From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=8iml=DC=vger.kernel.org=linux-kernel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 8EBFBC4727F
	for <linux-kernel@archiver.kernel.org>; Fri, 25 Sep 2020 21:06:18 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 48DF52371F
	for <linux-kernel@archiver.kernel.org>; Fri, 25 Sep 2020 21:06:18 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="eode0v0J"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727901AbgIYVGR (ORCPT
        <rfc822;linux-kernel@archiver.kernel.org>);
        Fri, 25 Sep 2020 17:06:17 -0400
Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:32950 "EHLO
        us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726064AbgIYVGQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 25 Sep 2020 17:06:16 -0400
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1601067975;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         content-transfer-encoding:content-transfer-encoding:
         in-reply-to:in-reply-to:references:references;
        bh=Nph2D9IVfI+xvuD8zFp+f/GwIX9O4qj0XvwXCm0EYyg=;
        b=eode0v0JDaBStoNf9D8IQ0OnSNCRb8Uc/Foqr3IlCZ9i4OIG0+GVAHcVJ88vWX0aajY1ol
        8G1SzWVlgs+DtrUdtF5Fxqe0U3WTieIaR7GqG+igy83VI/zNGsx9JHEOdTTT/q5Z9wh8lb
        vk2UGfGiigeU7ZTvOddvj4FeOE9UlpY=
Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com
 [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-192-w9gZ3gZWOJmYy4DV6Iwizw-1; Fri, 25 Sep 2020 17:06:13 -0400
X-MC-Unique: w9gZ3gZWOJmYy4DV6Iwizw-1
Received: by mail-wm1-f70.google.com with SMTP id t8so125963wmj.6
        for <linux-kernel@vger.kernel.org>; Fri, 25 Sep 2020 14:06:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=Nph2D9IVfI+xvuD8zFp+f/GwIX9O4qj0XvwXCm0EYyg=;
        b=Lh7cVt1y6rL3LcpihSzkNYnm6IIg2ELkSZTvZRnet35PQ3hmSY2SyqssNzV1/8nlHk
         M+haP8ZGugUeWk/Z4gFDjt5oZj8xCXsERY+nrli5mdiFJdPsDO3w9+oaNyeh4RPeU+Rf
         OXwY+On4E+6IxYFYtczwv0Z6FbAXE6MR/wbuk+EwAOk+8O+FgszCfToNRXePcK4/1t8g
         zhPT7TQWPQuWpkMP2tUlObU8kWpPHBoDGd2xWh74+c1uOFXxtgByrg3r/7Y9VnHv7qZN
         XE6++RhVqz5bu98v5rwib9tNTKHHX5yXnc8aOg6+4146yycpP8wKTTH83rnroKOBg9mI
         Jzrw==
X-Gm-Message-State: AOAM533slwgFf5I0gPWvAb100kf2D57RxhTaTWRMEQzExk0xYW6oGZjc
        cfv8Gq8WjgiQ9w9321Ml50lolX6X0QlqpTuMRIBtAOrIn4zBpY18WCbeOrfHaWtfRxuQD6prNkM
        i1LBRWyMBrp2uxSmKOusIRGgr
X-Received: by 2002:adf:f207:: with SMTP id p7mr6889813wro.152.1601067972440;
        Fri, 25 Sep 2020 14:06:12 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw+svzQTyn/sr+1A0KnMYOANfhe1Lyv2OpG+lPc9M4qsZez3YRF08veAZn1ubvdVOTuIczmeg==
X-Received: by 2002:adf:f207:: with SMTP id p7mr6889795wro.152.1601067972235;
        Fri, 25 Sep 2020 14:06:12 -0700 (PDT)
Received: from ?IPv6:2001:b07:6468:f312:ec9b:111a:97e3:4baf? ([2001:b07:6468:f312:ec9b:111a:97e3:4baf])
        by smtp.gmail.com with ESMTPSA id t203sm255701wmg.43.2020.09.25.14.06.10
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 25 Sep 2020 14:06:11 -0700 (PDT)
Subject: Re: [RFC PATCH 3/3] KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs
 that are fatal to the VM
To:     Sean Christopherson <sean.j.christopherson@intel.com>,
        Vitaly Kuznetsov <vkuznets@redhat.com>
Cc:     Wanpeng Li <wanpengli@tencent.com>,
        Jim Mattson <jmattson@google.com>,
        Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Marc Zyngier <maz@kernel.org>,
        James Morse <james.morse@arm.com>,
        Julien Thierry <julien.thierry.kdev@gmail.com>,
        Suzuki K Poulose <suzuki.poulose@arm.com>,
        linux-arm-kernel@lists.infradead.org,
        Huacai Chen <chenhc@lemote.com>,
        Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
        linux-mips@vger.kernel.org, Paul Mackerras <paulus@ozlabs.org>,
        kvm-ppc@vger.kernel.org,
        Christian Borntraeger <borntraeger@de.ibm.com>,
        Janosch Frank <frankja@linux.ibm.com>,
        David Hildenbrand <david@redhat.com>,
        Cornelia Huck <cohuck@redhat.com>,
        Claudio Imbrenda <imbrenda@linux.ibm.com>
References: <20200923224530.17735-1-sean.j.christopherson@intel.com>
 <20200923224530.17735-4-sean.j.christopherson@intel.com>
 <878scze4l5.fsf@vitty.brq.redhat.com> <20200924181134.GB9649@linux.intel.com>
 <87k0wichht.fsf@vitty.brq.redhat.com>
 <20200925171233.GC31528@linux.intel.com>
From:   Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <731dd323-8c66-77ff-cf15-4bbdea34bcf9@redhat.com>
Date:   Fri, 25 Sep 2020 23:06:10 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <20200925171233.GC31528@linux.intel.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 25/09/20 19:12, Sean Christopherson wrote:
>> Do we actually want to prevent *all* ioctls? E.g. when 'vm bugged'
>> condition is triggered userspace may want to extract some information to
>> assist debugging but even things like KVM_GET_[S]REGS will just return
>> -EIO. I'm not sure it is generally safe to enable *everything* (except
>> for KVM_RUN which should definitely be forbidden) so maybe your approach
>> is preferable.
>
> The answer to this probably depends on the answer to the first question of
> when it's appropriate to use KVM_BUG().  E.g. if we limit usage to fatal or
> dangrous cases, then blocking all ioctls() is probably the right thing do do.

