Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp764795pxp; Fri, 11 Mar 2022 14:31:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJwmOJzkYNPSkyEPfbnAVucepDjKf+cRH9m7n5obGCsg8GLcOk0n+G3Ib2wvk8YW/FlN4L3m X-Received: by 2002:a05:6a00:989:b0:4f6:f12a:e2ab with SMTP id u9-20020a056a00098900b004f6f12ae2abmr12318579pfg.34.1647037878169; Fri, 11 Mar 2022 14:31:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1647037878; cv=none; d=google.com; s=arc-20160816; b=rIoxks4Fy+CIYTOelZXEKTR2TSmHNUJ0tWWk4hr3z1d5N/fuyuyN/vxjif0qXUmWno YtpzoDrFUHt5LbfncBEV6MuY0vk2Ii3zIS6VFspMj45OJJjELgIHHFPbBg7XQNpV9X+u Mg+1TLr0fTKCOfoEgpls64OGkHlpnEOlAJgRXeOOxu36hQ1NpVKiQEFwfO6NsugpfJF/ kxEKYeF4m6I/1DrDKK7IOH2cp0t0ZFpu7v6tggeyw4y5ChRKzJXH8Y3b5WxJSoPTUQGQ SkuTYAq2ncupl0qWrfdROXDDJ/eY11kFtlJFJ4oLHVjzeKBYAUGwGwvO5Q9Ud7Sv2L0V Aadg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=VuuZr/4c1UPKQEo4uOczu6/ksfM6S6wo/JNy4TAGNVk=; b=eWi47AITPGcaMxQHS55xianY7axQtvewJQDig+HDV8n5U7+BZYc1GaxwwJ82TaXJ90 nLSQ8WOqxF/b9IFUeqnq4wb0Qt8gZZFkeNy87i9YTT6MPFNMf0y/jFVj8dzAqrzYSEoR DPgq7kCLEEP+WJT/eVvugQ7vgqE8HZqmLoiv7+AA/DtFKDt+QCybsvbZdYjaKZ9MxHPO Fss3RAAduf2ZFMYaocn+PFaU8EVa5/8Ir3nzjXYzOq3uETm9R2LHc1Z94eyoLsRxiqbZ RK7ivkdwZiNKntdqHn+BXlmIfbLmZHEGYxAkYMzXVaSY1RaqMsiq2Fy3GSGgS3fn87AU yX0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UcivEOlB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id i10-20020a17090adc0a00b001bfc572d5b1si6990840pjv.38.2022.03.11.14.31.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Mar 2022 14:31:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=UcivEOlB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 5F93C196D55; Fri, 11 Mar 2022 13:37:02 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233230AbiCKE2G (ORCPT + 99 others); Thu, 10 Mar 2022 23:28:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46446 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236938AbiCKE2F (ORCPT ); Thu, 10 Mar 2022 23:28:05 -0500 Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F04D11A41C4 for ; Thu, 10 Mar 2022 20:27:02 -0800 (PST) Received: by mail-pg1-x530.google.com with SMTP id q19so6486844pgm.6 for ; Thu, 10 Mar 2022 20:27:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=VuuZr/4c1UPKQEo4uOczu6/ksfM6S6wo/JNy4TAGNVk=; b=UcivEOlB+uVR0KkOqADnu9jEIZf4COjV9eay8wpm68/HcpbolfpyHGoOTT+ewk5G63 zLfqdJpJAywpEkrHOvUIk/gP5eJt3cQS7NN5TcL1ILU4x65mqrubJRoH9+UDkywx71uG SrPeV/+GEosd4nBp4fTXkcxxyYv6ZvoPVeCJkyfBCZS4nBo5vp2K1FdhXWaTc/wUO0QR RNOSOTsqOA4SfSIxyO1V6rm002CgzoKASkmCKnQrlVGrVX/qDg2wERh+UGQsk9nzNtV1 n0FrDrp1JiRJpRR2gldDJJwNyFT423bwuU8Nl9ln/XqIBRiT+wM78qwglefvT5VT+B/S hqgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=VuuZr/4c1UPKQEo4uOczu6/ksfM6S6wo/JNy4TAGNVk=; b=jF1OVeF2t/r7rPyYMirzACT07RFfQNAYBXSFKudyWGdHJQuyuhh6EhJYTCM8+UUwwJ 1mVShLPbk90jR9UqDl2sGoaG5jxxHnAA9tP+Huozy/jODbWedE+lIwBTTjwxdYSWr4CG gm5LEfRcJnjaz9v2I+fvCPdoimdGJ+jm2KQwLF/1vav56Gl0AHsavgPiYEyJVc8WT12t pe0QL0S9FFvoa7G5uw+ijqTtZ9E10ANSpTHGK04P7CLxrl8lTWt5/Uz0YGW0X5/uNEJ7 ZxdvWn2cV+pGTH0VQmXQrrlMPgw37YdK/8qzh6vkFrwPSvXB96GvRu1l8+tD5oVJO7sV TICw== X-Gm-Message-State: AOAM532tPnbWpCsQUvRWcEHQHwnSiyvm07VUMhsaTEpy72i1rDWUD74m ypZwCMzcETeWZwmILAh0ebritQ== X-Received: by 2002:a62:cdcd:0:b0:4f6:f5c2:47d9 with SMTP id o196-20020a62cdcd000000b004f6f5c247d9mr8329402pfg.26.1646972822270; Thu, 10 Mar 2022 20:27:02 -0800 (PST) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id g5-20020a056a001a0500b004def10341e5sm8815641pfv.22.2022.03.10.20.27.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Mar 2022 20:27:01 -0800 (PST) Date: Fri, 11 Mar 2022 04:26:58 +0000 From: Sean Christopherson To: Maxim Levitsky Cc: Chao Gao , Zeng Guang , Paolo Bonzini , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , kvm@vger.kernel.org, Dave Hansen , Tony Luck , Kan Liang , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , Kim Phillips , Jarkko Sakkinen , Jethro Beekman , Kai Huang , x86@kernel.org, linux-kernel@vger.kernel.org, Robert Hu Subject: Re: [PATCH v6 6/9] KVM: x86: lapic: don't allow to change APIC ID unconditionally Message-ID: References: <20220225082223.18288-1-guang.zeng@intel.com> <20220225082223.18288-7-guang.zeng@intel.com> <20220309052013.GA2915@gao-cwp> <6dc7cff15812864ed14b5c014769488d80ce7f49.camel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6dc7cff15812864ed14b5c014769488d80ce7f49.camel@redhat.com> X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 09, 2022, Maxim Levitsky wrote: > On Wed, 2022-03-09 at 06:01 +0000, Sean Christopherson wrote: > > > Could you share the links? > > > > Doh, sorry (they're both in this one). > > > > https://lore.kernel.org/all/20220301135526.136554-5-mlevitsk@redhat.com > > > > My opinion on this subject is very simple: we need to draw the line somewhere. ... > I also understand your concerns - and I am not going to fight over this, a module > param for read only apic id, will work for me. Sadly, I don't think a module param would actually help. I was thinking it would avoid breakage by allowing for graceful fallback on migration failure, but that was wishful thinking. An inhibit seems like the least awful idea if we don't end up making it unconditionally readonly. > All I wanted to do is to make KVM better by simplifying it - KVM is already > as complex as it can get, anything to make it simpler is welcome IMHO. I agree that simplifying KVM is a goal, and that we need to decide when enough is enough. But we also can't break userspace or existing deployments, that's a very clearly drawn line in Linux. My biggest worry is that, unlike the KVM_SET_CPUID2 breakage, which was obvious and came relatively quick, this could cause breakage at the worst possible time (migration) months or years down the road. Since the goal is to simplify KVM, can we try the inhibit route and see what the code looks like before making a decision? I think it might actually yield a less awful KVM than the readonly approach, especially if the inhibit is "sticky", i.e. we don't try to remove the inhibit on subsequent changes. Killing the VM, as proposed, is very user unfriendly as the user will have no idea why the VM was killed. WARN is out of the question because this is user triggerable. Returning an emulation error would be ideal, but getting that result up through apic_mmio_write() could be annoying and end up being more complex. The touchpoints will all be the same, unless I'm missing something the difference should only be a call to set an inhibit instead killing the VM.