Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V
From: Anirudh Rayabharam
Date: Tue Jun 14 2022 - 11:29:26 EST
On Mon, Jun 13, 2022 at 04:57:49PM +0000, Sean Christopherson wrote:
> On Mon, Jun 13, 2022, Paolo Bonzini wrote:
> > On 6/13/22 18:16, Anirudh Rayabharam wrote:
> > > + if (!kvm_has_tsc_control)
> > > + msrs->secondary_ctls_high &= ~SECONDARY_EXEC_TSC_SCALING;
> > > +
> > > msrs->secondary_ctls_low = 0;
> > > msrs->secondary_ctls_high &=
> > > SECONDARY_EXEC_DESC |
> > > @@ -6667,8 +6670,7 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps)
> > > SECONDARY_EXEC_RDRAND_EXITING |
> > > SECONDARY_EXEC_ENABLE_INVPCID |
> > > SECONDARY_EXEC_RDSEED_EXITING |
> > > - SECONDARY_EXEC_XSAVES |
> > > - SECONDARY_EXEC_TSC_SCALING;
> > > + SECONDARY_EXEC_XSAVES;
> > > /*
> >
> > This is wrong because it _always_ disables SECONDARY_EXEC_TSC_SCALING,
> > even if kvm_has_tsc_control == true.
> >
> > That said, I think a better implementation of this patch is to just add
> > a version of evmcs_sanitize_exec_ctrls that takes a struct
> > nested_vmx_msrs *, and call it at the end of nested_vmx_setup_ctl_msrs like
> >
> > evmcs_sanitize_nested_vmx_vsrs(msrs);
>
> Any reason not to use the already sanitized vmcs_config? I can't think of any
> reason why the nested path should blindly use the raw MSR values from hardware.
vmcs_config has the sanitized exec controls. But how do we construct MSR
values using them?
Thanks,
Anirudh.