Re: [PATCH 2/2] KVM: VMX: Add knob to allow rejecting kvm_intel on inconsistent VMCS config

From: Paolo Bonzini
Date: Thu May 26 2022 - 06:40:08 EST

Next message: Paolo Bonzini: "Re: [PATCH 1/2] KVM: VMX: Sanitize VM-Entry/VM-Exit control pairs at kvm_intel load time"
Previous message: Chengming Zhou: "[PATCH v3 1/2] sched/fair: fix propagate during synchronous attach/detach"
In reply to: Jim Mattson: "Re: [PATCH 2/2] KVM: VMX: Add knob to allow rejecting kvm_intel on inconsistent VMCS config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/25/22 23:04, Sean Christopherson wrote:

Add an off-by-default module param, reject_inconsistent_vmcs_config, to
allow rejecting the load of kvm_intel if an inconsistent VMCS config is
detected. Continuing on with an inconsistent, degraded config is
undesirable when the CPU is expected to support a given set of features,
e.g. can result in a misconfigured VM if userspace doesn't cross-check
KVM_GET_SUPPORTED_CPUID, and/or can result in poor performance due to
lack of fast MSR switching.

Signed-off-by: Sean Christopherson<seanjc@xxxxxxxxxx>
---
arch/x86/kvm/vmx/vmx.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)

Yeah let's do this by default.

Paolo

Next message: Paolo Bonzini: "Re: [PATCH 1/2] KVM: VMX: Sanitize VM-Entry/VM-Exit control pairs at kvm_intel load time"
Previous message: Chengming Zhou: "[PATCH v3 1/2] sched/fair: fix propagate during synchronous attach/detach"
In reply to: Jim Mattson: "Re: [PATCH 2/2] KVM: VMX: Add knob to allow rejecting kvm_intel on inconsistent VMCS config"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]