kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jim Mattson <jmattson@google.com>
To: "Dong, Eddie" <eddie.dong@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
	"pbonzini@redhat.com" <pbonzini@redhat.com>, "Christopherson,,
	Sean" <seanjc@google.com>
Subject: Re: [PATCH 2/6] KVM: x86: Mask off reserved bits in CPUID.80000006H
Date: Tue, 4 Oct 2022 19:59:08 -0700	[thread overview]
Message-ID: <CALMp9eS0-j7mV8M-G30XqR3wyLhoOK3JEs5PYag7s-3fVMd=5w@mail.gmail.com> (raw)
In-Reply-To: <BL0PR11MB30426E91DB220599F53F577F8A5D9@BL0PR11MB3042.namprd11.prod.outlook.com>

On Tue, Oct 4, 2022 at 5:08 PM Dong, Eddie <eddie.dong@intel.com> wrote:
>
> > Hardware reserved CPUID bits are always zero today, though that may not be
> > architecturally specified.
>
> entry->edx is initialized to native value in do_host_cpuid(), which executes physical CPUID.
> I guess I am disconnected here.

Hardware values should only be passed through for features that KVM
can support. Reserved bits should be set to 0, because KVM has no idea
whether or not it will be able to support them once they are defined.

Perhaps an example will help.

At one time, leaf 7 was completely reserved. Following the principle
that KVM should not pass through reserved CPUID bits, KVM zeroed out
this leaf prior to commit 611c120f7486 ("KVM: Mask function7 ebx
against host capability word9").
Suppose that the legacy KVM had, as you suggest, passed through the
hardware values for leaf 7. As CPUs appeared with SMEP, SMAP, Intel
Processor Trace, SGX, and a whole slew of other features, that version
of KVM would claim that it supported those features. Not true.

How would userspace be able to tell a version of KVM that could really
support SMEP from one that just blindly passed the bit through without
knowing what it meant? The KVM_GET_SUPPORTED_CPUID results would be
identical.

In some cases, if KVM claims to support a feature that it doesn't
(like SMEP), a guest that tries to use the feature will fail to boot
(e.g. setting CR4.SMEP will raise an unexpected #GP).

However, as you alluded to earlier, zeroing out reserved bits does not
always work out. Again, looking at leaf 7, the old KVM that clears all
of leaf 7 claims legacy x87 behavior with respect to the FPU data
pointer, FPU CS and FPU DS values, even on newer chips where that is
not true. This is because of the two "reverse polarity" feature bits
in leaf 7, where '0' indicates the presence of the feature and '1'
indicates that the feature has been removed. At least, in this case,
userspace can tell if KVM is wrong, just by querying CPUID leaf 7
itself. Long after leaf 7 support was added to KVM, it continued to
make the mistake of clearing those two bits. That bug wasn't addressed
until commit e3bcfda012ed ("KVM: x86: Report deprecated x87 features
in supported CPUID"). Fortunately, no software actually looks at those
two bits.

The KVM_GET_SUPPORTED_CPUID API is abysmal, but it is what we have for
now. The best thing we can do is to zero out reserved bits. Passing
through the hardware values is likely to get us into trouble in the
future, when those bits are defined to mean something that we don't
support.

  reply	other threads:[~2022-10-05  2:59 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-09-29 22:51 [PATCH 1/6] KVM: x86: Mask off reserved bits in CPUID.80000001H Jim Mattson
2022-09-29 22:51 ` [PATCH 2/6] KVM: x86: Mask off reserved bits in CPUID.80000006H Jim Mattson
2022-09-30 21:20   ` Dong, Eddie
2022-09-30 23:12     ` Jim Mattson
2022-09-30 23:59       ` Dong, Eddie
2022-10-01  0:35         ` Jim Mattson
2022-10-03 19:35           ` Dong, Eddie
2022-10-03 20:18             ` Jim Mattson
2022-10-05  0:08               ` Dong, Eddie
2022-10-05  2:59                 ` Jim Mattson [this message]
2022-10-05 17:09                   ` Dong, Eddie
2022-10-19 22:42   ` Sean Christopherson
2022-09-29 22:52 ` [PATCH 3/6] KVM: x86: Mask off reserved bits in CPUID.80000008H Jim Mattson
2022-10-19 22:49   ` Sean Christopherson
2022-09-29 22:52 ` [PATCH 4/6] KVM: x86: Mask off reserved bits in CPUID.8000001AH Jim Mattson
2022-09-29 22:52 ` [PATCH 5/6] KVM: x86: Mask off reserved bits in CPUID.8000001EH Jim Mattson
2022-10-19 22:53   ` Sean Christopherson
2022-10-22  8:26     ` Paolo Bonzini
2022-09-29 22:52 ` [PATCH 6/6] KVM: x86: Mask off reserved bits in CPUID.8000001FH Jim Mattson
2022-10-22  8:34   ` Paolo Bonzini
2022-09-30 21:04 ` [PATCH 1/6] KVM: x86: Mask off reserved bits in CPUID.80000001H Dong, Eddie
2022-09-30 23:14   ` Jim Mattson
2022-10-19 22:58 ` Sean Christopherson
2022-10-22  8:36   ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALMp9eS0-j7mV8M-G30XqR3wyLhoOK3JEs5PYag7s-3fVMd=5w@mail.gmail.com' \
    --to=jmattson@google.com \
    --cc=eddie.dong@intel.com \
    --cc=kvm@vger.kernel.org \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).