Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp6723694ybl;
        Wed, 15 Jan 2020 09:11:45 -0800 (PST)
X-Google-Smtp-Source: APXvYqzEKW7/+NSjCcr3sWr7g8zphEf26Fmnd2Lgh90xic9u6ACW8NfZHzld8OPDYAxxJejq02aa
X-Received: by 2002:aca:cdd5:: with SMTP id d204mr665352oig.134.1579108305065;
        Wed, 15 Jan 2020 09:11:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579108305; cv=none;
        d=google.com; s=arc-20160816;
        b=hUHMuhYKC76uuq7H2dvSVViPbEhK84dRbrP/N7fDyeph0NDssDpaWyQbp8QW85FFY0
         sge4WefscUqR6wRvQ5U/T9nb6MWPZj2wG9Py87QQBtzuw8ABTeTZIg8FCWI1/DD32dIM
         MAzJGAX2NBnqYNU314K1sDOz4MaUiVmgO5Fr7L5bdGC/qCPYZlIbvwStpBYcQs377cqA
         72G6VV1+9dRKBfvjZ1Mr326x0kTsfl/jg0qXfaNqnWLDb50zN+4DbAp24zmOjmTzOv1l
         laESJP1S2y3ytEYC+y3Q2UekAT8rraq4BZ/6JtIW45gIGCs+tBHIpo38sSNF7XU8EfET
         rXWg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature;
        bh=oh8syvO3W6gUaj5dvdzY+X7LicIsoPtaC11FOH1zRXg=;
        b=zrEKGx+yJHhGwUD8HUif1rUTebPFZHjsLHLr8uOTR631XNWox08MxEArur9rdFQ8ea
         HeHVCMhKoLvD4fLkMmT0oxG5lPf5b3A/K1VMRZ3WL/EnZ081IfUpm1y+HNhj5YboeYPA
         ZbAPpxOupcFVyH132Da04lKuZ72KQz2ZZx7OOwXr6LzkaY85NCC+fhziTkXMTia6ilYa
         NQiL0qDtXuwJ8neGtd6GQ2jSJijN9EvJp5QVwdwHPQrNbNwNYR61vu9LzQSCfzu8SW5k
         1HQF7Hav6rvKCQlWCKUEN5693l1O9xFkZrc7b7fkhm2XB+9rom/VlFrAxh86BAgVCEPc
         h1/g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MV03FqL2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r13si363583ota.140.2020.01.15.09.11.32;
        Wed, 15 Jan 2020 09:11:45 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=MV03FqL2;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729148AbgAORK1 (ORCPT <rfc822;gklkml16@gmail.com> + 99 others);
        Wed, 15 Jan 2020 12:10:27 -0500
Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:36958 "EHLO
        us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1728998AbgAORKY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 15 Jan 2020 12:10:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
        s=mimecast20190719; t=1579108223;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:
         content-transfer-encoding:content-transfer-encoding;
        bh=oh8syvO3W6gUaj5dvdzY+X7LicIsoPtaC11FOH1zRXg=;
        b=MV03FqL2S9SPquadi0qA/KKu43ahwCdDHUURU24ujMtcXSoZ10ypeN/RSqAaQVrLxlJdIb
        XUMuvDkojhoYXa9n0R6Sju4COA7BuEu3QAXYN4oRyN93365hQko1jmQS9ObrjV8f3i1A6l
        9QWvHp4NvKkyAf8OpDfutd+5UNCAhNk=
Received: from mail-wr1-f71.google.com (mail-wr1-f71.google.com
 [209.85.221.71]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-192--q0OPdngOuKiIy7x-IZOQQ-1; Wed, 15 Jan 2020 12:10:17 -0500
X-MC-Unique: -q0OPdngOuKiIy7x-IZOQQ-1
Received: by mail-wr1-f71.google.com with SMTP id j4so8212907wrs.13
        for <linux-kernel@vger.kernel.org>; Wed, 15 Jan 2020 09:10:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=oh8syvO3W6gUaj5dvdzY+X7LicIsoPtaC11FOH1zRXg=;
        b=MgpxmNPM/X/TDX7/3gsgoXlX8UjRoty5lXWerzKtcMpHo5az0Q0F1dIpeZ3OJKOuWM
         gbuTKjv6wc1uovGLyHYP0WFOTi2EGQh26m6gECDQRJdNpBTcaf8V3IHG9glO+KDpeQEx
         3pFf3lhZJ4EOxc8+6JkJCi0azMy1QrDGcn8VnRxUGWfoFUCWWrY5lAOuT8zO2bx+tIjJ
         R0QcLPQRUFGnDEfPVZqdbFHuP8YdIdCoqDPQg3TTrEcIOKhs+OH/HzIPbf23lnEiOW2h
         TliCmDj2dovgmBpo8PF1zuKXpe/O0k5delHhf/XyOI+o8BtkINl/06b8oBf4mIEsRpt6
         6zDg==
X-Gm-Message-State: APjAAAVySB/iRbRRE5ClDzZEuLIp21k6pnVazyTc2iyh/qW7kJDE+DZr
        Hirp/SPx0nWfm1S8ENvOM6JZLae0PtNbhU6kxrOTHrlAk/1LsoSambqdrSj3C6WAxIv56QzFei/
        AAR6HEY5LOywsukMFP2rtrhW0
X-Received: by 2002:a05:600c:54b:: with SMTP id k11mr868448wmc.63.1579108216782;
        Wed, 15 Jan 2020 09:10:16 -0800 (PST)
X-Received: by 2002:a05:600c:54b:: with SMTP id k11mr868433wmc.63.1579108216524;
        Wed, 15 Jan 2020 09:10:16 -0800 (PST)
Received: from vitty.brq.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10])
        by smtp.gmail.com with ESMTPSA id y20sm525071wmi.25.2020.01.15.09.10.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 15 Jan 2020 09:10:15 -0800 (PST)
From:   Vitaly Kuznetsov <vkuznets@redhat.com>
To:     kvm@vger.kernel.org
Cc:     Paolo Bonzini <pbonzini@redhat.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        Jim Mattson <jmattson@google.com>,
        linux-kernel@vger.kernel.org, Liran Alon <liran.alon@oracle.com>,
        Roman Kagan <rkagan@virtuozzo.com>
Subject: [PATCH RFC 0/3] x86/kvm/hyper-v: fix enlightened VMCS & QEMU4.2
Date:   Wed, 15 Jan 2020 18:10:11 +0100
Message-Id: <20200115171014.56405-1-vkuznets@redhat.com>
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

