On Mon, Jan 10, 2022, Like Xu wrote: > From: Like Xu <likexu@xxxxxxxxxxx> > > Some of the new Intel PT capabilities (e.g. SDM Vol3, 32.2.4 Event > Tracing, it exposes details about the asynchronous events, when they are > generated, and when their corresponding software event handler completes > execution) cannot be safely and fully emulated by the KVM, especially > emulating the simultaneous writing of guest PT packets generated by > the KVM to the guest PT buffer. > > For KVM, it's better to advertise currently supported features based on > the "static struct pt_cap_desc" implemented in the host PT driver and > ignore _all_ unknown features before they have been investigated one by > one and supported in a safe manner, leaving the rest as system-wide-only > tracing capabilities. > > Suggested-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> > Signed-off-by: Like Xu <likexu@xxxxxxxxxxx> > --- > v1 -> v2 Changelog: > - Be safe and ignore _all_ unknown capabilities. (Paolo) > > Previous: > https://lore.kernel.org/kvm/20220106085533.84356-1-likexu@xxxxxxxxxxx/ > > arch/x86/kvm/cpuid.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c > index 0b920e12bb6d..439b93359848 100644 > --- a/arch/x86/kvm/cpuid.c > +++ b/arch/x86/kvm/cpuid.c > @@ -901,6 +901,8 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function) > break; > } > > + /* It's better to be safe and ignore _all_ unknown capabilities. */ No need to justify why unknown capabilities are hidden as that's very much (supposed to be) standard KVM behavior. > + entry->ebx &= GENMASK(5, 0); Please add a #define somewhere so that this is self-documenting, e.g. see KVM_SUPPORTED_XCR0. And why just EBX? ECX appears to enumerate features too, and EDX is presumably reserved to enumerate yet more features when EBX/ECX run out of bits. And is there any possibility of a malicious user/guest using features to cause problems in the host? I.e. does KVM need to enforce that the guest can't enable any unsupported features? > for (i = 1, max_idx = entry->eax; i <= max_idx; ++i) { > if (!do_host_cpuid(array, function, i)) > goto out; > -- > 2.33.1 >
