From: Sean Christopherson <sean.j.christopherson@intel.com>
To: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Liran Alon <liran.alon@oracle.com>,
kvm@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
Jim Mattson <jmattson@google.com>,
linux-kernel@vger.kernel.org, Roman Kagan <rkagan@virtuozzo.com>
Subject: Re: [PATCH RFC 2/3] x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs()
Date: Thu, 16 Jan 2020 08:19:28 -0800 [thread overview]
Message-ID: <20200116161928.GC20561@linux.intel.com> (raw)
In-Reply-To: <877e1riy1o.fsf@vitty.brq.redhat.com>
On Thu, Jan 16, 2020 at 09:51:47AM +0100, Vitaly Kuznetsov wrote:
> Liran Alon <liran.alon@oracle.com> writes:
>
> >> On 16 Jan 2020, at 1:27, Sean Christopherson <sean.j.christopherson@intel.com> wrote:
> >>
> >> On Wed, Jan 15, 2020 at 06:10:13PM +0100, Vitaly Kuznetsov wrote:
> >>> With fine grained VMX feature enablement QEMU>=4.2 tries to do KVM_SET_MSRS
> >>> with default (matching CPU model) values and in case eVMCS is also enabled,
> >>> fails.
> >>
> >> As in, Qemu is blindly throwing values at KVM and complains on failure?
> >> That seems like a Qemu bug, especially since Qemu needs to explicitly do
> >> KVM_CAP_HYPERV_ENLIGHTENED_VMCS to enable eVMCS.
> >
> > See: https://patchwork.kernel.org/patch/11316021/
> > For more context.
>
> Ya,
>
> while it would certainly be possible to require that userspace takes
> into account KVM_CAP_HYPERV_ENLIGHTENED_VMCS (which is an opt-in) when
> doing KVM_SET_MSRS there doesn't seem to be an existing (easy) way to
> figure out which VMX controls were filtered out after enabling
> KVM_CAP_HYPERV_ENLIGHTENED_VMCS: KVM_GET_MSRS returns global
> &vmcs_config.nested values for VMX MSRs (vmx_get_msr_feature()).
Ah, I was looking at the call to vmx_get_vmx_msr(&vmx->nested.msrs, ...)
in vmx_get_msr().
Why not just do this in Qemu? IMO that's not a major ask, e.g. Qemu is
doing a decent amount of manual adjustment anyways. And Qemu isn't even
using the result of KVM_GET_MSRS so I don't think it's fair to say this is
solely KVM's fault.
diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 1d10046a6c..6545bb323e 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -2623,6 +2623,23 @@ static void kvm_msr_entry_add_vmx(X86CPU *cpu, FeatureWordArray f)
MSR_VMX_EPT_UC | MSR_VMX_EPT_WB : 0);
uint64_t fixed_vmx_ept_vpid = kvm_vmx_ept_vpid & fixed_vmx_ept_mask;
+ /* Hyper-V's eVMCS does't support certain features, adjust accordingly. */
+ if (cpu->hyperv_evmcs) {
+ f[FEAT_VMX_PINBASED_CTLS] &= ~(VMX_PIN_BASED_VMX_PREEMPTION_TIMER |
+ VMX_PIN_BASED_POSTED_INTR);
+ f[FEAT_VMX_EXIT_CTLS] &= ~VMX_VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL;
+ f[FEAT_VMX_ENTRY_CTLS] &= ~VMX_VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL;
+ f[FEAT_VMX_SECONDARY_CTLS] &= ~(VMX_SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY |
+ VMX_SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES |
+ VMX_SECONDARY_EXEC_APIC_REGISTER_VIRT |
+ VMX_SECONDARY_EXEC_ENABLE_PML |
+ VMX_SECONDARY_EXEC_ENABLE_VMFUNC |
+ VMX_SECONDARY_EXEC_SHADOW_VMCS |
+ /* VMX_SECONDARY_EXEC_TSC_SCALING | */
+ VMX_SECONDARY_EXEC_PAUSE_LOOP_EXITING);
+ f[FEAT_VMX_VMFUNC] &= ~MSR_VMX_VMFUNC_EPT_SWITCHING;
+ }
+
kvm_msr_entry_add(cpu, MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
make_vmx_msr_value(MSR_IA32_VMX_TRUE_PROCBASED_CTLS,
f[FEAT_VMX_PROCBASED_CTLS]));
next prev parent reply other threads:[~2020-01-16 16:19 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-15 17:10 [PATCH RFC 0/3] x86/kvm/hyper-v: fix enlightened VMCS & QEMU4.2 Vitaly Kuznetsov
2020-01-15 17:10 ` [PATCH RFC 1/3] x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() Vitaly Kuznetsov
2020-01-15 22:50 ` Liran Alon
2020-01-15 17:10 ` [PATCH RFC 2/3] x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() Vitaly Kuznetsov
2020-01-15 22:49 ` Liran Alon
2020-01-16 8:37 ` Vitaly Kuznetsov
2020-02-03 15:11 ` Vitaly Kuznetsov
2020-01-15 23:27 ` Sean Christopherson
2020-01-15 23:30 ` Liran Alon
2020-01-16 8:51 ` Vitaly Kuznetsov
2020-01-16 16:19 ` Sean Christopherson [this message]
2020-01-16 16:57 ` Vitaly Kuznetsov
2020-01-17 6:31 ` Sean Christopherson
2020-01-18 21:42 ` Paolo Bonzini
2020-01-19 8:54 ` Paolo Bonzini
2020-01-22 5:47 ` Sean Christopherson
2020-01-22 9:37 ` Vitaly Kuznetsov
2020-01-22 14:33 ` Paolo Bonzini
2020-01-22 15:08 ` Vitaly Kuznetsov
2020-01-22 15:51 ` Sean Christopherson
2020-01-22 16:29 ` Vitaly Kuznetsov
2020-01-22 16:40 ` Paolo Bonzini
2020-01-23 9:15 ` Vitaly Kuznetsov
2020-01-23 19:09 ` Vitaly Kuznetsov
2020-01-24 17:25 ` Sean Christopherson
2020-01-27 15:38 ` Vitaly Kuznetsov
2020-01-27 17:53 ` Paolo Bonzini
2020-01-27 21:52 ` Vitaly Kuznetsov
2020-01-27 18:17 ` Sean Christopherson
2020-01-15 17:10 ` [PATCH RFC 3/3] x86/kvm/hyper-v: don't allow to turn on unsupported VMX controls for nested guests Vitaly Kuznetsov
2020-01-15 22:59 ` Liran Alon
2020-01-16 8:55 ` Vitaly Kuznetsov
2020-01-16 16:21 ` Sean Christopherson
2020-01-19 8:57 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200116161928.GC20561@linux.intel.com \
--to=sean.j.christopherson@intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=liran.alon@oracle.com \
--cc=pbonzini@redhat.com \
--cc=rkagan@virtuozzo.com \
--cc=vkuznets@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.