From: Sean Christopherson <seanjc@google.com>
To: "Yang, Weijiang" <weijiang.yang@intel.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Peter Zijlstra <peterz@infradead.org>,
x86@kernel.org, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, rick.p.edgecombe@intel.com
Subject: Re: [PATCH 00/19] Refresh queued CET virtualization series
Date: Thu, 14 Jul 2022 19:36:36 +0000 [thread overview]
Message-ID: <YtBwRIiZi262hHiE@google.com> (raw)
In-Reply-To: <2855f8a9-1f77-0265-f02c-b7d584bd8990@intel.com>
On Sat, Jun 18, 2022, Yang, Weijiang wrote:
>
> On 6/16/2022 11:28 PM, Paolo Bonzini wrote:
> > If you build with !X86_KERNEL_IBT, KVM can still rely on the FPU state
> > for U_CET state, and S_CET is saved/restored via the VMCS independent of
> > X86_KERNEL_IBT.
>
> A fundamental question is, should KVM always honor host CET enablement
> before expose the feature to guest? i.e., check X86_KERNEL_IBT and
> X86_SHADOW_STACK.
If there is a legitimate use case to NOT require host enablement and it's 100%
safe to do so (within requiring hacks to the core kernel), then there's no hard
requirement that says KVM can't virtualize a feature that's not used by the host.
It's definitely uncommon; unless I'm forgetting features, LA57 is the only feature
that KVM fully virtualizes (as opposed to emulates in software) without requiring
host enablement. Ah, and good ol' MPX, which is probably the best prior are since
it shares the same XSAVE+VMCS for user+supervisor state management. So more than
one, but still not very many.
But, requiring host "support" is the de facto standard largely because features
tend to fall into one of three categories:
1. The feature is always available, i.e. doesn't have a software enable/disable
flag.
2. The feature isn't explicitly disabled in cpufeatures / x86_capability even
if it's not used by the host. E.g. MONITOR/MWAIT comes to mind where the
host can be configured to not use MWAIT for idle, but it's still reported
as supported (and for that case, KVM does have to explicitly guard against
X86_BUG_MONITOR).
3. Require some amount of host support, e.g. exposing XSAVE without the kernel
knowing how to save/restore all that state wouldn't end well.
In other words, virtualizing a feature if it's disabled in the host is allowed,
but it's rare because there just aren't many features where doing so is possible
_and_ necessary.
next prev parent reply other threads:[~2022-07-14 19:36 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-16 8:46 [PATCH 00/19] Refresh queued CET virtualization series Yang Weijiang
2022-06-16 8:46 ` [PATCH 01/19] x86/cet/shstk: Add Kconfig option for Shadow Stack Yang Weijiang
2022-06-16 8:46 ` [PATCH 02/19] x86/cpufeatures: Add CPU feature flags for shadow stacks Yang Weijiang
2022-06-16 8:46 ` [PATCH 03/19] x86/cpufeatures: Enable CET CR4 bit for shadow stack Yang Weijiang
2022-06-16 10:24 ` Peter Zijlstra
2022-06-16 17:12 ` Edgecombe, Rick P
2022-06-17 11:38 ` Peter Zijlstra
2022-06-17 21:18 ` Edgecombe, Rick P
2022-06-17 21:18 ` Edgecombe, Rick P
2022-06-16 10:25 ` Peter Zijlstra
2022-06-16 17:36 ` Edgecombe, Rick P
2022-06-16 8:46 ` [PATCH 04/19] x86/fpu/xstate: Introduce CET MSR and XSAVES supervisor states Yang Weijiang
2022-06-16 10:27 ` Peter Zijlstra
2022-06-16 17:12 ` Edgecombe, Rick P
2022-06-16 8:46 ` [PATCH 05/19] x86/fpu: Add helper for modifying xstate Yang Weijiang
2022-06-16 8:46 ` [PATCH 06/19] KVM: x86: Report XSS as an MSR to be saved if there are supported features Yang Weijiang
2022-06-16 8:46 ` [PATCH 07/19] KVM: x86: Refresh CPUID on writes to MSR_IA32_XSS Yang Weijiang
2022-06-16 8:46 ` [PATCH 08/19] KVM: x86: Load guest fpu state when accessing MSRs managed by XSAVES Yang Weijiang
2022-06-16 8:46 ` [PATCH 09/19] KVM: x86: Add #CP support in guest exception classification Yang Weijiang
2022-06-16 8:46 ` [PATCH 10/19] KVM: VMX: Introduce CET VMCS fields and flags Yang Weijiang
2022-06-16 8:46 ` [PATCH 11/19] KVM: x86: Add fault checks for CR4.CET Yang Weijiang
2022-06-16 8:46 ` [PATCH 12/19] KVM: VMX: Emulate reads and writes to CET MSRs Yang Weijiang
2022-06-16 8:46 ` [PATCH 13/19] KVM: VMX: Add a synthetic MSR to allow userspace VMM to access GUEST_SSP Yang Weijiang
2022-06-16 8:46 ` [PATCH 14/19] KVM: x86: Report CET MSRs as to-be-saved if CET is supported Yang Weijiang
2022-06-16 8:46 ` [PATCH 15/19] KVM: x86: Save/Restore GUEST_SSP to/from SMM state save area Yang Weijiang
2022-06-16 8:46 ` [PATCH 16/19] KVM: x86: Enable CET virtualization for VMX and advertise CET to userspace Yang Weijiang
2022-06-16 10:59 ` Peter Zijlstra
2022-06-16 15:27 ` Yang, Weijiang
2022-06-25 6:55 ` Yang, Weijiang
2022-06-16 8:46 ` [PATCH 17/19] KVM: VMX: Pass through CET MSRs to the guest when supported Yang Weijiang
2022-06-16 8:46 ` [PATCH 18/19] KVM: nVMX: Enable CET support for nested VMX Yang Weijiang
2022-06-16 8:46 ` [PATCH 19/19] KVM: x86: Enable supervisor IBT support for guest Yang Weijiang
2022-06-16 11:05 ` Peter Zijlstra
2022-06-16 11:19 ` Peter Zijlstra
2022-06-16 15:56 ` Yang, Weijiang
2022-06-16 9:10 ` [PATCH 00/19] Refresh queued CET virtualization series Christoph Hellwig
2022-06-16 11:25 ` Peter Zijlstra
2022-06-16 10:12 ` Peter Zijlstra
2022-06-16 10:21 ` Paolo Bonzini
2022-06-16 14:18 ` Peter Zijlstra
2022-06-16 15:06 ` Yang, Weijiang
2022-06-16 15:28 ` Paolo Bonzini
2022-06-18 6:43 ` Yang, Weijiang
2022-07-14 19:36 ` Sean Christopherson [this message]
2022-07-15 15:04 ` Yang, Weijiang
2022-07-15 15:58 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YtBwRIiZi262hHiE@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.