I think usage should be limited to dangerous cases, basically WARN_ON
level.  However I agree with Vitaly that KVM_GET_* should be allowed.

The other question is whether to return -EIO or KVM_EXIT_INTERNAL_ERROR.
 The latter is more likely to be handled already by userspace.

Paolo


From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Aci7=DC=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.7 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 25E00C4727F
	for <linux-arm-kernel@archiver.kernel.org>; Fri, 25 Sep 2020 21:07:36 +0000 (UTC)
Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id C03962371F
	for <linux-arm-kernel@archiver.kernel.org>; Fri, 25 Sep 2020 21:07:35 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="29kQS4Wo";
	dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="F12R0nHS"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C03962371F
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding:
	Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:From:
	References:To:Subject:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=NfIjneIROvLj+XP3+wW5FMz3VKjAXhGOK8+d/Eibuw8=; b=29kQS4WoR7CJnQl0pkjCbxht/
	t6xuppMryjXOGBe7TPvmnoB07uQbb4OXfFU1U7yMg6hxsqUlJLwBrgkf11ziyTrw/t6jLQ/Sc2dY3
	Irc98chpnSM4XybL0KHvyU4qDz/R/+OFmxl1rbEd3blF1KCMc4YMFc2GCsdmOo2TzCCon7fqWIAGj
	x5B1HxAMqLLPP9RULYoXhbFbE1ROBbY0u557A7Cwg49T4AiiXSyMAPzFh+q3pebo/HTRM7PN5JZ7o
	PWDF0K+cltxc5axs7bET9GwxEBatYevHEzP2KStTXtC9ygnJxgbk6+MejAPSu5jiP5jPeJruR3o94
	4t5mhtwRA==;
Received: from localhost ([::1] helo=merlin.infradead.org)
	by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux))
	id 1kLuv7-0001ZO-65; Fri, 25 Sep 2020 21:06:21 +0000
Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124])
 by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1kLuv4-0001YM-4k
 for linux-arm-kernel@lists.infradead.org; Fri, 25 Sep 2020 21:06:19 +0000
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1601067977;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=Nph2D9IVfI+xvuD8zFp+f/GwIX9O4qj0XvwXCm0EYyg=;
 b=F12R0nHSdMK31s3AUSmxrufvxo58xMgoFF/2SFzXC+xgZnC2lR1lEYQbMJ/O/+4SZSksnm
 cfYEUIhiHZ2laP5FZu73cdDggRwCNkHVP11iNsiGCDXLbEROsuoomJLLN+QjEp7U0o7rzl
 ytwjZZres2mjoLn2ogo6XWoaYPxLwgU=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-238-_YUchbUSPaSXC1NdmgClOA-1; Fri, 25 Sep 2020 17:06:13 -0400
X-MC-Unique: _YUchbUSPaSXC1NdmgClOA-1
Received: by mail-wr1-f71.google.com with SMTP id h4so1568334wrb.4
 for <linux-arm-kernel@lists.infradead.org>;
 Fri, 25 Sep 2020 14:06:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=Nph2D9IVfI+xvuD8zFp+f/GwIX9O4qj0XvwXCm0EYyg=;
 b=GHZ8lwVCp/y5o/npzFgm+V8YX9p6qtIws1FASdhBgutqxt1J/tL2M6axen4PmHzBCe
 1FadfKZcG9GsP+zV8m53suj3tf2urb+wNxDXGjmGOOIU0tCMF71b5T++IcBtOfWiWi6q
 DA0c6+0lkd8iLXeoCnpOweX4FCsKINWXyayDn33jICEig5DN3ij8HXnjgsjIYG1Haa2q
