From: Sean Christopherson <seanjc@google.com>
To: "Denis V. Lunev" <den@virtuozzo.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Andrey Zhadchenko <andrey.zhadchenko@virtuozzo.com>,
zhao1.liu@intel.com, mtosatti@redhat.com, qemu-devel@nongnu.org,
kvm@vger.kernel.org, andrey.drobyshev@virtuozzo.com
Subject: Re: [PATCH] target/i386: KVM: add hack for Windows vCPU hotplug with SGX
Date: Mon, 9 Jun 2025 09:39:37 -0700 [thread overview]
Message-ID: <aEcOSd-KBjOW61Rt@google.com> (raw)
In-Reply-To: <4f19c78f-a843-49c9-8d19-f1dc1e2c4468@virtuozzo.com>
On Mon, Jun 09, 2025, Denis V. Lunev wrote:
> On 6/9/25 18:12, Paolo Bonzini wrote:
> > On 6/9/25 15:23, Andrey Zhadchenko wrote:
> > > When hotplugging vCPUs to the Windows vms, we observed strange instance
> > > crash on Intel(R) Xeon(R) CPU E3-1230 v6:
> > > panic hyper-v: arg1='0x3e', arg2='0x46d359bbdff',
> > > arg3='0x56d359bbdff', arg4='0x0', arg5='0x0'
> > >
> > > Presumably, Windows thinks that hotplugged CPU is not "equivalent
> > > enough"
> > > to the previous ones. The problem lies within msr 3a. During the
> > > startup,
> > > Windows assigns some value to this register. During the hotplug it
> > > expects similar value on the new vCPU in msr 3a. But by default it
> > > is zero.
> >
> > If I understand correctly, you checked that it's Windows that writes
> > 0x40005 to the MSR on non-hotplugged CPUs.
...
> > > Bit #18 probably means that Intel SGX is supported, because disabling
> > > it via CPU arguments results is successfull hotplug (and msr value 0x5).
> >
> > What is the trace like in this case? Does Windows "accept" 0x0 and
> > write 0x5?
> >
> > Does anything in edk2 run during the hotplug process (on real hardware
> > it does, because the whole hotplug is managed via SMM)? If so maybe that
> > could be a better place to write the value.
Yeah, I would expect firmware to write and lock IA32_FEATURE_CONTROL.
> > So many questions, but I'd really prefer to avoid this hack if the only
> > reason for it is SGX...
Does your setup actually support SGX? I.e. expose EPC sections to the guest?
If not, can't you simply disable SGX in CPUID?
> Linux by itself handles this well and assigns MSRs properly (we observe
> corresponding set_msr on the hotplugged CPU).
Linux is much more tolerant of oddities, and quite a bit of effort went into
making sure that IA32_FEATURE_CONTROL was initialized if firmware left it unlocked.
next prev parent reply other threads:[~2025-06-09 16:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-09 13:23 [PATCH] target/i386: KVM: add hack for Windows vCPU hotplug with SGX Andrey Zhadchenko
2025-06-09 16:12 ` Paolo Bonzini
2025-06-09 16:26 ` Denis V. Lunev
2025-06-09 16:39 ` Sean Christopherson [this message]
2025-06-09 17:54 ` Andrey Zhadchenko
2025-06-09 18:25 ` Sean Christopherson
2025-06-12 12:23 ` Andrey Zhadchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aEcOSd-KBjOW61Rt@google.com \
--to=seanjc@google.com \
--cc=andrey.drobyshev@virtuozzo.com \
--cc=andrey.zhadchenko@virtuozzo.com \
--cc=den@virtuozzo.com \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zhao1.liu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).