From: Sean Christopherson <seanjc@google.com>
To: Jim Mattson <jmattson@google.com>
Cc: Maxim Levitsky <mlevitsk@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>,
kvm@vger.kernel.org
Subject: Re: [PATCH v2] KVM: x86: Complain about an attempt to change the APIC base address
Date: Wed, 24 Jul 2024 12:38:08 -0700 [thread overview]
Message-ID: <ZqFYIPw5XSmsdF_K@google.com> (raw)
In-Reply-To: <CALMp9eRmL_7xdK11dsC-yapd29d+6121tWu7sdLnTmHiEEBsdA@mail.gmail.com>
On Wed, Jul 24, 2024, Jim Mattson wrote:
> On Wed, Jul 24, 2024 at 11:13 AM Maxim Levitsky <mlevitsk@redhat.com> wrote:
> > What if we introduce a new KVM capability, say CAP_DISABLE_UNSUPPORTED_FEATURES,
> > and when enabled, outright crash the guest when it attempts things like
> > changing APIC base, APIC IDs, and other unsupported things like that?
> >
> > Then we can make qemu set it by default, and if users have to use an
> > unsupported feature, they could always add a qemu flag that will disable
> > this capability.
>
> Alternatively, why not devise a way to inform userspace that the guest
> has exercised an unsupported feature? Unless you're a hobbyist working on
> your desktop, kernel messages are a *terrible* mechanism for communicating
> with the end user.
A per-vCPU/VM stat would suffice in most cases, e.g. similar to the proposed
auto-EOI stat[*]. But I honestly don't see the point for APIC base relocation
and changing x2APIC IDs. We _know_ these things don't work. Having a flag might
save a bit of triage when debugging a guest issue, but I fail to see what userspace
would do with the information outside of a debug scenario.
And for APIC base relocation, userspace already has the ability to detect this
unuspported behavior. Trap writes to MSR_IA32_APICBASE via MSR filtering, then
reflect the value back into KVM. Performance would suck, but writes to
MSR_IA32_APICBASE should be very rare, especially if the host forces x2APIC via
guest firmware.
As for changing x2APIC IDs, that is the architectural behavior on Intel. If a
kernel is trying to change x2APIC IDs, it's going to have a bad day regardless.
So I guess the question is, what motivated this patch?
next prev parent reply other threads:[~2024-07-24 19:38 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-25 23:53 [PATCH v2] KVM: x86: Complain about an attempt to change the APIC base address Jim Mattson
2024-07-24 18:05 ` Jim Mattson
2024-07-24 18:13 ` Maxim Levitsky
2024-07-24 18:34 ` Jim Mattson
2024-07-24 19:38 ` Sean Christopherson [this message]
2024-07-24 21:22 ` Jim Mattson
2024-07-24 22:22 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZqFYIPw5XSmsdF_K@google.com \
--to=seanjc@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox