On Tue, Nov 10, 2020 at 11:40:34AM +0100, Paolo Bonzini wrote: > However, f/m/s mean nothing when running virtualized. First, trying to > derive any non-architectural property from the f/m/s is going to fail. > Second, even the host can be anything as long as it's newer than the f/m/s > that the VM reports (i.e. you can get a Sandy Bridge model and model name > even if running on Skylake). Yah, that's why I said "then comes virt and throws all assumptions out." > See above: how can the hypervisor know a safe value for all MSRs, possibly > including the undocumented ones? Not all - just the ones which belong to a model. I was thinking of having a mapping between f/m/s and a list of MSRs which those models have - even non-architectural ones - but that's a waste of energy. Why? Because using the *msr_safe() variants will give you the same thing without doing any of the MSR lists in KVM and any of that jumping thru hoops. Which means, the kernel MSR accessors should be doing _safe(), i.e., exception handling, by default. And the non-safe ones - rdmsrl, wrmsrl, etc, should all be used only in very seldom cases. Hmm, yeah, that would probably solve this class of problems once and for all. > If it makes sense to emulate certain non-architectural MSRs we can add them. See above - probably not worth the effort. I'll take a look at how ugly it would become to make the majority of MSR accesses safe. Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette