Linux-Doc Archive on
 help / color / Atom feed
From: Alexander Graf <>
To: Paolo Bonzini <>
Cc: Jonathan Corbet <>,
	Sean Christopherson <>,
	Vitaly Kuznetsov <>,
	Wanpeng Li <>,
	Jim Mattson <>,
	"Joerg Roedel" <>,
	KarimAllah Raslan <>, <>,
	<>, <>
Subject: [PATCH v2 0/3] Allow user space to restrict and augment MSR emulation
Date: Thu, 30 Jul 2020 01:59:26 +0200
Message-ID: <> (raw)

While tying to add support for the MSR_CORE_THREAD_COUNT MSR in KVM,
I realized that we were still in a world where user space has no control
over what happens with MSR emulation in KVM.

That is bad for multiple reasons. In my case, I wanted to emulate the
MSR in user space, because it's a CPU specific register that does not
exist on older CPUs and that really only contains informational data that
is on the package level, so it's a natural fit for user space to provide

However, it is also bad on a platform compatibility level. Currrently,
KVM has no way to expose different MSRs based on the selected target CPU

This patch set introduces a way for user space to indicate to KVM which
MSRs should be handled in kernel space. With that, we can solve part of
the platform compatibility story. Or at least we can not handle AMD specific
MSRs on an Intel platform and vice versa.

In addition, it introduces a way for user space to get into the loop
when an MSR access would generate a #GP fault, such as when KVM finds an
MSR that is not handled by the in-kernel MSR emulation or when the guest
is trying to access reserved registers.

In combination with the allow list, the user space trapping allows us
to emulate arbitrary MSRs in user space, paving the way for target CPU
specific MSR implementations from user space.

Alexander Graf (3):
  KVM: x86: Deflect unknown MSR accesses to user space
  KVM: x86: Introduce allow list for MSR emulation
  KVM: selftests: Add test for user space MSR handling

 Documentation/virt/kvm/api.rst                | 115 +++++++++
 arch/x86/include/asm/kvm_host.h               |  13 +
 arch/x86/include/uapi/asm/kvm.h               |  15 ++
 arch/x86/kvm/emulate.c                        |  18 +-
 arch/x86/kvm/x86.c                            | 234 +++++++++++++++++-
 include/trace/events/kvm.h                    |   2 +-
 include/uapi/linux/kvm.h                      |  15 ++
 tools/testing/selftests/kvm/Makefile          |   1 +
 .../selftests/kvm/x86_64/user_msr_test.c      | 199 +++++++++++++++
 9 files changed, 605 insertions(+), 7 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86_64/user_msr_test.c


Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879

             reply index

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-29 23:59 Alexander Graf [this message]
2020-07-29 23:59 ` [PATCH v2 1/3] KVM: x86: Deflect unknown MSR accesses to user space Alexander Graf
2020-07-30  8:41   ` Vitaly Kuznetsov
2020-07-30 22:42   ` Jim Mattson
2020-07-30 23:07     ` Alexander Graf
2020-07-30 23:53       ` Jim Mattson
2020-07-31  3:20         ` Jim Mattson
2020-07-31 11:42           ` Alexander Graf
2020-07-29 23:59 ` [PATCH v2 2/3] KVM: x86: Introduce allow list for MSR emulation Alexander Graf
2020-07-30  8:59   ` Vitaly Kuznetsov
2020-07-31 11:59     ` Alexander Graf
2020-07-29 23:59 ` [PATCH v2 3/3] KVM: selftests: Add test for user space MSR handling Alexander Graf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \ \ \ \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Doc Archive on

Archives are clonable:
	git clone --mirror linux-doc/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-doc linux-doc/ \
	public-inbox-index linux-doc

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone