KVM Archive on lore.kernel.org
 help / color / Atom feed
From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: kvm@vger.kernel.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <sean.j.christopherson@intel.com>,
	Jim Mattson <jmattson@google.com>,
	linux-kernel@vger.kernel.org, Liran Alon <liran.alon@oracle.com>,
	Roman Kagan <rkagan@virtuozzo.com>
Subject: [PATCH RFC 0/3] x86/kvm/hyper-v: fix enlightened VMCS & QEMU4.2
Date: Wed, 15 Jan 2020 18:10:11 +0100
Message-ID: <20200115171014.56405-1-vkuznets@redhat.com> (raw)

With fine grained VMX feature enablement QEMU>=4.2 tries to do KVM_SET_MSRS
with default (matching CPU model) values and in case eVMCS is also enabled,
fails. While the regression is in QEMU, it may still be preferable to
fix this in KVM.

It would be great if we could just omit the VMX feature filtering in KVM
and make this guest's responsibility: if it switches to using enlightened
vmcs it should be aware that not all hardware features are going to be
supported. Genuine Hyper-V, however, fails the test. In particular, it
enables SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES and without
'apic_access_addr' field in eVMCS there's not much we can do in KVM.

The suggested approach in this patch series is: move VMX feature
filtering to vmx_get_msr() so only guest doesn't see them when eVMCS
is enabled (PATCH2) and add a check that it doesn't enable them
(PATCH3).

I can't say that I'm a great fan of this workaround myself, thus RFC.

My initial RFC sent to qemu-devel@:
https://lists.nongnu.org/archive/html/qemu-devel/2020-01/msg00123.html

Vitaly Kuznetsov (3):
  x86/kvm/hyper-v: remove stale evmcs_already_enabled check from
    nested_enable_evmcs()
  x86/kvm/hyper-v: move VMX controls sanitization out of
    nested_enable_evmcs()
  x86/kvm/hyper-v: don't allow to turn on unsupported VMX controls for
    nested guests

 arch/x86/kvm/vmx/evmcs.c  | 99 ++++++++++++++++++++++++++++++++++-----
 arch/x86/kvm/vmx/evmcs.h  |  2 +
 arch/x86/kvm/vmx/nested.c |  3 ++
 arch/x86/kvm/vmx/vmx.c    | 10 +++-
 4 files changed, 100 insertions(+), 14 deletions(-)

-- 
2.24.1


             reply index

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-15 17:10 Vitaly Kuznetsov [this message]
2020-01-15 17:10 ` [PATCH RFC 1/3] x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() Vitaly Kuznetsov
2020-01-15 22:50   ` Liran Alon
2020-01-15 17:10 ` [PATCH RFC 2/3] x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() Vitaly Kuznetsov
2020-01-15 22:49   ` Liran Alon
2020-01-16  8:37     ` Vitaly Kuznetsov
2020-02-03 15:11       ` Vitaly Kuznetsov
2020-01-15 23:27   ` Sean Christopherson
2020-01-15 23:30     ` Liran Alon
2020-01-16  8:51       ` Vitaly Kuznetsov
2020-01-16 16:19         ` Sean Christopherson
2020-01-16 16:57           ` Vitaly Kuznetsov
2020-01-17  6:31             ` Sean Christopherson
2020-01-18 21:42           ` Paolo Bonzini
2020-01-19  8:54   ` Paolo Bonzini
2020-01-22  5:47     ` Sean Christopherson
2020-01-22  9:37       ` Vitaly Kuznetsov
2020-01-22 14:33       ` Paolo Bonzini
2020-01-22 15:08         ` Vitaly Kuznetsov
2020-01-22 15:51           ` Sean Christopherson
2020-01-22 16:29             ` Vitaly Kuznetsov
2020-01-22 16:40               ` Paolo Bonzini
2020-01-23  9:15                 ` Vitaly Kuznetsov
2020-01-23 19:09                   ` Vitaly Kuznetsov
2020-01-24 17:25                     ` Sean Christopherson
2020-01-27 15:38                       ` Vitaly Kuznetsov
2020-01-27 17:53                         ` Paolo Bonzini
2020-01-27 21:52                           ` Vitaly Kuznetsov
2020-01-27 18:17                         ` Sean Christopherson
2020-01-15 17:10 ` [PATCH RFC 3/3] x86/kvm/hyper-v: don't allow to turn on unsupported VMX controls for nested guests Vitaly Kuznetsov
2020-01-15 22:59   ` Liran Alon
2020-01-16  8:55     ` Vitaly Kuznetsov
2020-01-16 16:21       ` Sean Christopherson
2020-01-19  8:57         ` Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200115171014.56405-1-vkuznets@redhat.com \
    --to=vkuznets@redhat.com \
    --cc=jmattson@google.com \
    --cc=kvm@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=liran.alon@oracle.com \
    --cc=pbonzini@redhat.com \
    --cc=rkagan@virtuozzo.com \
    --cc=sean.j.christopherson@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

KVM Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/kvm/0 kvm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 kvm kvm/ https://lore.kernel.org/kvm \
		kvm@vger.kernel.org
	public-inbox-index kvm

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.kvm


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git