 St2ut8lzOh32mvS1aTuT6ttW29jMSko/Iy4hS/oh+SvMOFH48X84QQ2bsDp2Mfya+DjF
 tTRGZ+a4K7U7zt4LYpZ4x7tb3ogOrGmmrpT2Lou0gC3TJ8rPOmV+WvodmCC7PRSd7cjW
 9euA==
X-Gm-Message-State: AOAM533E079U7oxuiG7JBJ1nrfdB23srm8Y7O2uS9pbaZ4lIzWF6JqoJ
 blkcC3gCTEdAl3SXhlgAd4KTu05LZt9YoJaDS6oeo5tz4WnCKNCnj77kuaZH9PiZBm1FchO/ZQ3
 8JXGrxp9wkSY0361pjNkl29CQ4s48LFZLW/A=
X-Received: by 2002:adf:f207:: with SMTP id p7mr6889810wro.152.1601067972440; 
 Fri, 25 Sep 2020 14:06:12 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw+svzQTyn/sr+1A0KnMYOANfhe1Lyv2OpG+lPc9M4qsZez3YRF08veAZn1ubvdVOTuIczmeg==
X-Received: by 2002:adf:f207:: with SMTP id p7mr6889795wro.152.1601067972235; 
 Fri, 25 Sep 2020 14:06:12 -0700 (PDT)
Received: from ?IPv6:2001:b07:6468:f312:ec9b:111a:97e3:4baf?
 ([2001:b07:6468:f312:ec9b:111a:97e3:4baf])
 by smtp.gmail.com with ESMTPSA id t203sm255701wmg.43.2020.09.25.14.06.10
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 25 Sep 2020 14:06:11 -0700 (PDT)
Subject: Re: [RFC PATCH 3/3] KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs
 that are fatal to the VM
To: Sean Christopherson <sean.j.christopherson@intel.com>,
 Vitaly Kuznetsov <vkuznets@redhat.com>
References: <20200923224530.17735-1-sean.j.christopherson@intel.com>
 <20200923224530.17735-4-sean.j.christopherson@intel.com>
 <878scze4l5.fsf@vitty.brq.redhat.com> <20200924181134.GB9649@linux.intel.com>
 <87k0wichht.fsf@vitty.brq.redhat.com>
 <20200925171233.GC31528@linux.intel.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <731dd323-8c66-77ff-cf15-4bbdea34bcf9@redhat.com>
Date: Fri, 25 Sep 2020 23:06:10 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <20200925171233.GC31528@linux.intel.com>
Authentication-Results: relay.mimecast.com;
 auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pbonzini@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20200925_170618_252990_FB53CBA4 
X-CRM114-Status: GOOD (  15.02  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Cc: Cornelia Huck <cohuck@redhat.com>, Wanpeng Li <wanpengli@tencent.com>,
 Janosch Frank <frankja@linux.ibm.com>, kvm@vger.kernel.org,
 Suzuki K Poulose <suzuki.poulose@arm.com>, Marc Zyngier <maz@kernel.org>,
 Joerg Roedel <joro@8bytes.org>, David Hildenbrand <david@redhat.com>,
 linux-kernel@vger.kernel.org, kvm-ppc@vger.kernel.org,
 linux-mips@vger.kernel.org, Paul Mackerras <paulus@ozlabs.org>,
 Christian Borntraeger <borntraeger@de.ibm.com>,
 Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>,
 James Morse <james.morse@arm.com>, linux-arm-kernel@lists.infradead.org,
 Huacai Chen <chenhc@lemote.com>, Claudio Imbrenda <imbrenda@linux.ibm.com>,
 Julien Thierry <julien.thierry.kdev@gmail.com>,
 Jim Mattson <jmattson@google.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

