From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Jim Mattson <jmattson@google.com>
Cc: Anirudh Rayabharam <anrayabh@linux.microsoft.com>,
kvm@vger.kernel.org, Wanpeng Li <wanpengli@tencent.com>,
Maxim Levitsky <mlevitsk@redhat.com>,
linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/14] KVM: nVMX: Use vmcs_config for setting up nested VMX MSRs
Date: Wed, 29 Jun 2022 11:06:46 +0200 [thread overview]
Message-ID: <87czeru9cp.fsf@redhat.com> (raw)
In-Reply-To: <CALMp9eQ35g8GpwObYBJRxjuxZAC8P_HNMMaC0v0uZeC+pMeW_Q@mail.gmail.com>
Jim Mattson <jmattson@google.com> writes:
> On Tue, Jun 28, 2022 at 9:01 AM Vitaly Kuznetsov <vkuznets@redhat.com> wrote:
>>
...
>
> Read-only MSRs cannot be changed after their values may have been
> observed by the guest.
>
>> Anirudh, the same concern applies to your 'intermediate' patch too.
>>
>> Smart ideas on what can be done are more than welcome)
>
> You could define a bunch of "quirks," and userspace could use
> KVM_CAP_DISABLE_QUIRKS2 to ask that the broken bits be cleared.
This sounds correct, but awful :-) I, however, think we can avoid this.
For the KVM-on-eVMCS case:
- When combined with "[PATCH 00/11] KVM: VMX: Support TscScaling and
EnclsExitingBitmap whith eVMCS" series
(https://lore.kernel.org/kvm/20220621155830.60115-1-vkuznets@redhat.com/),
the filtering we do in setup_vmcs_config() is no longer needed. I need
to check various available Hyper-V versions but my initial investigation
shows that we were only filtering out TSC Scaling and 'Load
IA32_PERF_GLOBAL_CTRL' vmexit/vmentry, the rest were never present in
VMX control MSRs (as presented by Hyper-V) in the first place.
For PERF_GLOBAL_CTRL errata:
- We can move the filtering to vmx_vmexit_ctrl()/vmx_vmentry_ctrl()
preserving the status quo: KVM doesn't use the feature but it is exposed
to L1 hypervisor (and L1 hypervisor presumably has the same check and
doesn't use the feature. FWIW, the workaround was added in 2011 and the
erratas it references appeared in 2010, this means that the affected
CPUs are quite old, modern proprietary hypervisors won't likely boot
there).
If we do the above, there's going to be no changes to VMX control MSRs
generated by nested_vmx_setup_ctls_msrs(). I, however, need to work on
a combined series.
--
Vitaly
next prev parent reply other threads:[~2022-06-29 9:06 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-27 16:04 [PATCH 00/14] KVM: nVMX: Use vmcs_config for setting up nested VMX MSRs Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 01/14] KVM: VMX: Check VM_ENTRY_IA32E_MODE in setup_vmcs_config() Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 02/14] KVM: VMX: Check CPU_BASED_{INTR,NMI}_WINDOW_EXITING " Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 03/14] KVM: VMX: Tweak the special handling of SECONDARY_EXEC_ENCLS_EXITING " Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 04/14] KVM: VMX: Extend VMX controls macro shenanigans Vitaly Kuznetsov
2022-06-27 21:36 ` Dong, Eddie
2022-06-28 1:38 ` Sean Christopherson
2022-06-29 20:55 ` Dong, Eddie
2022-06-30 8:14 ` Vitaly Kuznetsov
2022-06-28 12:02 ` Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 05/14] KVM: VMX: Move CPU_BASED_CR8_{LOAD,STORE}_EXITING filtering out of setup_vmcs_config() Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 06/14] KVM: VMX: Add missing VMEXIT controls to vmcs_config Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 07/14] KVM: VMX: Add missing VMENTRY " Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 08/14] KVM: VMX: Add missing CPU based VM execution " Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 09/14] KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 10/14] KVM: nVMX: Use sanitized allowed-1 bits for VMX control MSRs Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 11/14] KVM: VMX: Store required-1 VMX controls in vmcs_config Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 12/14] KVM: nVMX: Use sanitized required-1 bits for VMX control MSRs Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 13/14] KVM: VMX: Cache MSR_IA32_VMX_MISC in vmcs_config Vitaly Kuznetsov
2022-06-27 16:04 ` [PATCH 14/14] KVM: nVMX: Use cached host MSR_IA32_VMX_MISC value for setting up nested MSR Vitaly Kuznetsov
2022-06-27 17:50 ` [PATCH 00/14] KVM: nVMX: Use vmcs_config for setting up nested VMX MSRs Jim Mattson
2022-06-28 14:04 ` Vitaly Kuznetsov
2022-06-28 15:28 ` Jim Mattson
2022-06-28 16:01 ` Vitaly Kuznetsov
2022-06-28 17:11 ` Jim Mattson
2022-06-29 9:06 ` Vitaly Kuznetsov [this message]
2022-06-29 22:27 ` Jim Mattson
2022-07-06 22:30 ` Sean Christopherson
2022-06-28 9:08 ` Maxim Levitsky
2022-06-28 10:04 ` Vitaly Kuznetsov
2022-06-28 10:08 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87czeru9cp.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=anrayabh@linux.microsoft.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mlevitsk@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).