Re: [PATCH 0/2] KVM: x86: Propagate AMD-specific IBRS bits to guests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2/27/23 22:40, Borislav Petkov wrote:
On Mon, Feb 27, 2023 at 09:05:24PM +0000, Takahiro Itazuri wrote:
VMMs retrieve supported CPUID features via KVM_GET_SUPPORTED_CPUID to
construct CPUID information to be passed to KVM_SET_CPUID2. Most CPUID
feature bits related to speculative attacks are propagated from host
CPUID. But AMD processors have AMD-specific IBRS related bits in CPUID
Fn8000_0008_EBX (ref: AMD64 Architecture Programmer's Manual Volume 3:
General-Purpose and System Instructions) and some bits are not
propagated to guests.

Enable propagation of these bits to guests, so that VMMs don't have to
enable them explicitly based on host CPUID.

How hard is it for the VMMs to enable them?

Let me rephrase the second paragraph of Takahiro's commit message:

"Tell the VMMs that they can pass the bits to the guests, instead of having to second-guess that the hypervisor does not have to do anything to support these bits".

In general, userspace should not second guess the hypervisor. There are some rare cases in which QEMU (and probably the proprietary hypervisors at Google and Amazon) does that, but in general you want it to trust information coming from the kernel. New CPUID bits are quite frequent, and sometimes also stupidly difficult to get right, so if filtering CPUID can be done in the kernel you won't have to do the same change N times in _all_ userspaces that use KVM.

Paolo




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux