On Mon, Feb 3, 2020 at 7:21 AM Xiaoyao Li <xiaoyao.li@xxxxxxxxx> wrote: > > Due to the fact that MSR_TEST_CTRL is per-core scope, i.e., the sibling > threads in the same physical CPU core share the same MSR, only > advertising feature split lock detection to guest when SMT is disabled > or unsupported for simplicitly. > > Only when host is sld_off, can guest control the hardware value of > MSR_TEST_CTL, i.e., KVM loads guest's value into hardware when vcpu is > running. > > The vmx->disable_split_lock_detect can be set to true after unhandled > split_lock #AC in guest only when host is sld_warn mode. It's for not > burnning old guest, of course malicous guest can exploit it for DoS > attack. Is this actually worthwhile? This only applies to the host having sld=off or warn and the host having HT off. I suspect that deployments supporting migration will not want to use this, and multi-tenant deployments won't want to use it for SLD-aware guests doe to DoS risk. --Andy
