From: Sean Christopherson <seanjc@google.com>
To: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: x86: Allow XSAVES on CPUs where host doesn't use it due to an errata
Date: Tue, 28 Nov 2023 08:48:22 -0800 [thread overview]
Message-ID: <ZWYZ1ldqQ1Q-7Jk0@google.com> (raw)
In-Reply-To: <50076263-8b4f-4167-8419-e8baede7e9b0@maciej.szmigiero.name>
On Mon, Nov 27, 2023, Maciej S. Szmigiero wrote:
> On 27.11.2023 18:24, Sean Christopherson wrote:
> > On Thu, Nov 23, 2023, Maciej S. Szmigiero wrote:
> > > From: "Maciej S. Szmigiero" <maciej.szmigiero@oracle.com>
> > >
> > > Since commit b0563468eeac ("x86/CPU/AMD: Disable XSAVES on AMD family 0x17")
> > > kernel unconditionally clears the XSAVES CPU feature bit on Zen1/2 CPUs.
> > >
> > > Since KVM CPU caps are initialized from the kernel boot CPU features this
> > > makes the XSAVES feature also unavailable for KVM guests in this case, even
> > > though they might want to decide on their own whether they are affected by
> > > this errata.
> > >
> > > Allow KVM guests to make such decision by setting the XSAVES KVM CPU
> > > capability bit based on the actual CPU capability
> >
> > This is not generally safe, as the guest can make such a decision if and only if
> > the Family/Model/Stepping information is reasonably accurate.
>
> If one lies to the guest about the CPU it is running on then obviously
> things may work non-optimally.
But this isn't about running optimally, it's about functional correctness. And
"lying" to the guest about F/M/S is extremely common.
> > > This fixes booting Hyper-V enabled Windows Server 2016 VMs with more than
> > > one vCPU on Zen1/2 CPUs.
> >
> > How/why does lack of XSAVES break a multi-vCPU setup? Is Windows blindly doing
> > XSAVES based on FMS?
>
> The hypercall from L2 Windows to L1 Hyper-V asking to boot the first AP
> returns HV_STATUS_CPUID_XSAVE_FEATURE_VALIDATION_ERROR.
If it's just about CPUID enumeration, then userspace can simply stuff the XSAVES
feature flag. This is not something that belongs in KVM, because this is safe if
and only if F/M/S is accurate and the guest is actually aware of the erratum (or
will not actually use XSAVES for other reasons), neither of which KVM can guarantee.
next prev parent reply other threads:[~2023-11-28 16:48 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-23 19:06 [PATCH] KVM: x86: Allow XSAVES on CPUs where host doesn't use it due to an errata Maciej S. Szmigiero
2023-11-27 17:24 ` Sean Christopherson
2023-11-27 17:47 ` Maciej S. Szmigiero
2023-11-28 16:48 ` Sean Christopherson [this message]
2023-11-28 18:03 ` Maciej S. Szmigiero
2023-11-28 23:42 ` Sean Christopherson
2023-11-30 17:24 ` Maxim Levitsky
2023-11-30 22:00 ` Maciej S. Szmigiero
2023-11-30 23:57 ` Jim Mattson
2023-12-01 16:04 ` Maciej S. Szmigiero
2023-12-06 22:45 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZWYZ1ldqQ1Q-7Jk0@google.com \
--to=seanjc@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@maciej.szmigiero.name \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox