Received: by 2002:ac2:464d:0:0:0:0:0 with SMTP id s13csp3304293lfo; Mon, 23 May 2022 01:11:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzeETDmJCd25XqIpzct0u4NXnUVP42DibaqwMDyXfgnTIJX2ZPMa22MmAkiRTTd9imzq41J X-Received: by 2002:a63:e5d:0:b0:3aa:3c53:537e with SMTP id 29-20020a630e5d000000b003aa3c53537emr19349056pgo.622.1653293474994; Mon, 23 May 2022 01:11:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653293474; cv=none; d=google.com; s=arc-20160816; b=hG1zShVZG/PnGZZYgPBALCsv5Ms/uvKwW+snSsKZ1DofnZ203YZPLqOaKzojFGIBEQ PCX7ultX/keuPkbpytJ77luhTiEmZ/t/xa9NayAim+HpqmSrUwe4QDpSueLrjhYcM9sP aZeih51jaIHenAh1+fmkI2Cr2VbGO9qFnVlSgLepoLeq0cRiIYp6faGyr7ZcdVI036n2 piH+NXpgVWISLjoWzIIDGr7/hLmBEaKUT94MuOwpNiv8qIiVU3nI1gusTXrhTdAQurzM /4ZLMeiq1Kk7EE6gISMZdOOJ16AZM0ZZXoz/dPDFFuhZ3LMTilQfqQsWM2eJxfpYtJqm haWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=qs1N4izsogFrS0OZ7oEYOqsnkQJp8brscTXYKO0KODg=; b=cwseu/csI6jYHo1wMOzSVaD85QzeIpPgz1qj+33f0qJ0+mR6XoG2ogT9miebok/Zap 7Yd44ckrqv+fOX3TneHfKpzL9LHK1C6qVPOplXxvpFv/uQVzyEfUtZbvahyEnfmt5UAw HkDY7dDIZUZlT3p5x8Y3NKt/i2p7DnZVquPkdOcTZDOQsMiLPWfZBDxk9FpbQHprf52I CmuzLarGSzvgzkhCYtpjgaQ+Vpl3Pr45ft0g7PKF9Uy5SQVp3+ptYmB18wd3umfQier1 Xt4CHqGlqgneGp8O230666GM/vcHJfGYMZwOnxXa4ILvjzl9gwSp6fJ5qOZVaHM6aMYd bQUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=n0ri6Guu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [2620:137:e000::1:18]) by mx.google.com with ESMTPS id v10-20020a63610a000000b003f9f59ea587si7945505pgb.720.2022.05.23.01.11.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 May 2022 01:11:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) client-ip=2620:137:e000::1:18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=n0ri6Guu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 330A869CF8; Mon, 23 May 2022 00:06:02 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347357AbiEVOrW (ORCPT + 99 others); Sun, 22 May 2022 10:47:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44500 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347371AbiEVOrU (ORCPT ); Sun, 22 May 2022 10:47:20 -0400 Received: from mail-ot1-x32f.google.com (mail-ot1-x32f.google.com [IPv6:2607:f8b0:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 111E83B56B for ; Sun, 22 May 2022 07:47:20 -0700 (PDT) Received: by mail-ot1-x32f.google.com with SMTP id l10-20020a9d7a8a000000b0060b151de434so291602otn.2 for ; Sun, 22 May 2022 07:47:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qs1N4izsogFrS0OZ7oEYOqsnkQJp8brscTXYKO0KODg=; b=n0ri6GuuRPbaGra3hsQb2Sl6zVFxnndY7NXm+jezsIjAi4V4h/jKv9xmJpQ6I7DZQK ZHC18L/3KL9VZJgQ3UfNemR7n6cUs6mvd17BoYNecLqeWeUFjNKHeVSSnWB/YiUuAmgw EZzXPq2St3RSIT9ak9KXc22WLER/LuPj8/mD4wpKl+sHPqCFajKOTaaYZTpJo23HlQ9r vIyOhlHUtzqZ5aYIbnufJQVr/JrVrKAosPQSbKWl+zRzow3xjiz60kshBliNTxbaiC02 kGLQWcLi0+eGJMPrnpoZIvQsTgg/DupstjpIz9uiHIMA9zs39gjnzw9bvrcBWJV/32Xn I6rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qs1N4izsogFrS0OZ7oEYOqsnkQJp8brscTXYKO0KODg=; b=yW8PahygTHWIPtZfrqG8pFPb/4Rysh7mRadr3O6kLYnSmsNrxnRsizVzA984kd8+pc 9n7ukrvgiz+OqPj9uIa77wBsoD48GZyAbnt5DgfOB1tcjwK6ZO/aO+7eO8ZAq8SV+jBl O7eXj7E4TeBD3TIVePqPlkG/uZ+MOxi1ApkXQkWjNmd/lqtu+fUX2TQkpO1gUnB3muQN myxwwSz9Kc3ZW5YFKTl2bzIcyoWHy3A0N5147B9PHEopuBrc9wtNp0SEjKYS1z4GOQx6 mdkDKyG0LSgkNQIEDjq8ehkXLSJgP1guZBtOVqyZbIUN/pUf30S9p60AZeNLCVEaiRB5 LuRA== X-Gm-Message-State: AOAM530bbcTD5sF91TmBSloCJa24ZqWdBiurMOTVnI/62Pmj4E412ob1 kPFGrWiokqEp0lL3/5TJnKdqnN4Ah+LMx3ZtvXHfJA== X-Received: by 2002:a05:6830:280e:b0:606:ae45:6110 with SMTP id w14-20020a056830280e00b00606ae456110mr6973637otu.14.1653230839109; Sun, 22 May 2022 07:47:19 -0700 (PDT) MIME-Version: 1.0 References: <20220427200314.276673-1-mlevitsk@redhat.com> <20220427200314.276673-3-mlevitsk@redhat.com> In-Reply-To: From: Jim Mattson Date: Sun, 22 May 2022 07:47:07 -0700 Message-ID: Subject: Re: [RFC PATCH v3 02/19] KVM: x86: inhibit APICv/AVIC when the guest and/or host changes apic id/base from the defaults. To: Maxim Levitsky Cc: Sean Christopherson , kvm@vger.kernel.org, Wanpeng Li , Vitaly Kuznetsov , Jani Nikula , Paolo Bonzini , Tvrtko Ursulin , Rodrigo Vivi , Zhenyu Wang , Joonas Lahtinen , Tom Lendacky , Ingo Molnar , David Airlie , Thomas Gleixner , Dave Hansen , x86@kernel.org, intel-gfx@lists.freedesktop.org, Daniel Vetter , Borislav Petkov , Joerg Roedel , linux-kernel@vger.kernel.org, Zhi Wang , Brijesh Singh , "H. Peter Anvin" , intel-gvt-dev@lists.freedesktop.org, dri-devel@lists.freedesktop.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, May 22, 2022 at 2:03 AM Maxim Levitsky wrote: > > On Thu, 2022-05-19 at 16:06 +0000, Sean Christopherson wrote: > > On Wed, Apr 27, 2022, Maxim Levitsky wrote: > > > Neither of these settings should be changed by the guest and it is > > > a burden to support it in the acceleration code, so just inhibit > > > it instead. > > > > > > Also add a boolean 'apic_id_changed' to indicate if apic id ever changed. > > > > > > Signed-off-by: Maxim Levitsky > > > --- > > > + return; > > > + > > > + pr_warn_once("APIC ID change is unsupported by KVM"); > > > > It's supported (modulo x2APIC shenanigans), otherwise KVM wouldn't need to disable > > APICv. > > Here, as I said, it would be nice to see that warning if someone complains. > Fact is that AVIC code was totally broken in this regard, and there are probably more, > so it would be nice to see if anybody complains. > > If you insist, I'll remove this warning. This may be fine for a hobbyist, but it's a terrible API in an enterprise environment. To be honest, I have no way of propagating this warning from /var/log/messages on a particular host to a potentially impacted customer. Worse, if they're not the first impacted customer since the last host reboot, there's no warning to propagate. I suppose I could just tell every later customer, "Your VM was scheduled to run on a host that previously reported, 'APIC ID change is unsupported by KVM.' If you notice any unusual behavior, that might be the reason for it," but that isn't going to inspire confidence. I could schedule a drain and reboot of the host, but that defeats the whole point of the "_once" suffix. I know that there's a long history of doing this in KVM, but I'd like to ask that we: a) stop piling on b) start fixing the existing uses If KVM cannot emulate a perfectly valid operation, an exit to userspace with KVM_EXIT_INTERNAL_ERROR is warranted. Perhaps for operations that we suspect KVM might get wrong, we should have a new userspace exit: KVM_EXIT_WARNING? I'm not saying that you should remove the warning. I'm just asking that it be augmented with a direct signal to userspace that KVM may no longer be reliable.