Re: [RFC PATCH v2 24/69] KVM: x86: Introduce "protected guest" concept and block disallowed ioctls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/9/21 14:37, Xiaoyao Li wrote:

Tom,

I think what you did in this commit is not so correct. It just silently ignores the ioctls insteaf of returning an error to userspace to tell this IOCTL is not invalid to this VM. E.g., for kvm_arch_vcpu_ioctl_get_fpu(), QEMU just gets it succesful with fpu being all zeros.

Yes, it's a "cop out" that removes the need for more complex changes in QEMU.

I think for the get/set registers ioctls KVM_GET/SET_{REGS,SREGS,FPU,XSAVE,XCRS} we need to consider SEV-ES backwards compatibility. This means, at least for now, only apply the restriction to TDX (using a bool-returning function, see the review for 28/69).

For SMM, MCE, vCPU events and for kvm_valid/dirty_regs, it can be done as in this patch.

Paolo




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux