Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp653666ybf; Sat, 29 Feb 2020 12:18:29 -0800 (PST) X-Google-Smtp-Source: APXvYqxhhZwslM153zltclirn+hroUgttmZD7ANt6gd0jLHbl0NhN/94b/sCS1ndJj4MOtJrnw5k X-Received: by 2002:a05:6830:22c1:: with SMTP id q1mr1740402otc.370.1583007508977; Sat, 29 Feb 2020 12:18:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583007508; cv=none; d=google.com; s=arc-20160816; b=jpvg5muFjODuQmaSHv1RmbZRn61LssFjWQxBY53LOY8RfAnfm4p2tAjK6VQ+FDyNuo 9z3EOPQF3EHuqBAQkyW3smW404vm80AR+iuaXLVkbnhiE/IStbZGwzl8Q+2xHBEA8cpX 2lM+HsQtt4LqFbdZItyHjwuziAFBN/0O3dX+NTbsSkxvckwfJBAOjhbYJNGRc66Pp2NP wgp0BYax8K6x/vbNDVXqWoOCsiopZ96Vxsj2uEpV+BaKFRcQpIDT0WKnfYg6E4E9xFEL 4D8rDlkcbhNtzhWi/7MukmxrEkUnxBrnEs51TJQp7U3C+P9naO5HQJLtsb9W799bGd5a EO/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=wmpPmvsEIyrnQOguFJJRRPmk+nI9F2PZon3IZMblz1w=; b=M6gwELbExbTsYDk3W43wLBf9tIuMRZ1sWiw1DojMxSrNZIFktpm0ZohICQdpFouvYo 69kyuB4G/CQyZXb1GNQbhKGiXMQTa6yHFpt9O/Jn8OVmQHirEsrnLFJ6U37vkWFP/mwA qGhIc8pYJnODIiMM1GUBsuUf2f8n6Qoev75oviMF+MCPztPvUjE5pVdotMTmSENkhyet BoTmIbd0wHA0dIqPDrVlCdTrm5m6V9I2SI+2szQ/BbR6vE/PHjylWOZVuAZ22fYL+bm5 z+VgHaOgqNVpwdKoQLRB5dOH27luvnXYuwvnu1l6J5TRIXGAXADSxMjkiph7ZF2oO0dM mXcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wLO3hacN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c10si3534106otn.266.2020.02.29.12.18.17; Sat, 29 Feb 2020 12:18:28 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=wLO3hacN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727515AbgB2URu (ORCPT + 99 others); Sat, 29 Feb 2020 15:17:50 -0500 Received: from mail-io1-f67.google.com ([209.85.166.67]:39748 "EHLO mail-io1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727170AbgB2URt (ORCPT ); Sat, 29 Feb 2020 15:17:49 -0500 Received: by mail-io1-f67.google.com with SMTP id h3so7370001ioj.6 for ; Sat, 29 Feb 2020 12:17:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wmpPmvsEIyrnQOguFJJRRPmk+nI9F2PZon3IZMblz1w=; b=wLO3hacNd3AO+uNA1CnNg95qpWPAeIVIN8j5Qi8kcMlj0w/64vVB58E2UUwauDE13S JWxSJf2cO+VtN1eX5PUa75e2ImrKlI9yfywbApSzce7XacU7yCTNVimHDh+2c/j4Isr8 bcaQsNDcIluValQQMdy8PtzZqMzrCKRIT7c2B8YfrBK5SrWi4dFUgKjLc9t0jrjuxxzU y6GdV19Fg9H1Vuq71UeKMoFiX8RhHj/Ge+CF9GCNJVanHzRV7JvXYTyfrmHopclIEf+t 16gm3SPcyONEDIECix611Gguwbr9/B6LX+HvcU/Wa0ZwVnu8uj1G1R+TdzZ16t8fSi+I ZWaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wmpPmvsEIyrnQOguFJJRRPmk+nI9F2PZon3IZMblz1w=; b=bnZiIYtAX/QtgwycDOTSBHyLKRZfLBoez3lIPMcRcyZTQVAom1dUjZ+FguMkA7xsHQ moSvnrQtqTptF0zNZ5TfQq1EG7AU8mPq3Xfy3mX1rtRuihBfiraaBQJZG6F72mKWKZF4 4xzx6TgQCJ5rXGG73/04+GxUlCx2+YiefxOD7Lk9s6UJUWv8rT23jgo3q24lumginzQI vpy4nXa/SGJmQTq4ozgQQr0acSVfpnQbAYlV31EEAUZ3O31Uvl7yIIxugs6yACz1ClbZ 6gcO4us0HChzKHhpxMZytSwrq07Pajs2Rt1JggPXjALEQzc3SaWxAFQNWSBwFpUpTWdh jLpQ== X-Gm-Message-State: APjAAAVhZ9nOuxCsg0z4OcAxXwRXix6ifBaiTG6EfcbArgQZkGyeb/FU FfuPLADg4zeN6sNNLsyMI93WsLy2+LcLfBMzRswYwQ== X-Received: by 2002:a02:cc58:: with SMTP id i24mr8110735jaq.24.1583007468804; Sat, 29 Feb 2020 12:17:48 -0800 (PST) MIME-Version: 1.0 References: <1582570596-45387-1-git-send-email-pbonzini@redhat.com> <1582570596-45387-2-git-send-email-pbonzini@redhat.com> <41d80479-7dbc-d912-ff0e-acd48746de0f@web.de> In-Reply-To: From: Jim Mattson Date: Sat, 29 Feb 2020 12:17:37 -0800 Message-ID: Subject: Re: [FYI PATCH 1/3] KVM: nVMX: Don't emulate instructions in guest mode To: Jan Kiszka Cc: Oliver Upton , Paolo Bonzini , Linux Kernel Mailing List , kvm list , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since UMIP emulation is broken, I'm not sure why anyone would use it. (Sorry, Paolo.) On Sat, Feb 29, 2020 at 11:21 AM Jan Kiszka wrote: > > On 29.02.20 20:00, Jim Mattson wrote: > > On Sat, Feb 29, 2020 at 10:33 AM Oliver Upton wrote: > >> > >> Hi Jan, > >> > >> On Sat, Feb 29, 2020 at 10:00 AM Jan Kiszka wrote: > >>> Is this expected to cause regressions on less common workloads? > >>> Jailhouse as L1 now fails when Linux as L2 tries to boot a CPU: L2-Linux > >>> gets a triple fault on load_current_idt() in start_secondary(). Only > >>> bisected so far, didn't debug further. > >> > >> I'm guessing that Jailhouse doesn't use 'descriptor table exiting', so > >> when KVM gets the corresponding exit from L2 the emulation burden is > >> on L0. We now refuse the emulation, which kicks a #UD back to L2. I > >> can get a patch out quickly to address this case (like the PIO exiting > >> one that came in this series) but the eventual solution is to map > >> emulator intercept checks into VM-exits + call into the > >> nested_vmx_exit_reflected() plumbing. > > > > If Jailhouse doesn't use descriptor table exiting, why is L0 > > intercepting descriptor table instructions? Is this just so that L0 > > can partially emulate UMIP on hardware that doesn't support it? > > > > That seems to be the case: My host lacks umip, L1 has it. So, KVM is > intercepting descriptor table load instructions to emulate umip. > Jailhouse never activates that interception. > > Jan