On 2/27/23 22:40, Borislav Petkov wrote:
On Mon, Feb 27, 2023 at 09:05:24PM +0000, Takahiro Itazuri wrote:
VMMs retrieve supported CPUID features via KVM_GET_SUPPORTED_CPUID to
construct CPUID information to be passed to KVM_SET_CPUID2. Most CPUID
feature bits related to speculative attacks are propagated from host
CPUID. But AMD processors have AMD-specific IBRS related bits in CPUID
Fn8000_0008_EBX (ref: AMD64 Architecture Programmer's Manual Volume 3:
General-Purpose and System Instructions) and some bits are not
propagated to guests.
Enable propagation of these bits to guests, so that VMMs don't have to
enable them explicitly based on host CPUID.
How hard is it for the VMMs to enable them?
Let me rephrase the second paragraph of Takahiro's commit message:
"Tell the VMMs that they can pass the bits to the guests, instead of
having to second-guess that the hypervisor does not have to do anything
to support these bits".
In general, userspace should not second guess the hypervisor. There are
some rare cases in which QEMU (and probably the proprietary hypervisors
at Google and Amazon) does that, but in general you want it to trust
information coming from the kernel. New CPUID bits are quite frequent,
and sometimes also stupidly difficult to get right, so if filtering
CPUID can be done in the kernel you won't have to do the same change N
times in _all_ userspaces that use KVM.
Paolo