix). So I'm inclined to drop this one at the moment.

Posted this series as following up this:

https://lore.kernel.org/lkml/20220823231402.7839-1-chang.seok.bae@xxxxxxxxx/

Thanks,
Chang