From: Sean Christopherson <seanjc@google.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Jim Mattson <jmattson@google.com>, Avi Kivity <avi@redhat.com>,
Babu Moger <babu.moger@amd.com>,
"Chang S. Bae" <chang.seok.bae@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
Joerg Roedel <joerg.roedel@amd.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Wyes Karny <wyes.karny@amd.com>,
x86@kernel.org
Subject: Re: [PATCH 2/5] KVM: svm: Disallow EFER.LMSLE on hardware that doesn't support it
Date: Fri, 16 Sep 2022 22:33:29 +0000 [thread overview]
Message-ID: <YyT5uW8bjXae2c4l@google.com> (raw)
In-Reply-To: <YyT0G9y0RRyBDiPD@zn.tnic>
On Sat, Sep 17, 2022, Borislav Petkov wrote:
> On Fri, Sep 16, 2022 at 02:00:26PM -0700, Jim Mattson wrote:
> > It's possible that SLES11 Xen 4.0 sets the bit, but never actually
> > uses truncated segments in 64-bit mode. In any case, according to the
> > original commit, it won't boot if setting EFER.LMSLE is not allowed.
>
> How is SLE11 at all relevant to the upstream kernel?
Yeah, I'm inclined to revert the original commit and advertise NO_LSMLE unconditionally.
I don't like the idea of knowingly ignoring the fact that KVM doesn't correctly
virtualize LMSLE.
Xen itself already does exactly this:
commit 23ccf530431561268b0190f0f1b740b618771b7b
Author: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Fri Apr 2 14:10:25 2021 +0100
x86/cpuid: Advertise no-lmsl unilaterally to hvm guests
While part of the original AMD64 spec, Long Mode Segment Limit was a feature
not picked up by Intel, and therefore didn't see much adoption in software.
AMD have finally dropped the feature from hardware, and allocated a CPUID bit
to indicate its absence.
Xen has never supported the feature for guests, even when running on capable
hardware, so advertise the feature's absence unilaterally.
There is nothing specifically wrong with exposing this bit to PV guests, but
the PV ABI doesn't include a working concept of MSR_EFER in the first place,
so exposing it to PV guests would be out-of-place.
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
because as noted in commit f2c6084442 ("x86/SVM: correct boot time cpu_data[] handling"),
Xen broke detection of LMSLE support shortly after it was added in 2010, presumably
before any official release. "Support" was added for HVM guests in by commit
727bc17d20 ("svm: support EFER.LMSLE for guests")
and then broken a few weeks later by commit
566ddbe833 ("x86: Fail CPU bringup cleanly if it cannot initialise HVM.")
Note that Xen did a "safe" WRMSR+RDMSR to detect LMSLE, so either someone added
extra out-of-tree code that caused Xen to fail to boot, or "necessary ... to boot
with nested svm" only meant being able to expose SVM to L2.
Either way, KVM appears to be carrying a half-baked "fix" for a buggy guest that's
long since gone. So like we did in commit 8805875aa473 ("Revert "KVM: nVMX: Do not
expose MPX VMX controls when guest MPX disabled""), I think we should just revert
the "fix".
next prev parent reply other threads:[~2022-09-16 22:33 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-16 4:58 [PATCH 0/5] KVM: EFER.LMSLE cleanup Jim Mattson
2022-09-16 4:58 ` [PATCH 1/5] x86/cpufeatures: Introduce X86_FEATURE_NO_LMSLE Jim Mattson
2022-09-16 4:58 ` [PATCH 2/5] KVM: svm: Disallow EFER.LMSLE on hardware that doesn't support it Jim Mattson
2022-09-16 20:14 ` Sean Christopherson
2022-09-16 21:00 ` Jim Mattson
2022-09-16 22:09 ` Borislav Petkov
2022-09-16 22:33 ` Sean Christopherson [this message]
2022-09-18 19:04 ` Borislav Petkov
2022-09-19 18:09 ` Jim Mattson
2022-09-16 4:58 ` [PATCH 3/5] KVM: x86: Report host's X86_FEATURE_NO_LMSLE in KVM_GET_SUPPORTED_CPUID Jim Mattson
2022-09-16 4:58 ` [PATCH 4/5] KVM: x86: Enforce X86_FEATURE_NO_LMSLE in guest cpuid Jim Mattson
2022-09-16 4:58 ` [PATCH 5/5] KVM: svm: Set X86_FEATURE_NO_LMSLE when !nested Jim Mattson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YyT5uW8bjXae2c4l@google.com \
--to=seanjc@google.com \
--cc=avi@redhat.com \
--cc=babu.moger@amd.com \
--cc=bp@alien8.de \
--cc=chang.seok.bae@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joerg.roedel@amd.com \
--cc=jpoimboe@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=wyes.karny@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox