From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C45622969A for ; Fri, 20 Dec 2024 17:12:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734714754; cv=none; b=bCAd/mcm7Yhy1hxMVvCYXfGQ7o7VKX8b9zggPGWXEGbNdDCZmD99+qkfsKicd9ec1qW+TDTtLfzaSPt4qE/zqD5YVAK3B04YljFN7nhAqhTau/BjUc8VUxP3yZ2DUKk7iP9BSPY+8UypvPk4LAY874PRmhkef/CuLCdl0PUxH/I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1734714754; c=relaxed/simple; bh=WifaHMgUN2/PoIP6R85s/mEJenj+ohCwTB9pHBJMD1A=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=uR0bvDvACoOK/Z/b/sZHalVJ4v1wXUwF+6UODCNBIpXCWmlZeKZFgQpmyS3k0gJ2+ob4cUMIHcZqZDfTXrQCMJVorqnkf4gzbAnKbGZCzRBq2aO12GzyfKbHo/VKQ+43cvF9a6WF4T4I/OzW6KCX+ZHNVJP8ymXpZokgbphjDQI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=QZreTpw5; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="QZreTpw5" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1734714751; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=pB8CsvVeMKS/nqIKRfdbuxHB1E+FQyRtAFkg+8gsimE=; b=QZreTpw59xKBPsd8zflKoasZCaazoTFCsOneog0b9MT4M/vh6IujRHDp0oGt/RpVSnHe9m FGB2QwUZ349HHJqKo892wW/vhxDlnG54i2F5O2iGiTHalNDzATHPLpf3YjO1ifKIIJGnuV foHOOkH1towUfkP7tya/ROt0mdo5kTs= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-30-URLId2x1NkqdSnDmG9X9-g-1; Fri, 20 Dec 2024 12:12:29 -0500 X-MC-Unique: URLId2x1NkqdSnDmG9X9-g-1 X-Mimecast-MFC-AGG-ID: URLId2x1NkqdSnDmG9X9-g Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-4359206e1e4so18064555e9.2 for ; Fri, 20 Dec 2024 09:12:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734714746; x=1735319546; h=content-transfer-encoding:in-reply-to:autocrypt:content-language :from:references:cc:to:subject:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pB8CsvVeMKS/nqIKRfdbuxHB1E+FQyRtAFkg+8gsimE=; b=W+MI0eBKvCT2NPBMVbkVHMmfBIH2qPsqtZ3MN+Gsd4ZFqra3+aVuG7+ABTpqNB6xQN XvJ3+/7E7vk3sbmhqylwTV/w5ID5juVoVorxqYJxUHjBgCxGi1oUuTbD5bCvQCkr91Zc 7bWFHUflrapdjES+swETlWtjUm/F0SZCKsa/F7tm6voAtOJOdHDQSGRIQ/fC4Fz9TH5Q BCjWNwjpkMID3QtZEpdL+IWl/VsIL3D89jeFvOv3XwX1eioR/u6nlS8zwiYkXwlbARZU eE6iBNnOQYMtrtt/k8j56tXKqVeA1fX6Xpqtya8PAXXr4PelB3mKBHsLDHcjmq5Z0atM LC6w== X-Gm-Message-State: AOJu0YzVsrP08rViSFntVPvRymOIj0haapeCeGdrS45Nqsh5T6MKdDjo r5ZyfqF7z2OsuOkafBX/B9XV0Xp1kOyCggLPBrEAGyJuaeyoe5O+vBbDm6nTVvhbm5jisubw0ag cVX10KpuNM9rt5OS4f4RsasH3AizoF+3CKTlqZlCsCuNkeVR25SdB5jv0KOoJJA== X-Gm-Gg: ASbGncsla7pp8HVGzfXCj8o78+3JKdXyUCaX41OxZgWpHoAR/qjmLR7t+3+w4FfawME 0bkioR+WVJaPnkQMXiGca/O5fsspbdBgmFwh1DHexCQza1DhJJO1v7aLdf0G2lu2lYl8rhuhGnp G9JBwZDvmz76tH6rlGBp+5LUXlOVeWyKaFfHSUCKqpvj2BQRzjAkLoqyecPQ0kqxsDiRQXwSR5y paFXdaqYVOnKaNoePb2PmUjzsOvvSTysBD1LrbYKHSOKRbfbOgC+ZSwAkYO X-Received: by 2002:a05:6000:713:b0:386:3903:86eb with SMTP id ffacd0b85a97d-38a221f1fd1mr3991068f8f.23.1734714745087; Fri, 20 Dec 2024 09:12:25 -0800 (PST) X-Google-Smtp-Source: AGHT+IH4HmYMB9vSO/QPsMq+TOz2m0OwtyvCRzeukUVgsaKeuxv5rKk09sHmeBdZ3AMdhf48y1QTDw== X-Received: by 2002:a05:6000:713:b0:386:3903:86eb with SMTP id ffacd0b85a97d-38a221f1fd1mr3990901f8f.23.1734714743253; Fri, 20 Dec 2024 09:12:23 -0800 (PST) Received: from [192.168.10.27] ([151.81.118.45]) by smtp.googlemail.com with ESMTPSA id ffacd0b85a97d-38a1c8a8d32sm4518093f8f.99.2024.12.20.09.12.22 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 20 Dec 2024 09:12:22 -0800 (PST) Message-ID: <2f3df741-b24f-4940-bef1-514498b561e1@redhat.com> Date: Fri, 20 Dec 2024 18:12:21 +0100 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] KVM: x86: let it be known that ignore_msrs is a bad idea To: Sean Christopherson Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org References: <20241219124426.325747-1-pbonzini@redhat.com> From: Paolo Bonzini Content-Language: en-US Autocrypt: addr=pbonzini@redhat.com; keydata= xsEhBFRCcBIBDqDGsz4K0zZun3jh+U6Z9wNGLKQ0kSFyjN38gMqU1SfP+TUNQepFHb/Gc0E2 CxXPkIBTvYY+ZPkoTh5xF9oS1jqI8iRLzouzF8yXs3QjQIZ2SfuCxSVwlV65jotcjD2FTN04 hVopm9llFijNZpVIOGUTqzM4U55sdsCcZUluWM6x4HSOdw5F5Utxfp1wOjD/v92Lrax0hjiX DResHSt48q+8FrZzY+AUbkUS+Jm34qjswdrgsC5uxeVcLkBgWLmov2kMaMROT0YmFY6A3m1S P/kXmHDXxhe23gKb3dgwxUTpENDBGcfEzrzilWueOeUWiOcWuFOed/C3SyijBx3Av/lbCsHU Vx6pMycNTdzU1BuAroB+Y3mNEuW56Yd44jlInzG2UOwt9XjjdKkJZ1g0P9dwptwLEgTEd3Fo UdhAQyRXGYO8oROiuh+RZ1lXp6AQ4ZjoyH8WLfTLf5g1EKCTc4C1sy1vQSdzIRu3rBIjAvnC tGZADei1IExLqB3uzXKzZ1BZ+Z8hnt2og9hb7H0y8diYfEk2w3R7wEr+Ehk5NQsT2MPI2QBd wEv1/Aj1DgUHZAHzG1QN9S8wNWQ6K9DqHZTBnI1hUlkp22zCSHK/6FwUCuYp1zcAEQEAAc0j UGFvbG8gQm9uemluaSA8cGJvbnppbmlAcmVkaGF0LmNvbT7CwU0EEwECACMFAlRCcBICGwMH CwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRB+FRAMzTZpsbceDp9IIN6BIA0Ol7MoB15E 11kRz/ewzryFY54tQlMnd4xxfH8MTQ/mm9I482YoSwPMdcWFAKnUX6Yo30tbLiNB8hzaHeRj jx12K+ptqYbg+cevgOtbLAlL9kNgLLcsGqC2829jBCUTVeMSZDrzS97ole/YEez2qFpPnTV0 VrRWClWVfYh+JfzpXmgyhbkuwUxNFk421s4Ajp3d8nPPFUGgBG5HOxzkAm7xb1cjAuJ+oi/K CHfkuN+fLZl/u3E/fw7vvOESApLU5o0icVXeakfSz0LsygEnekDbxPnE5af/9FEkXJD5EoYG SEahaEtgNrR4qsyxyAGYgZlS70vkSSYJ+iT2rrwEiDlo31MzRo6Ba2FfHBSJ7lcYdPT7bbk9 AO3hlNMhNdUhoQv7M5HsnqZ6unvSHOKmReNaS9egAGdRN0/GPDWr9wroyJ65ZNQsHl9nXBqE AukZNr5oJO5vxrYiAuuTSd6UI/xFkjtkzltG3mw5ao2bBpk/V/YuePrJsnPFHG7NhizrxttB nTuOSCMo45pfHQ+XYd5K1+Cv/NzZFNWscm5htJ0HznY+oOsZvHTyGz3v91pn51dkRYN0otqr bQ4tlFFuVjArBZcapSIe6NV8C4cEiSTOwE0EVEJx7gEIAMeHcVzuv2bp9HlWDp6+RkZe+vtl KwAHplb/WH59j2wyG8V6i33+6MlSSJMOFnYUCCL77bucx9uImI5nX24PIlqT+zasVEEVGSRF m8dgkcJDB7Tps0IkNrUi4yof3B3shR+vMY3i3Ip0e41zKx0CvlAhMOo6otaHmcxr35sWq1Jk tLkbn3wG+fPQCVudJJECvVQ//UAthSSEklA50QtD2sBkmQ14ZryEyTHQ+E42K3j2IUmOLriF dNr9NvE1QGmGyIcbw2NIVEBOK/GWxkS5+dmxM2iD4Jdaf2nSn3jlHjEXoPwpMs0KZsgdU0pP JQzMUMwmB1wM8JxovFlPYrhNT9MAEQEAAcLBMwQYAQIACQUCVEJx7gIbDAAKCRB+FRAMzTZp sadRDqCctLmYICZu4GSnie4lKXl+HqlLanpVMOoFNnWs9oRP47MbE2wv8OaYh5pNR9VVgyhD OG0AU7oidG36OeUlrFDTfnPYYSF/mPCxHttosyt8O5kabxnIPv2URuAxDByz+iVbL+RjKaGM GDph56ZTswlx75nZVtIukqzLAQ5fa8OALSGum0cFi4ptZUOhDNz1onz61klD6z3MODi0sBZN Aj6guB2L/+2ZwElZEeRBERRd/uommlYuToAXfNRdUwrwl9gRMiA0WSyTb190zneRRDfpSK5d usXnM/O+kr3Dm+Ui+UioPf6wgbn3T0o6I5BhVhs4h4hWmIW7iNhPjX1iybXfmb1gAFfjtHfL xRUr64svXpyfJMScIQtBAm0ihWPltXkyITA92ngCmPdHa6M1hMh4RDX+Jf1fiWubzp1voAg0 