On Wed, May 27, 2020 at 10:39:33AM +0200, Vitaly Kuznetsov wrote:
> Sean Christopherson <sean.j.christopherson@xxxxxxxxx> writes:
>
> > On Mon, May 25, 2020 at 06:15:25PM +0300, Kirill A. Shutemov wrote:
> >> On Mon, May 25, 2020 at 04:58:51PM +0200, Vitaly Kuznetsov wrote:
> >> > > @@ -727,6 +734,15 @@ static void __init kvm_init_platform(void)
> >> > > {
> >> > > kvmclock_init();
> >> > > x86_platform.apic_post_init = kvm_apic_init;
> >> > > +
> >> > > + if (kvm_para_has_feature(KVM_FEATURE_MEM_PROTECTED)) {
> >> > > + if (kvm_hypercall0(KVM_HC_ENABLE_MEM_PROTECTED)) {
> >> > > + pr_err("Failed to enable KVM memory protection\n");
> >> > > + return;
> >> > > + }
> >> > > +
> >> > > + mem_protected = true;
> >> > > + }
> >> > > }
> >> >
> >> > Personally, I'd prefer to do this via setting a bit in a KVM-specific
> >> > MSR instead. The benefit is that the guest doesn't need to remember if
> >> > it enabled the feature or not, it can always read the config msr. May
> >> > come handy for e.g. kexec/kdump.
> >>
> >> I think we would need to remember it anyway. Accessing MSR is somewhat
> >> expensive. But, okay, I can rework it MSR if needed.
> >
> > I think Vitaly is talking about the case where the kernel can't easily get
> > at its cached state, e.g. after booting into a new kernel. The kernel would
> > still have an X86_FEATURE bit or whatever, providing a virtual MSR would be
> > purely for rare slow paths.
> >
> > That being said, a hypercall plus CPUID bit might be better, e.g. that'd
> > allow the guest to query the state without risking a #GP.
>
> We have rdmsr_safe() for that! :-) MSR (and hypercall to that matter)
> should have an associated CPUID feature bit of course.
rdmsr_safe() won't fly in early boot, e.g. verify_cpu. It probably doesn't
matter for late enabling, but it might save some headache if there's ever a
handoff from vBIOS.
> Yes, hypercall + CPUID would do but normally we treat CPUID data as
> static and in this case we'll make it a dynamically flipping
There are multiple examples of dynamic CPUID, e.g. MWAIT and OSPKE.
> bit. Especially if we introduce 'KVM_HC_DISABLE_MEM_PROTECTED' later.
>
> >
> >> Note, that we can avoid the enabling algother, if we modify BIOS to deal
> >> with private/shared memory. Currently BIOS get system crash if we enable
> >> the feature from time zero.
> >
> > Which would mesh better with a CPUID feature bit.
> >
>
> And maybe even help us to resolve 'reboot' problem.
>
> --
> Vitaly
>
