From: Sean Christopherson <seanjc@google.com>
To: Jim Mattson <jmattson@google.com>
Cc: Maxim Levitsky <mlevitsk@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org
Subject: Re: [PATCH v2] KVM: x86: Complain about an attempt to change the APIC base address
Date: Wed, 24 Jul 2024 12:38:08 -0700 [thread overview]
Message-ID: <ZqFYIPw5XSmsdF_K@google.com> (raw)
In-Reply-To: <CALMp9eRmL_7xdK11dsC-yapd29d+6121tWu7sdLnTmHiEEBsdA@mail.gmail.com>
On Wed, Jul 24, 2024, Jim Mattson wrote:
> On Wed, Jul 24, 2024 at 11:13 AM Maxim Levitsky <mlevitsk@redhat.com> wrote:
> > What if we introduce a new KVM capability, say CAP_DISABLE_UNSUPPORTED_FEATURES,
> > and when enabled, outright crash the guest when it attempts things like
> > changing APIC base, APIC IDs, and other unsupported things like that?
> >
> > Then we can make qemu set it by default, and if users have to use an
> > unsupported feature, they could always add a qemu flag that will disable
> > this capability.
>
> Alternatively, why not devise a way to inform userspace that the guest
> has exercised an unsupported feature? Unless you're a hobbyist working on
> your desktop, kernel messages are a *terrible* mechanism for communicating
> with the end user.
A per-vCPU/VM stat would suffice in most cases, e.g. similar to the proposed
auto-EOI stat[*]. But I honestly don't see the point for APIC base relocation
and changing x2APIC IDs. We _know_ these things don't work. Having a flag might
save a bit of triage when debugging a guest issue, but I fail to see what userspace
would do with the information outside of a debug scenario.
And for APIC base relocation, userspace already has the ability to detect this
unuspported behavior. Trap writes to MSR_IA32_APICBASE via MSR filtering, then
reflect the value back into KVM. Performance would suck, but writes to
MSR_IA32_APICBASE should be very rare, especially if the host forces x2APIC via
guest firmware.
As for changing x2APIC IDs, that is the architectural behavior on Intel. If a
kernel is trying to change x2APIC IDs, it's going to have a bad day regardless.
So I guess the question is, what motivated this patch?
next prev parent reply other threads:[~2024-07-24 19:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-25 23:53 [PATCH v2] KVM: x86: Complain about an attempt to change the APIC base address Jim Mattson
2024-07-24 18:05 ` Jim Mattson
2024-07-24 18:13 ` Maxim Levitsky
2024-07-24 18:34 ` Jim Mattson
2024-07-24 19:38 ` Sean Christopherson [this message]
2024-07-24 21:22 ` Jim Mattson
2024-07-24 22:22 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqFYIPw5XSmsdF_K@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.