Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp2787553ybl;
        Mon, 20 Jan 2020 09:19:22 -0800 (PST)
X-Google-Smtp-Source: APXvYqyu15x+yzaTugg33k/CKKyo+Yxvn6KyiDMMe5ufjg+EX1d0XDjUrbsyl/GN76DxhNXrfiuk
X-Received: by 2002:a05:6830:2141:: with SMTP id r1mr378015otd.39.1579540762618;
        Mon, 20 Jan 2020 09:19:22 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579540762; cv=none;
        d=google.com; s=arc-20160816;
        b=XBeVV4iV3EagvxRWKy09BbTJqj6WA/pDF9Sx09GtpVJZA2Ta5buru50oXfqm6qa7JY
         Ls3ft+LRGukV5iAYFCqESruv1OIYjiHdsXM1KriMyrBXWHSeWMOfI3WYUY4PSyGG77a3
         b1yn0AKgGn1zmw2jJlIlSiP34IoYxu2mMjZ/tPz29+Ke0yYLKqXUpHanebiqbumyf8ZK
         t+Z1FK+9s71+fQ6JBqnJ6jrCrm2niCgsEkGL71Rivym+kJrnPkzVmJI4Ytv8nH0z3mf3
         Cpi7cccrJMGJWBLcuPqn6arZlkJ+RjZL4mLulOCJnEXBWBglJPZ+ncaPj0LKKZbqSiJ3
         /b5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version:dkim-signature;
        bh=LCQ5bPAGIkg/GqnXK6log4muedwz0XwjY4OpzWodpiw=;
        b=hGahrp/80133l9WVDmiQcB9YKmZHZGLtgDnTKi6JsQWt0PX11e+d2f0WGByCMFZI4G
         tsUpIAKweVHsk8rTFxmRZQKxSnmZnrrfgX6dHNHFkuYZ5D7H3LXSz+TfH+hqtvLTP19+
         S6HtGMhCEvznIUZXUTFdHmeF5jCExUUN8Cw2VJKZNrV4Eq+rFCLkbjRXpg6BOGqval57
         e3x/1zIg8YnvU+k8NFi722b+zN/IjUU8ZmcRGefrO4c/xyTOx0EsUGSK5Ry0w7eB3nqK
         XZ3uLMe/2BorcCIv6eOn/RgBusAppUU/xa7CLmRG0KO1SXpVghYeUEUOecLO/+sYNsgy
         ZWLA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2019-08-05 header.b=WxiJPe9Z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 38si21429786otj.136.2020.01.20.09.19.08;
        Mon, 20 Jan 2020 09:19:22 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@oracle.com header.s=corp-2019-08-05 header.b=WxiJPe9Z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727065AbgATRQr (ORCPT <rfc822;lans.zhang2008@gmail.com>
        + 99 others); Mon, 20 Jan 2020 12:16:47 -0500
Received: from aserp2120.oracle.com ([141.146.126.78]:54596 "EHLO
        aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726642AbgATRQr (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 20 Jan 2020 12:16:47 -0500
Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1])
        by aserp2120.oracle.com (8.16.0.27/8.16.0.27) with SMTP id 00KHDgJT190805;
        Mon, 20 Jan 2020 17:16:42 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=content-type :
 mime-version : subject : from : in-reply-to : date : cc :
 content-transfer-encoding : message-id : references : to;
 s=corp-2019-08-05; bh=LCQ5bPAGIkg/GqnXK6log4muedwz0XwjY4OpzWodpiw=;
 b=WxiJPe9ZPQv9qIUoARsSFzPY8yccoA9sc9XkISkEGZkPQ6K+1qdaGkH3rYcKeceNCU6Q
 dCLzrxANBo7gmTm/hjliEdtoIanls1Qp+62rfDW8d5Pw5/zybtPQe/I3i4IgfCkTeGPU
 Izt/X0yrnTrQJ7bTydPnS8zvaUsgQOMGLiAyuD0vsqRUet3SLcbl2ktNun6L6bV59KqC
 LxJuNYeU4oKO8KMNdcUXXuLR5H4GyZFCa8I1IiIvN1h1EpktDW8MMaKt4+eRxfbtNm3E
 HCcIJ8WuF6XubZQ2Jp32Gn6oZsQtRSCzV4TExF56rKp45aYBh4x0oLUjMpglPCOXSU/z Cw== 
Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79])
        by aserp2120.oracle.com with ESMTP id 2xksyq0ks7-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Mon, 20 Jan 2020 17:16:42 +0000
Received: from pps.filterd (userp3020.oracle.com [127.0.0.1])
        by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id 00KHEFu7023649;
        Mon, 20 Jan 2020 17:16:41 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236])
        by userp3020.oracle.com with ESMTP id 2xmc5ky5yh-1
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Mon, 20 Jan 2020 17:16:41 +0000
Received: from abhmp0006.oracle.com (abhmp0006.oracle.com [141.146.116.12])
        by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id 00KHGe7B024006;
        Mon, 20 Jan 2020 17:16:40 GMT
Received: from [10.74.126.30] (/10.74.126.30)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Mon, 20 Jan 2020 09:16:39 -0800
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.1 \(3445.4.7\))
Subject: Re: [RFC] Revert "kvm: nVMX: Restrict VMX capability MSR changes"
From:   Liran Alon <liran.alon@oracle.com>
In-Reply-To: <30525d58-10de-abb4-8dad-228da766ff82@redhat.com>
Date:   Mon, 20 Jan 2020 19:16:34 +0200
Cc:     Vitaly Kuznetsov <vkuznets@redhat.com>,
        Jim Mattson <jmattson@google.com>,
        Sean Christopherson <sean.j.christopherson@intel.com>,
        kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 7bit
Message-Id: <232F8FDD-D53E-4FA4-95A5-8BC06BCB6685@oracle.com>
References: <20200120151141.227254-1-vkuznets@redhat.com>
 <30525d58-10de-abb4-8dad-228da766ff82@redhat.com>
To:     Paolo Bonzini <pbonzini@redhat.com>
X-Mailer: Apple Mail (2.3445.4.7)
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9506 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0
 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=871
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1911140001 definitions=main-2001200145
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9506 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0
 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015
 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=932 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1911140001
 definitions=main-2001200145
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> On 20 Jan 2020, at 17:41, Paolo Bonzini <pbonzini@redhat.com> wrote:
> 
> On 20/01/20 16:11, Vitaly Kuznetsov wrote:
>> 
>> RFC. I think the check for vmx->nested.vmxon is legitimate for everything
>> but restore so removing it (what I do with the revert) is likely a no-go.
>> I'd like to gather opinions on the proper fix: should we somehow check
>> that the vCPU is in 'restore' start (has never being run) and make
>> KVM_SET_MSRS pass or should we actually mandate that KVM_SET_NESTED_STATE
>> is run after KVM_SET_MSRS by userspace?
>> 
>> Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> 
> I think this should be fixed in QEMU, by doing KVM_SET_MSRS for feature
> MSRs way earlier.  

I agree.

> I'll do it since I'm currently working on a patch to
> add a KVM_SET_MSR for the microcode revision.

Please Cc me.

Thanks,
-Liran