On 20.10.20 12:34, Paolo Bonzini wrote:
On 20/10/20 11:48, Alexander Graf wrote:
count: 1,
default_allow: false,
ranges: [
{
flags: KVM_MSR_FILTER_READ,
nmsrs: 1,
base: MSR_EFER,
bitmap: { 1 },
},
],
}
That filter would set all x2apic registers to "deny", but would not be
caught by the code above. Conversely, a range that explicitly allows
x2apic ranges with default_allow=0 would be rejected by this patch.
Yes, but the idea is that x2apic registers are always allowed, even
overriding default_allow, and therefore it makes no sense to have them
in a range. The patch is only making things fail early for userspace,
the policy is defined by Sean's patch.
I don't think we should fail on the following:
{
default_allow: false,
ranges: [
{
flags: KVM_MSR_FILTER_READ,
nmsrs: 4096,
base: 0,
bitmap: { 1, 1, 1, 1, [...] },
},
{
flags: KVM_MSR_FILTER_READ,
nmsrs: 4096,
base: 0xc0000000,
bitmap: { 1, 1, 1, 1, [...] },
},
],
}
as a way to say "everything in normal ranges is allowed, the rest please
deflect". Or even just to set default policies with less ranges.
Or to say it differently: Why can't we just check explicitly after
setting up all filter lists whether x2apic MSRs are *denied*? If so,
clear the filter and return -EINVAL.
That still leaves the case where x2apic is not handled in-kernel, but
I'm perfectly happy to ignore that one as "user space should not care" :).
Alex
Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879