From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Marcelo Tosatti <mtosatti@redhat.com>,
qemu-devel@nongnu.org, Igor Mammedov <imammedo@redhat.com>
Subject: Re: [PATCH v6 17/19] i386: HV_HYPERCALL_AVAILABLE privilege bit is always needed
Date: Mon, 24 May 2021 14:22:47 +0200 [thread overview]
Message-ID: <878s44723s.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <20210521220637.kg6g7lfvpwasnzez@habkost.net>
Eduardo Habkost <ehabkost@redhat.com> writes:
> On Thu, Apr 22, 2021 at 06:11:28PM +0200, Vitaly Kuznetsov wrote:
>> According to TLFS, Hyper-V guest is supposed to check
>> HV_HYPERCALL_AVAILABLE privilege bit before accessing
>> HV_X64_MSR_GUEST_OS_ID/HV_X64_MSR_HYPERCALL MSRs but at least some
>> Windows versions ignore that. As KVM is very permissive and allows
>> accessing these MSRs unconditionally, no issue is observed. We may,
>> however, want to tighten the checks eventually. Conforming to the
>> spec is probably also a good idea.
>>
>> Add HV_HYPERCALL_AVAILABLE to all 'leaf' features with no dependencies.
>>
>> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
>
> Are all VMs being created with HV_HYPERCALL_AVAILABLE unset,
> today?
>
No, we have HV_HYPERCALL_AVAILABLE encoded in 'hv-relaxed','hv-vapic'
and 'hv-time' features but not
> Wouldn't it be simpler to simply add a new
> HYPERV_FEAT_HYPERCALL_AVAILABLE bit to hyperv_features, and
> enabling it by default?
>
We could do that but as I note above, we already have it for three
features.
> We don't necessarily need to make it configurable by the user,
> but probably it would be a good idea to keep the bit unset by
> default on older machine types. Even if guests don't mind seeing
> the bit changing under their feet, it would make it easier for
> automated test cases that check for unexpected changes in raw
> CPUID data.
I see current situation as a bug. While most likely nobody runs with
a configuration like 'hv-vpindex,hv-synic' it is still valid. And if KVM
was enforcing the features (not yet), Windows would've just crashed in
early boot. Normal configurations will likely always include at least
'hv-time' which has HYPERV_FEAT_HYPERCALL_AVAILABLE enabled.
That being said, I'm not sure we need to maintain 'bug compatibility'
even for older machine types. I'm also not aware of any specific tests
for such 'crazy' configurations out there. The last patch of the series
adds a very simple test to qtest but this is about it.
>
>
>> ---
>> target/i386/kvm/kvm.c | 15 +++++++++------
>> 1 file changed, 9 insertions(+), 6 deletions(-)
>>
>> diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
>> index 2c1a77f9b00f..d81451276cd8 100644
>> --- a/target/i386/kvm/kvm.c
>> +++ b/target/i386/kvm/kvm.c
>> @@ -835,6 +835,8 @@ static struct {
>> [HYPERV_FEAT_CRASH] = {
>> .desc = "crash MSRs (hv-crash)",
>> .flags = {
>> + {.func = HV_CPUID_FEATURES, .reg = R_EAX,
>> + .bits = HV_HYPERCALL_AVAILABLE},
>> {.func = HV_CPUID_FEATURES, .reg = R_EDX,
>> .bits = HV_GUEST_CRASH_MSR_AVAILABLE}
>> }
>> @@ -843,28 +845,28 @@ static struct {
>> .desc = "reset MSR (hv-reset)",
>> .flags = {
>> {.func = HV_CPUID_FEATURES, .reg = R_EAX,
>> - .bits = HV_RESET_AVAILABLE}
>> + .bits = HV_HYPERCALL_AVAILABLE | HV_RESET_AVAILABLE}
>> }
>> },
>> [HYPERV_FEAT_VPINDEX] = {
>> .desc = "VP_INDEX MSR (hv-vpindex)",
>> .flags = {
>> {.func = HV_CPUID_FEATURES, .reg = R_EAX,
>> - .bits = HV_VP_INDEX_AVAILABLE}
>> + .bits = HV_HYPERCALL_AVAILABLE | HV_VP_INDEX_AVAILABLE}
>> }
>> },
>> [HYPERV_FEAT_RUNTIME] = {
>> .desc = "VP_RUNTIME MSR (hv-runtime)",
>> .flags = {
>> {.func = HV_CPUID_FEATURES, .reg = R_EAX,
>> - .bits = HV_VP_RUNTIME_AVAILABLE}
>> + .bits = HV_HYPERCALL_AVAILABLE | HV_VP_RUNTIME_AVAILABLE}
>> }
>> },
>> [HYPERV_FEAT_SYNIC] = {
>> .desc = "synthetic interrupt controller (hv-synic)",
>> .flags = {
>> {.func = HV_CPUID_FEATURES, .reg = R_EAX,
>> - .bits = HV_SYNIC_AVAILABLE}
>> + .bits = HV_HYPERCALL_AVAILABLE | HV_SYNIC_AVAILABLE}
>> }
>> },
>> [HYPERV_FEAT_STIMER] = {
>> @@ -879,7 +881,7 @@ static struct {
>> .desc = "frequency MSRs (hv-frequencies)",
>> .flags = {
>> {.func = HV_CPUID_FEATURES, .reg = R_EAX,
>> - .bits = HV_ACCESS_FREQUENCY_MSRS},
>> + .bits = HV_HYPERCALL_AVAILABLE | HV_ACCESS_FREQUENCY_MSRS},
>> {.func = HV_CPUID_FEATURES, .reg = R_EDX,
>> .bits = HV_FREQUENCY_MSRS_AVAILABLE}
>> }
>> @@ -888,7 +890,8 @@ static struct {