JBrdmNZSQDz0iKmSrx8xkoXYfA3bgtFN8WJH2xgFL28XnqY4M6dLhJwV3z08tPSRqYFm4NMP dRsn0/7oymhneL8RthIvjDDQ5ktUjMe8LtHr70OZE/TT88qvEdhiIVUogHdo4qBrk41+gGQh b906Dudw5YhTJFU3nC6bbF2nrLlB4C/XSiH76ZvqzV0Z/cAMBo5NF/w= In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 12/20/24 18:03, Sean Christopherson wrote: > On Thu, Dec 19, 2024, Paolo Bonzini wrote: >> When running KVM with ignore_msrs=1 and report_ignored_msrs=0, the user has >> no clue that that the guest is being lied to. This may cause bug reports >> such as https://gitlab.com/qemu-project/qemu/-/issues/2571, where enabling >> a CPUID bit in QEMU caused Linux guests to try reading MSR_CU_DEF_ERR; and >> being lied about the existence of MSR_CU_DEF_ERR caused the guest to assume >> other things about the local APIC which were not true: >> >> Sep 14 12:02:53 kernel: mce: [Firmware Bug]: Your BIOS is not setting up LVT offset 0x2 for deferred error IRQs correctly. >> Sep 14 12:02:53 kernel: unchecked MSR access error: RDMSR from 0x852 at rIP: 0xffffffffb548ffa7 (native_read_msr+0x7/0x40) >> Sep 14 12:02:53 kernel: Call Trace: >> ... >> Sep 14 12:02:53 kernel: native_apic_msr_read+0x20/0x30 >> Sep 14 12:02:53 kernel: setup_APIC_eilvt+0x47/0x110 >> Sep 14 12:02:53 kernel: mce_amd_feature_init+0x485/0x4e0 >> ... >> Sep 14 12:02:53 kernel: [Firmware Bug]: cpu 0, try to use APIC520 (LVT offset 2) for vector 0xf4, but the register is already in use for vector 0x0 on this cpu >> >> Without reported_ignored_msrs=0 at least the host kernel log will contain >> enough information to avoid going on a wild goose chase. But if reports >> about individual MSR accesses are being silenced too, at least complain >> loudly the first time a VM is started. >> >> Signed-off-by: Paolo Bonzini >> --- >> arch/x86/kvm/x86.c | 7 +++++++ >> 1 file changed, 7 insertions(+) >> >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index c8160baf3838..1b7c8db0cf63 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -12724,6 +12724,13 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type) >> kvm_hv_init_vm(kvm); >> kvm_xen_init_vm(kvm); >> >> + if (ignore_msrs && !report_ignored_msrs) { >> + pr_warn_once("Running KVM with ignore_msrs=1 and report_ignored_msrs=0 is not a\n"); >> + pr_warn_once("a supported configuration. Lying to the guest about the existence of MSRs\n"); > > Back-to-back 'a's. > > If we're saying this combo is unsupported, should we taint the host kernel with > TAINT_USER, e.g. similar to how the force_avic parameter is treated as unsafe? I don't think so, TAINT_USER seems to be for cases where there can be *host* instability. Even force_avic is a stretch. >> + pr_warn_once("may cause the guest operating system to hang or produce errors. If a guest\n"); >> + pr_warn_once("does not run without ignore_msrs=1, please report it to kvm@vger.kernel.org.\n"); > > This should be a multi-line string that's printed in a single pr_warn_once(), > otherwise the full message could get split quite weirdly if there is other dmesg > activity. Will do, thanks. Paolo