> From: Sean Christopherson <seanjc@xxxxxxxxxx> > Sent: Wednesday, December 29, 2021 7:39 AM > > On Wed, Dec 22, 2021, Jing Liu wrote: > > Guest xstate permissions should be set by userspace VMM before vcpu > > creation. Extend KVM_SET_CPUID2 to verify that every feature reported > > in CPUID[0xD] has proper permission set. > > Why? Nothing in the changelog, code, or comments explains why KVM > _needs_ to prevent > userspace from advertising bogus features to the guest. E.g. the virtual > address > width check exists because _KVM_ will do the wrong thing given a width > other than 48 > or 57, and explicity says as much in a comment. Advertising a known bogus feature due to lacking of permission does no good compared to failing it early even before the guest is running. This also avoids tons of complexity at run-time to deal with permission violation (e.g. introducing new kvm exit reason if you tracked the v2 discussion). But yes, we should add a clear comment here. Thanks Kevin