>> .desc = "reenlightenment MSRs (hv-reenlightenment)",
>> .flags = {
>> {.func = HV_CPUID_FEATURES, .reg = R_EAX,
>> - .bits = HV_ACCESS_REENLIGHTENMENTS_CONTROL}
>> + .bits = HV_HYPERCALL_AVAILABLE |
>> + HV_ACCESS_REENLIGHTENMENTS_CONTROL}
>> }
>> },
>> [HYPERV_FEAT_TLBFLUSH] = {
>> --
>> 2.30.2
>>
--
Vitaly
next prev parent reply other threads:[~2021-05-24 12:24 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-22 16:11 [PATCH v6 00/19] i386: KVM: expand Hyper-V features early Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 01/19] i386: keep hyperv_vendor string up-to-date Vitaly Kuznetsov
2021-04-30 23:07 ` Eduardo Habkost
2021-06-02 11:41 ` Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 02/19] i386: invert hyperv_spinlock_attempts setting logic with hv_passthrough Vitaly Kuznetsov
2021-04-30 23:09 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 03/19] i386: always fill Hyper-V CPUID feature leaves from X86CPU data Vitaly Kuznetsov
2021-04-30 23:15 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 04/19] i386: stop using env->features[] for filling Hyper-V CPUIDs Vitaly Kuznetsov
2021-05-01 0:34 ` Eduardo Habkost
2021-05-20 19:49 ` Eduardo Habkost
2021-05-21 7:54 ` Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 05/19] i386: introduce hyperv_feature_supported() Vitaly Kuznetsov
2021-05-20 19:53 ` Eduardo Habkost
2021-05-21 7:57 ` Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 06/19] i386: introduce hv_cpuid_get_host() Vitaly Kuznetsov
2021-05-20 20:01 ` Eduardo Habkost
2021-05-21 7:57 ` Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 07/19] i386: drop FEAT_HYPERV feature leaves Vitaly Kuznetsov
2021-05-20 20:13 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 08/19] i386: introduce hv_cpuid_cache Vitaly Kuznetsov
2021-05-20 20:16 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 09/19] i386: split hyperv_handle_properties() into hyperv_expand_features()/hyperv_fill_cpuids() Vitaly Kuznetsov
2021-05-20 21:34 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 10/19] i386: move eVMCS enablement to hyperv_init_vcpu() Vitaly Kuznetsov
2021-05-21 21:20 ` Eduardo Habkost
2021-05-24 12:00 ` Vitaly Kuznetsov
2021-05-26 16:35 ` Eduardo Habkost
2021-05-27 7:27 ` Vitaly Kuznetsov
2021-05-27 19:16 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 11/19] i386: switch hyperv_expand_features() to using error_setg() Vitaly Kuznetsov
2021-05-21 21:37 ` Eduardo Habkost
2021-05-24 12:05 ` Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 12/19] i386: adjust the expected KVM_GET_SUPPORTED_HV_CPUID array size Vitaly Kuznetsov
2021-05-21 21:37 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 13/19] i386: prefer system KVM_GET_SUPPORTED_HV_CPUID ioctl over vCPU's one Vitaly Kuznetsov
2021-05-21 21:42 ` Eduardo Habkost
2021-05-24 12:08 ` Vitaly Kuznetsov
2021-05-26 16:46 ` Eduardo Habkost
2021-05-26 16:56 ` Daniel P. Berrangé
2021-04-22 16:11 ` [PATCH v6 14/19] i386: use global kvm_state in hyperv_enabled() check Vitaly Kuznetsov
2021-05-21 21:42 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 15/19] i386: expand Hyper-V features during CPU feature expansion time Vitaly Kuznetsov
2021-05-21 21:45 ` Eduardo Habkost
2021-05-24 12:13 ` Vitaly Kuznetsov
2021-05-26 16:57 ` Eduardo Habkost
2021-05-27 7:29 ` Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 16/19] i386: kill off hv_cpuid_check_and_set() Vitaly Kuznetsov
2021-05-21 21:56 ` Eduardo Habkost
2021-05-24 12:13 ` Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 17/19] i386: HV_HYPERCALL_AVAILABLE privilege bit is always needed Vitaly Kuznetsov
2021-05-21 22:06 ` Eduardo Habkost
2021-05-24 12:22 ` Vitaly Kuznetsov [this message]
2021-05-26 17:05 ` Eduardo Habkost
2021-05-27 7:37 ` Vitaly Kuznetsov
2021-05-27 19:34 ` Eduardo Habkost
2021-04-22 16:11 ` [PATCH v6 18/19] i386: Hyper-V SynIC requires POST_MESSAGES/SIGNAL_EVENTS priviliges Vitaly Kuznetsov
2021-04-22 16:11 ` [PATCH v6 19/19] qtest/hyperv: Introduce a simple hyper-v test Vitaly Kuznetsov
2021-05-26 20:20 ` [PATCH v6 00/19] i386: KVM: expand Hyper-V features early Eduardo Habkost
2021-05-27 7:39 ` Vitaly Kuznetsov
2021-05-27 19:35 ` Eduardo Habkost
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878s44723s.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=ehabkost@redhat.com \
--cc=imammedo@redhat.com \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.