From: Paolo Bonzini <pbonzini@redhat.com>
To: Ankur Arora <ankur.a.arora@oracle.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: x86@kernel.org, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Sean Christopherson <sean.j.christopherson@intel.com>,
Jim Mattson <jmattson@google.com>,
Liran Alon <liran.alon@oracle.com>,
linux-kernel@vger.kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
kvm@vger.kernel.org
Subject: Re: [PATCH RFC] KVM: x86: tell guests if the exposed SMT topology is trustworthy
Date: Mon, 9 Dec 2019 10:15:12 +0100 [thread overview]
Message-ID: <a8e0cd22-f61f-88e4-1594-6784fb39e41f@redhat.com> (raw)
In-Reply-To: <2e16b707-f020-22a3-a618-4960db917dfa@oracle.com>
On 06/12/19 21:31, Ankur Arora wrote:
>> If we, however, discuss other hints such 'pre-ACK' mechanism may make
>> sense, however, I'd make it an option to a 'challenge/response'
>> protocol: if host wants to change a hint it notifies the guest and waits
>> for an ACK from it (e.g. a pair of MSRs + an interrupt). I, however,
>
> My main reason for this 'pre-ACK' approach is some discomfort with
> changing the CPUID edx from under the guest.
Changing the CPUID is fine, if we document which CPUID can change.
There are CPUID leaves that change at runtime, for example in leaf 0Dh
(though in that case it's based on XCR0 and not on external circumstances).
> As we've discussed offlist, the particular hint I'm interested in is
> KVM_HINT_REALTIME. That's not a particularly good candidate though
> because there's no correctness problem if the host does switch it
> off suddenly.
Or perhaps it's a good candidate, exactly because there's no correctness
problem. For SMT topology, there are security issues if the host
doesn't respect it anymore, so making it changeable is of limited utility.
Paolo
prev parent reply other threads:[~2019-12-09 9:15 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-05 16:17 [PATCH RFC] KVM: x86: tell guests if the exposed SMT topology is trustworthy Vitaly Kuznetsov
2019-11-05 17:17 ` Liran Alon
2019-11-05 17:30 ` Liran Alon
2019-11-05 17:35 ` Jim Mattson
2019-11-05 19:37 ` Sean Christopherson
2019-11-05 23:25 ` Sean Christopherson
2019-11-07 10:38 ` Vitaly Kuznetsov
[not found] ` <943488A8-2DD7-4471-B3C7-9F21A0B0BCF9@dinechin.org>
2019-11-07 15:02 ` Liran Alon
2019-11-08 15:35 ` Christophe de Dinechin
2019-11-08 15:52 ` Liran Alon
2019-11-05 20:02 ` Peter Zijlstra
2019-11-05 23:25 ` Sean Christopherson
2019-11-06 8:32 ` Peter Zijlstra
2019-11-20 10:13 ` Wanpeng Li
2019-11-05 23:51 ` Paolo Bonzini
2019-11-06 8:32 ` Peter Zijlstra
2019-11-06 9:41 ` Paolo Bonzini
2019-11-05 23:56 ` Paolo Bonzini
2019-12-06 4:01 ` Ankur Arora
2019-12-06 13:46 ` Vitaly Kuznetsov
2019-12-06 20:31 ` Ankur Arora
2019-12-09 9:15 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a8e0cd22-f61f-88e4-1594-6784fb39e41f@redhat.com \
--to=pbonzini@redhat.com \
--cc=ankur.a.arora@oracle.com \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=liran.alon@oracle.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sean.j.christopherson@intel.com \
--cc=tglx@linutronix.de \
--cc=vkuznets@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).