Re: [PATCH] KVM: VMX: Forbid userspace MSR filters for x2APIC

From: Peter Xu
Date: Mon Oct 19 2020 - 13:35:57 EST

Next message: Valentin Schneider: "Re: [PATCH v3 10/19] sched: Fix migrate_disable() vs set_cpus_allowed_ptr()"
Previous message: Christian Eggers: "[RFC PATCH net-next 7/9] net: dsa: microchip: ksz9477: add hardware time stamping support"
In reply to: Paolo Bonzini: "[PATCH] KVM: VMX: Forbid userspace MSR filters for x2APIC"
Next in thread: Graf (AWS), Alexander: "Re: [PATCH] KVM: VMX: Forbid userspace MSR filters for x2APIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 19, 2020 at 01:05:19PM -0400, Paolo Bonzini wrote:
> Allowing userspace to intercept reads to x2APIC MSRs when APICV is
> fully enabled for the guest simply can't work. But more in general,
> if the LAPIC is in-kernel, allowing accessed by userspace would be very
> confusing. If userspace wants to intercept x2APIC MSRs, then it should
> first disable in-kernel APIC.
>
> We could in principle allow userspace to intercept reads and writes to TPR,
> and writes to EOI and SELF_IPI, but while that could be made it work, it
> would still be silly.
>
> Cc: Alexander Graf <graf@xxxxxxxxxx>
> Cc: Aaron Lewis <aaronlewis@xxxxxxxxxx>
> Cc: Peter Xu <peterx@xxxxxxxxxx>
> Cc: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>
> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>

Acked-by: Peter Xu <peterx@xxxxxxxxxx>

--
Peter Xu

Next message: Valentin Schneider: "Re: [PATCH v3 10/19] sched: Fix migrate_disable() vs set_cpus_allowed_ptr()"
Previous message: Christian Eggers: "[RFC PATCH net-next 7/9] net: dsa: microchip: ksz9477: add hardware time stamping support"
In reply to: Paolo Bonzini: "[PATCH] KVM: VMX: Forbid userspace MSR filters for x2APIC"
Next in thread: Graf (AWS), Alexander: "Re: [PATCH] KVM: VMX: Forbid userspace MSR filters for x2APIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]