On 25/09/20 19:12, Sean Christopherson wrote:
>> Do we actually want to prevent *all* ioctls? E.g. when 'vm bugged'
>> condition is triggered userspace may want to extract some information to
>> assist debugging but even things like KVM_GET_[S]REGS will just return
>> -EIO. I'm not sure it is generally safe to enable *everything* (except
>> for KVM_RUN which should definitely be forbidden) so maybe your approach
>> is preferable.
>
> The answer to this probably depends on the answer to the first question of
> when it's appropriate to use KVM_BUG().  E.g. if we limit usage to fatal or
> dangrous cases, then blocking all ioctls() is probably the right thing do do.

I think usage should be limited to dangerous cases, basically WARN_ON
level.  However I agree with Vitaly that KVM_GET_* should be allowed.

The other question is whether to return -EIO or KVM_EXIT_INTERNAL_ERROR.
 The latter is more likely to be handled already by userspace.

Paolo


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 25 Sep 2020 21:06:10 +0000
Subject: Re: [RFC PATCH 3/3] KVM: x86: Use KVM_BUG/KVM_BUG_ON to handle bugs that are fatal to the VM
Message-Id: <731dd323-8c66-77ff-cf15-4bbdea34bcf9@redhat.com>
List-Id: <kvm-ppc.vger.kernel.org>
References: <20200923224530.17735-1-sean.j.christopherson@intel.com>
 <20200923224530.17735-4-sean.j.christopherson@intel.com>
 <878scze4l5.fsf@vitty.brq.redhat.com> <20200924181134.GB9649@linux.intel.com>
 <87k0wichht.fsf@vitty.brq.redhat.com>
 <20200925171233.GC31528@linux.intel.com>
In-Reply-To: <20200925171233.GC31528@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: Sean Christopherson <sean.j.christopherson@intel.com>, Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Wanpeng Li <wanpengli@tencent.com>, Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Marc Zyngier <maz@kernel.org>, James Morse <james.morse@arm.com>, Julien Thierry <julien.thierry.kdev@gmail.com>, Suzuki K Poulose <suzuki.poulose@arm.com>, linux-arm-kernel@lists.infradead.org, Huacai Chen <chenhc@lemote.com>, Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>, linux-mips@vger.kernel.org, Paul Mackerras <paulus@ozlabs.org>, kvm-ppc@vger.kernel.org, Christian Borntraeger <borntraeger@de.ibm.com>, Janosch Frank <frankja@linux.ibm.com>, David Hildenbrand <david@redhat.com>, Cornelia Huck <cohuck@redhat.com>, Claudio Imbrenda <imbrenda@linux.ibm.com>

On 25/09/20 19:12, Sean Christopherson wrote:
>> Do we actually want to prevent *all* ioctls? E.g. when 'vm bugged'
>> condition is triggered userspace may want to extract some information to
>> assist debugging but even things like KVM_GET_[S]REGS will just return
>> -EIO. I'm not sure it is generally safe to enable *everything* (except
>> for KVM_RUN which should definitely be forbidden) so maybe your approach
>> is preferable.
>
> The answer to this probably depends on the answer to the first question of
> when it's appropriate to use KVM_BUG().  E.g. if we limit usage to fatal or
> dangrous cases, then blocking all ioctls() is probably the right thing do do.

I think usage should be limited to dangerous cases, basically WARN_ON
level.  However I agree with Vitaly that KVM_GET_* should be allowed.

The other question is whether to return -EIO or KVM_EXIT_INTERNAL_ERROR.
 The latter is more likely to be handled already by userspace.

Paolo