From: Sean Christopherson <seanjc@google.com>
To: "Denis V. Lunev" <den@virtuozzo.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>,
zhao1.liu@intel.com, mtosatti@redhat.com, qemu-devel@nongnu.org,
kvm@vger.kernel.org, andrey.drobyshev@virtuozzo.com
Subject: Re: [PATCH] target/i386: KVM: add hack for Windows vCPU hotplug with SGX
Date: Mon, 9 Jun 2025 09:39:37 -0700 [thread overview]
Message-ID: <aEcOSd-KBjOW61Rt@google.com> (raw)
In-Reply-To: <4f19c78f-a843-49c9-8d19-f1dc1e2c4468@virtuozzo.com>
On Mon, Jun 09, 2025, Denis V. Lunev wrote:
> On 6/9/25 18:12, Paolo Bonzini wrote:
> > On 6/9/25 15:23, Andrey Zhadchenko wrote:
> > > When hotplugging vCPUs to the Windows vms, we observed strange instance
> > > crash on Intel(R) Xeon(R) CPU E3-1230 v6:
> > > panic hyper-v: arg1='0x3e', arg2='0x46d359bbdff',
> > > arg3='0x56d359bbdff', arg4='0x0', arg5='0x0'
> > >
> > > Presumably, Windows thinks that hotplugged CPU is not "equivalent
> > > enough"
> > > to the previous ones. The problem lies within msr 3a. During the
> > > startup,
> > > Windows assigns some value to this register. During the hotplug it
> > > expects similar value on the new vCPU in msr 3a. But by default it
> > > is zero.
> >
> > If I understand correctly, you checked that it's Windows that writes
> > 0x40005 to the MSR on non-hotplugged CPUs.
...
> > > Bit #18 probably means that Intel SGX is supported, because disabling
> > > it via CPU arguments results is successfull hotplug (and msr value 0x5).
> >
> > What is the trace like in this case? Does Windows "accept" 0x0 and
> > write 0x5?
> >
> > Does anything in edk2 run during the hotplug process (on real hardware
> > it does, because the whole hotplug is managed via SMM)? If so maybe that
> > could be a better place to write the value.
Yeah, I would expect firmware to write and lock IA32_FEATURE_CONTROL.
> > So many questions, but I'd really prefer to avoid this hack if the only
> > reason for it is SGX...
Does your setup actually support SGX? I.e. expose EPC sections to the guest?
If not, can't you simply disable SGX in CPUID?
> Linux by itself handles this well and assigns MSRs properly (we observe
> corresponding set_msr on the hotplugged CPU).
Linux is much more tolerant of oddities, and quite a bit of effort went into
making sure that IA32_FEATURE_CONTROL was initialized if firmware left it unlocked.
next prev parent reply other threads:[~2025-06-09 16:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-09 13:23 [PATCH] target/i386: KVM: add hack for Windows vCPU hotplug with SGX Andrey Zhadchenko
2025-06-09 16:12 ` Paolo Bonzini
2025-06-09 16:26 ` Denis V. Lunev
2025-06-09 16:39 ` Sean Christopherson [this message]
2025-06-09 17:54 ` Andrey Zhadchenko
2025-06-09 18:25 ` Sean Christopherson
2025-06-12 12:23 ` Andrey Zhadchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aEcOSd-KBjOW61Rt@google.com \
--to=seanjc@google.com \
--cc=andrey.drobyshev@virtuozzo.com \
--cc=andrey.zhadchenko@virtuozzo.com \
--cc=den@virtuozzo.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.