Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN

From: Vitaly Kuznetsov
Date: Wed Jan 12 2022 - 08:58:29 EST

Next message: Justin Forbes: "Re: [PATCH] lib/crypto: add prompts back to crypto libraries"
Previous message: Sameer Pujar: "[PATCH] reset: tegra-bpmp: Restore Handle errors in BPMP response"
In reply to: Igor Mammedov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Next in thread: Paolo Bonzini: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Igor Mammedov <imammedo@xxxxxxxxxx> writes:

> On Fri, 7 Jan 2022 19:15:43 +0100
> Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
>
>> On 1/7/22 10:02, Vitaly Kuznetsov wrote:
>> >
>> > I'm again leaning towards an allowlist and currently I see only two
>> > candidates:
>> >
>> > CPUID.01H.EBX bits 31:24 (initial LAPIC id)
>> > CPUID.0BH.EDX (x2APIC id)
>> >
>> > Anything else I'm missing?
>>
>> I would also ignore completely CPUID leaves 03H, 04H, 0BH, 80000005h,
>> 80000006h, 8000001Dh, 8000001Eh (cache and processor topology), just to
>> err on the safe side.
>
> on top of that,
>
> 1Fh
>

The implementation turned out to be a bit more complex as kvm also
mangles CPUIDs so we need to account for that. Could you give the
attached series a spin to see if it works?

--
Vitaly

Next message: Justin Forbes: "Re: [PATCH] lib/crypto: add prompts back to crypto libraries"
Previous message: Sameer Pujar: "[PATCH] reset: tegra-bpmp: Restore Handle errors in BPMP response"
In reply to: Igor Mammedov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Next in thread: Paolo Bonzini: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]