On Tue, Feb 25, 2020 at 01:08:43PM -0800, Sean Christopherson wrote: > On Tue, Feb 25, 2020 at 04:18:12PM +0100, Paolo Bonzini wrote: > > On 01/02/20 19:52, Sean Christopherson wrote: > > > +#ifdef CONFIG_KVM_CPUID_AUDIT > > > + /* Entry needs to be fully populated when auditing is enabled. */ > > > + entry.function = cpuid.function; > > > + entry.index = cpuid.index; > > > +#endif > > > > This shows that the audit case is prone to bitrot, which is good reason > > to enable it by default. > > I have no argument against that, especially since I missed this case during > development and only caught it when running on a different system that I > had happened to configure with CONFIG_KVM_CPUID_AUDIT=y. :-) I ended up dropping the audit code altogether. The uops overhead wasn't bad, but the code bloat was pretty rough, ~16 bytes per instance. The final nail in the coffin was that the auditing would trigger false positives if userspace configured CPUID leafs with a non-signficant index to have a non-zero index, e.g. is_matching_cpuid_entry() ignores the index if KVM_CPUID_FLAG_SIGNIFCANT_INDEX isn't set.
