From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933015AbbCRKaj (ORCPT ); Wed, 18 Mar 2015 06:30:39 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:34719 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755520AbbCRKah (ORCPT ); Wed, 18 Mar 2015 06:30:37 -0400 Message-ID: <550953C2.3030404@canonical.com> Date: Wed, 18 Mar 2015 11:30:26 +0100 From: Stefan Bader User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0 MIME-Version: 1.0 To: Paolo Bonzini , kvm@vger.kernel.org, Linux Kernel Mailing List Subject: Re: regression: nested: L1 3.15+ fails to load kvm-intel on L0 <3.15 References: <55093B52.5090904@canonical.com> <550942ED.4040809@redhat.com> <55094C73.4000608@canonical.com> <550952F5.7060702@redhat.com> In-Reply-To: <550952F5.7060702@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rH9ROPE9adTpUw59f3VtwNKrhax09xiiF" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --rH9ROPE9adTpUw59f3VtwNKrhax09xiiF Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: quoted-printable On 18.03.2015 11:27, Paolo Bonzini wrote: >=20 >=20 > On 18/03/2015 10:59, Stefan Bader wrote: >>> @@ -2850,7 +2851,7 @@ static __init int setup_vmcs_config(struct >>> vmcs_config *vmcs_conf) vmx_capability.ept, >>> vmx_capability.vpid); } >>> >>> - min =3D 0; + min =3D VM_EXIT_SAVE_DEBUG_CONTROLS; #ifdef >>> CONFIG_X86_64 min |=3D VM_EXIT_HOST_ADDR_SPACE_SIZE; #endif >>> >>> but I don't think it's a good idea to add it to stable kernels. >> >> Why is that? Because it has a risk of causing the module failing to >> load on L0 where it did work before? >=20 > Because if we wanted to make 3.14 nested VMX stable-ish we would need > several more, at least these: >=20 > KVM: nVMX: fix lifetime issues for vmcs02 > KVM: nVMX: clean up nested_release_vmcs12 and code around it > KVM: nVMX: Rework interception of IRQs and NMIs > KVM: nVMX: Do not inject NMI vmexits when L2 has a pending > interrupt > KVM: nVMX: Disable preemption while reading from shadow VMCS >=20 > and for 3.13: >=20 > KVM: nVMX: Leave VMX mode on clearing of feature control MSR >=20 > There are also several L2-crash-L1 bugs too in Nadav Amit's patches. >=20 > Basically, nested VMX was never considered stable-worthy. Perhaps > that can change soon---but not retroactively. >=20 > So I'd rather avoid giving false impressions of the stability of nVMX > in 3.14. >=20 > Even if we considered nVMX stable, I'd _really_ not want to consider > the L1<->L2 boundary a secure one for a longer time. >=20 >> Which would be something I would rather avoid. Generally I think it >> would be good to have something that can be generally applied. >> Given the speed that cloud service providers tend to move forward >> (ok they may not actively push the ability to go nested). >=20 > And if they did, I'd really not want them to do it with a 3.14 kernel. 3.14... you are optimistic. :) But thanks a lot for the detailed info. -Stefan >=20 > Paolo >=20 --rH9ROPE9adTpUw59f3VtwNKrhax09xiiF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVCVPKAAoJEOhnXe7L7s6jc5wP/j8ktBGizAxsO2Fac96GWk15 jNjVNbCMJA82JnwBA9RaYCQD3RQzl1QFm9BVqAUOWl1E4t8khRXi5MSrW6y58y6f ouWyBJKyuiRcfOorGD6FQvMALwOypbXPkYAhHNclrwFzeoOjGKBh6sr4EWq+qo7g RGitTbfby3Y4OCrmjQpw4/aw2pCJocaVbCZroqLOXf/e0QONBiFJ7Qs0XOCch82k PZrddihl6UtR8sWGavTLV4nR/i89xYAbu5WspoQfHZoK86fahryfc+X3ZvlCyvTE FSRv/4P/cmSFSjXb42zVThqLcqoaDfXLEJsRJNg2zQEgxu/R4fYFjicjkAYByHUj Kuj/OF3zY8Jv96du7RerqEEfaLYgVuWhNVFDltnkiR7jaTWrfs1w6fofCqWSGDG9 da8UaAlvUeMJKnKmTFkuwax98W7gDR4RDgRy6klUQLyQsh4MbElnTzBYJF4goHTc 1A/Hw479B2tU0FW9qawQ156918ikDc8VLFf7ogPrl78UUOtMDn2tRi3xiNwg3MOa 8BH29hglrqa/K1aSvCx3EWLqsZiINrjFs/D/VQECYz1ib5CV8c8jRvNDHWbLrpJg 0DvIEnJ7hgYnTVMZpFZNNTrg6g5+xaL7sgCzWzWNQTtoXm8leb1hA0bm9l6ENnB/ JevAV4akB3XmLm8QBr0a =D3cu -----END PGP SIGNATURE----- --rH9ROPE9adTpUw59f3VtwNKrhax09xiiF--