Re: [PATCH v4 0/3] Allow user space to restrict and augment MSR emulation

From: Graf (AWS), Alexander
Date: Wed Aug 19 2020 - 17:46:35 EST

Next message: kernel test robot: "Re: [PATCH] PCI: Add pci_iounmap"
Previous message: Keith Busch: "Re: [PATCH 2/2] nvme: add emulation for zone-append"
In reply to: Jim Mattson: "Re: [PATCH v4 0/3] Allow user space to restrict and augment MSR emulation"
Next in thread: Jim Mattson: "Re: [PATCH v4 0/3] Allow user space to restrict and augment MSR emulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Am 19.08.2020 um 23:27 schrieb Jim Mattson <jmattson@xxxxxxxxxx>:
>
>> On Mon, Aug 3, 2020 at 2:14 PM Alexander Graf <graf@xxxxxxxxxx> wrote:
>>
>> While tying to add support for the MSR_CORE_THREAD_COUNT MSR in KVM,
>> I realized that we were still in a world where user space has no control
>> over what happens with MSR emulation in KVM.
>>
>> That is bad for multiple reasons. In my case, I wanted to emulate the
>> MSR in user space, because it's a CPU specific register that does not
>> exist on older CPUs and that really only contains informational data that
>> is on the package level, so it's a natural fit for user space to provide
>> it.
>>
>> However, it is also bad on a platform compatibility level. Currrently,
>> KVM has no way to expose different MSRs based on the selected target CPU
>> type.
>>
>> This patch set introduces a way for user space to indicate to KVM which
>> MSRs should be handled in kernel space. With that, we can solve part of
>> the platform compatibility story. Or at least we can not handle AMD specific
>> MSRs on an Intel platform and vice versa.
>>
>> In addition, it introduces a way for user space to get into the loop
>> when an MSR access would generate a #GP fault, such as when KVM finds an
>> MSR that is not handled by the in-kernel MSR emulation or when the guest
>> is trying to access reserved registers.
>>
>> In combination with the allow list, the user space trapping allows us
>> to emulate arbitrary MSRs in user space, paving the way for target CPU
>> specific MSR implementations from user space.
>
> This is somewhat misleading. If you don't modify the MSR permission
> bitmaps, as Aaron has done, you cannot emulate *arbitrary* MSRs in
> userspace. You can only emulate MSRs that kvm is going to intercept.
> Moreover, since the set of intercepted MSRs evolves over time, this
> isn't a stable API.

Yeah, I wrote up a patch today to do the passthrough bitmap masking dynamically, partly based on Aaron's patches. I have not verified it yet though and will need to clean up SVM as well. I'll see how far I get with it for the rest of the week.

Special MSRs like EFER also irritate me a bit. We can't really trap on them - most code paths just know they're handled in kernel. Maybe I'll add some sanity checks as well...

Alex

Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879

Next message: kernel test robot: "Re: [PATCH] PCI: Add pci_iounmap"
Previous message: Keith Busch: "Re: [PATCH 2/2] nvme: add emulation for zone-append"
In reply to: Jim Mattson: "Re: [PATCH v4 0/3] Allow user space to restrict and augment MSR emulation"
Next in thread: Jim Mattson: "Re: [PATCH v4 0/3] Allow user space to restrict and augment MSR emulation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]