Re: [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Andrew Cooper
On 29/02/2024 12:47 pm, Jan Beulich wrote: >> @@ -830,11 +846,10 @@ void recalculate_cpuid_policy(struct domain *d) >> } >> >> /* >> - * Allow the toolstack to set HTT, X2APIC and CMP_LEGACY. These bits >> + * Allow the toolstack to set HTT and CMP_LEGACY. These bits >>

Re: [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Andrew Cooper
On 29/02/2024 1:29 pm, Jan Beulich wrote: > On 29.02.2024 14:23, Andrew Cooper wrote: >> On 29/02/2024 12:47 pm, Jan Beulich wrote: >>> On 29.02.2024 11:43, Andrew Cooper wrote: Right now, the host x2APIC setting filters into the PV max and default policies, yet PV guests cannot set

Re: [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Jan Beulich
On 29.02.2024 14:23, Andrew Cooper wrote: > On 29/02/2024 12:47 pm, Jan Beulich wrote: >> On 29.02.2024 11:43, Andrew Cooper wrote: >>> Right now, the host x2APIC setting filters into the PV max and default >>> policies, yet PV guests cannot set MSR_APIC_BASE.EXTD or access any of the >>> x2APIC

Re: [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Andrew Cooper
On 29/02/2024 12:47 pm, Jan Beulich wrote: > On 29.02.2024 11:43, Andrew Cooper wrote: >> Right now, the host x2APIC setting filters into the PV max and default >> policies, yet PV guests cannot set MSR_APIC_BASE.EXTD or access any of the >> x2APIC MSR range. Therefore they absolutely shouldn't

Re: [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Andrew Cooper
On 29/02/2024 11:56 am, Roger Pau Monné wrote: > On Thu, Feb 29, 2024 at 10:43:04AM +, Andrew Cooper wrote: >> Right now, the host x2APIC setting filters into the PV max and default >> policies, yet PV guests cannot set MSR_APIC_BASE.EXTD or access any of the >> x2APIC MSR range. Therefore

Re: [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Jan Beulich
On 29.02.2024 11:43, Andrew Cooper wrote: > Right now, the host x2APIC setting filters into the PV max and default > policies, yet PV guests cannot set MSR_APIC_BASE.EXTD or access any of the > x2APIC MSR range. Therefore they absolutely shouldn't see the x2APIC bit. > > Linux has workarounds

Re: [PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Roger Pau Monné
On Thu, Feb 29, 2024 at 10:43:04AM +, Andrew Cooper wrote: > Right now, the host x2APIC setting filters into the PV max and default > policies, yet PV guests cannot set MSR_APIC_BASE.EXTD or access any of the > x2APIC MSR range. Therefore they absolutely shouldn't see the x2APIC bit. > >

[PATCH] x86/cpu-policy: Fix x2APIC visibility for PV guests

2024-02-29 Thread Andrew Cooper
Right now, the host x2APIC setting filters into the PV max and default policies, yet PV guests cannot set MSR_APIC_BASE.EXTD or access any of the x2APIC MSR range. Therefore they absolutely shouldn't see the x2APIC bit. Linux has workarounds for the collateral damage caused by this leakage; it