Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN

From: Paolo Bonzini
Date: Wed Jan 05 2022 - 04:11:19 EST

Next message: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Previous message: Leon Romanovsky: "Re: [PATCH rdma-next] RDMA/rxe: Delete deprecated module parameters interface"
In reply to: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Next in thread: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/3/22 13:56, Vitaly Kuznetsov wrote:

'allowlist' of things which can change (and put
*APICids there) and only fail KVM_SET_CPUID{,2} when we see something
else changing.

We could also go the other way and only deny changes that result in changed CPU caps. That should be easier to implement since we have already a mapping from CPU capability words to CPUID leaves and registers.

Paolo

Next message: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Previous message: Leon Romanovsky: "Re: [PATCH rdma-next] RDMA/rxe: Delete deprecated module parameters interface"
In reply to: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Next in thread: Vitaly Kuznetsov: "Re: [PATCH 2/2] KVM: x86: Forbid KVM_SET_CPUID{,2} after KVM_RUN"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]