kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* A question about INVPCID without PCID
@ 2019-10-01 19:48 Jim Mattson
  2019-10-03 15:37 ` Paolo Bonzini
  0 siblings, 1 reply; 4+ messages in thread
From: Jim Mattson @ 2019-10-01 19:48 UTC (permalink / raw)
  To: kvm list

Does anyone know why kvm disallows enumerating INVPCID in the guest
CPUID when PCID is not enumerated? There are many far more nonsensical
CPUID combinations that kvm does allow, such as AVX512F without XSAVE,
or even PCID without LM. Why is INVPCID without PCID of paramount
concern?

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: A question about INVPCID without PCID
  2019-10-01 19:48 A question about INVPCID without PCID Jim Mattson
@ 2019-10-03 15:37 ` Paolo Bonzini
  2019-10-03 16:19   ` Jim Mattson
  0 siblings, 1 reply; 4+ messages in thread
From: Paolo Bonzini @ 2019-10-03 15:37 UTC (permalink / raw)
  To: Jim Mattson, kvm list

On 01/10/19 21:48, Jim Mattson wrote:
> Does anyone know why kvm disallows enumerating INVPCID in the guest
> CPUID when PCID is not enumerated? There are many far more nonsensical
> CPUID combinations that kvm does allow, such as AVX512F without XSAVE,
> or even PCID without LM. Why is INVPCID without PCID of paramount
> concern?
> 

I guess you're looking at this code:

                /* Exposing INVPCID only when PCID is exposed */
                bool invpcid_enabled =
                        guest_cpuid_has(vcpu, X86_FEATURE_INVPCID) &&
                        guest_cpuid_has(vcpu, X86_FEATURE_PCID);

The INVPCID instruction will be disabled if !PCID && INVPCID, but it
doesn't really disallow *enumerating* INVPCID.  There is no particular
reason for that, it was done like that originally ("KVM: VMX: Implement
PCID/INVPCID for guests with EPT") and kept this way.

With !PCID && INVPCID you could use PCID=0 operations as a fancy INVLPG,
I suppose, but it is probably uninteresting enough that no one bothered
changing it.

Paolo


^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: A question about INVPCID without PCID
  2019-10-03 15:37 ` Paolo Bonzini
@ 2019-10-03 16:19   ` Jim Mattson
  2019-10-03 16:52     ` Paolo Bonzini
  0 siblings, 1 reply; 4+ messages in thread
From: Jim Mattson @ 2019-10-03 16:19 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: kvm list

On Thu, Oct 3, 2019 at 8:37 AM Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> On 01/10/19 21:48, Jim Mattson wrote:
> > Does anyone know why kvm disallows enumerating INVPCID in the guest
> > CPUID when PCID is not enumerated? There are many far more nonsensical
> > CPUID combinations that kvm does allow, such as AVX512F without XSAVE,
> > or even PCID without LM. Why is INVPCID without PCID of paramount
> > concern?
> >
>
> I guess you're looking at this code:
>
>                 /* Exposing INVPCID only when PCID is exposed */
>                 bool invpcid_enabled =
>                         guest_cpuid_has(vcpu, X86_FEATURE_INVPCID) &&
>                         guest_cpuid_has(vcpu, X86_FEATURE_PCID);
>
> The INVPCID instruction will be disabled if !PCID && INVPCID, but it
> doesn't really disallow *enumerating* INVPCID.  There is no particular
> reason for that, it was done like that originally ("KVM: VMX: Implement
> PCID/INVPCID for guests with EPT") and kept this way.
>
> With !PCID && INVPCID you could use PCID=0 operations as a fancy INVLPG,
> I suppose, but it is probably uninteresting enough that no one bothered
> changing it.
>
> Paolo

I was actually looking at the code a few lines lower:

if (!invpcid_enabled) {
        exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID;
        guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID);
}

The call to guest_cpuid_clear *does* disallow enumerating INVPCID if
PCID isn't also enumerated. I'm just wondering why we bothered, since
we do so little sanitization of guest CPUID.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: A question about INVPCID without PCID
  2019-10-03 16:19   ` Jim Mattson
@ 2019-10-03 16:52     ` Paolo Bonzini
  0 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2019-10-03 16:52 UTC (permalink / raw)
  To: Jim Mattson; +Cc: kvm list

On 03/10/19 18:19, Jim Mattson wrote:
> I was actually looking at the code a few lines lower:
> 
> if (!invpcid_enabled) {
>         exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID;
>         guest_cpuid_clear(vcpu, X86_FEATURE_INVPCID);
> }
> 
> The call to guest_cpuid_clear *does* disallow enumerating INVPCID if
> PCID isn't also enumerated. I'm just wondering why we bothered, since
> we do so little sanitization of guest CPUID.

Ah, that's because when INVPCID is disabled in VMX the behavior of
INVPCID is different from when !INVPCID in CPUID even if CR4.PCIDE=0
(#UD vs. #GP or #PF).

Paolo


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-10-03 16:55 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-01 19:48 A question about INVPCID without PCID Jim Mattson
2019-10-03 15:37 ` Paolo Bonzini
2019-10-03 16:19   ` Jim Mattson
2019-10-03 16:52     ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).