Re: [PATCH v2 4/7] KVM: x86: allow kvm_x86_ops.set_efer to return a value

From: Maxim Levitsky
Date: Thu Aug 27 2020 - 06:23:29 EST

Next message: Marco Elver: "Re: [PATCH] lib: kunit: add list_sort test conversion to KUnit"
Previous message: Matthias Brugger: "Re: [PATCH v4 09/17] arm64: dts: mt8183: add encoder node"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2020-08-20 at 17:43 -0700, Sean Christopherson wrote:
> On Thu, Aug 20, 2020 at 02:43:56PM -0700, Jim Mattson wrote:
> > On Thu, Aug 20, 2020 at 6:34 AM Maxim Levitsky <mlevitsk@xxxxxxxxxx> wrote:
> > > This will be used later to return an error when setting this msr fails.
> > >
> > > For VMX, it already has an error condition when EFER is
> > > not in the shared MSR list, so return an error in this case.
> > >
> > > Signed-off-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
> > > ---
> > > --- a/arch/x86/kvm/x86.c
> > > +++ b/arch/x86/kvm/x86.c
> > > @@ -1471,7 +1471,8 @@ static int set_efer(struct kvm_vcpu *vcpu, struct msr_data *msr_info)
> > > efer &= ~EFER_LMA;
> > > efer |= vcpu->arch.efer & EFER_LMA;
> > >
> > > - kvm_x86_ops.set_efer(vcpu, efer);
> > > + if (kvm_x86_ops.set_efer(vcpu, efer))
> > > + return 1;
> >
> > This seems like a userspace ABI change to me. Previously, it looks
> > like userspace could always use KVM_SET_MSRS to set MSR_EFER to 0 or
> > EFER_SCE, and it would always succeed. Now, it looks like it will fail
> > on CPUs that don't support EFER in hardware. (Perhaps it should fail,
> > but it didn't before, AFAICT.)
>
> KVM emulates SYSCALL, presumably that also works when EFER doesn't exist in
> hardware.

This is a fair point.
How about checking the return value only when '!msr_info->host_initiated' in set_efer?

This way userspace initiated EFER write will work as it did before,
but guest initiated write will fail
(and set_efer already checks and fails for many cases)

I also digged a bit around the failure check in VMX, the 'find_msr_entry(vmx, MSR_EFER);'
This one if I am not mistaken will only fail when host doesn't support EFER.
I don't mind ignoring this error as well as it was before.

>
> The above also adds weirdness to nested VMX as vmx_set_efer() simply can't
> fail.
It will now fail on non 64 bit Intel CPUs that support VMX. I do think that
we had these for a while. As I said I'll return 0 when find_msr_entry fails,
thus return this behavior as it was on Intel.

Best regards,
Maxim Levitsky

Next message: Marco Elver: "Re: [PATCH] lib: kunit: add list_sort test conversion to KUnit"
Previous message: Matthias Brugger: "Re: [PATCH v4 09/17] arm64: dts: mt8183: add encoder node"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]