With fine grained VMX feature enablement QEMU>=4.2 tries to do KVM_SET_MSRS
with default (matching CPU model) values and in case eVMCS is also enabled,
fails. While the regression is in QEMU, it may still be preferable to
fix this in KVM.

It would be great if we could just omit the VMX feature filtering in KVM
and make this guest's responsibility: if it switches to using enlightened
vmcs it should be aware that not all hardware features are going to be
supported. Genuine Hyper-V, however, fails the test. In particular, it
enables SECONDARY_EXEC_VIRTUALIZE_APIC_ACCESSES and without
'apic_access_addr' field in eVMCS there's not much we can do in KVM.

The suggested approach in this patch series is: move VMX feature
filtering to vmx_get_msr() so only guest doesn't see them when eVMCS
is enabled (PATCH2) and add a check that it doesn't enable them
(PATCH3).

I can't say that I'm a great fan of this workaround myself, thus RFC.

My initial RFC sent to qemu-devel@:
https://lists.nongnu.org/archive/html/qemu-devel/2020-01/msg00123.html

Vitaly Kuznetsov (3):
  x86/kvm/hyper-v: remove stale evmcs_already_enabled check from
    nested_enable_evmcs()
  x86/kvm/hyper-v: move VMX controls sanitization out of
    nested_enable_evmcs()
  x86/kvm/hyper-v: don't allow to turn on unsupported VMX controls for
    nested guests

 arch/x86/kvm/vmx/evmcs.c  | 99 ++++++++++++++++++++++++++++++++++-----
 arch/x86/kvm/vmx/evmcs.h  |  2 +
 arch/x86/kvm/vmx/nested.c |  3 ++
 arch/x86/kvm/vmx/vmx.c    | 10 +++-
 4 files changed, 100 insertions(+), 14 deletions(-)

-- 
2.24.1