Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp756193iog; Mon, 13 Jun 2022 12:14:16 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sCgj62PE91jxjQgsnL2DU7/x8MuVDFSbv5OFkmR8YECfImOBDv+Z6lTydBev7Wa3gOJQTO X-Received: by 2002:a17:902:da87:b0:166:423d:f3be with SMTP id j7-20020a170902da8700b00166423df3bemr524259plx.150.1655147656473; Mon, 13 Jun 2022 12:14:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655147656; cv=none; d=google.com; s=arc-20160816; b=zmoL59WNAXxLEf4dD7SgJh/5+URaZ9fImYuVgl82WaWZm8kzPxwFfkM1f8/hrX7TBf Vfkj0SwheuxukYrjSjGe8cERwwpHYFQoY+zk/W+cb4VY6NXu8xcOx0C4d8a2xMnOFNBv 18bpnqotJSOv4JthJMrzfi2Jiy19zq+pRAsp+pT0EvE+S4MKXbz1qzykAOuE4EG51oHA GU+tZhxSnIEXrrveFAXbIwGSnB18at3IWWlmZA+VQ6I3SrD+hVbf67kcoUwl/YStry+p JAubiP2iPwEOwKU09UoBW+Glumr2wNQrvF/SPzfqgU4CQcilGxdNyOUeb5HvEGdoQdNN 5rLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :from:references:cc:to:content-language:user-agent:mime-version:date :message-id:dkim-signature; bh=vfGAHWMcThoU3wboNMsB+3o85C/to02NSWQZiLFEu4U=; b=GhXTuFxB4m6sEE9wd7hnsHj7IeYOrF+No/t7OeBGXDw5XaOooMxYjXdazQCcHBWYRX tBj9P4NvqX5p1IXiyyaHW68/u4fmB7pN99FumBFEj7wVPTFhUioPr2EBGlHCwEZxLZDC Z0Q9fnkRaujdIRQDNRHdWofAAzIk4HtUaG09zDusuyQCbBYa8vBSXRYMrjoRXHEmB/W/ yKYg9xphMtuZgY57dWDd04Z+X9Nu8AkNgZy2pBQ5+RMeeUrgphsl4JTly2JlCuNltzaF Ls4RTsHgfPr/xxGPYwa5JTMlkJFIk7WQWmSR6wjjQOp0dFG3BxducqPwuWxOOplk1Bh1 Z2Tw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=T8h5puOg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 10-20020a170902c10a00b00168db723df8si5373743pli.581.2022.06.13.12.14.02; Mon, 13 Jun 2022 12:14:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=T8h5puOg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347539AbiFMTEh (ORCPT + 99 others); Mon, 13 Jun 2022 15:04:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54952 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1348774AbiFMTDt (ORCPT ); Mon, 13 Jun 2022 15:03:49 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id BF642106351 for ; Mon, 13 Jun 2022 09:49:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1655138964; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vfGAHWMcThoU3wboNMsB+3o85C/to02NSWQZiLFEu4U=; b=T8h5puOgAvSMRgo//XCofRnlicmNgPaM7gAUMA9TdTy8gZGNW4SBRZ/pJnC4Ke+sDw6dH4 Jf1LP6rWWjJ41FwiAWobusW1BcKGZdz1rthMumyB/TKAwCHMhhXWt5esAyLhdLON5/Nel4 c6eFCNdwfa1jsrum5fq+Emm9nGqJgXQ= Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-625-33m3p_YQNJqBOLDotmu7mQ-1; Mon, 13 Jun 2022 12:49:23 -0400 X-MC-Unique: 33m3p_YQNJqBOLDotmu7mQ-1 Received: by mail-ed1-f72.google.com with SMTP id o17-20020a50fd91000000b0042dbded81deso4341392edt.0 for ; Mon, 13 Jun 2022 09:49:23 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :content-language:to:cc:references:from:subject:in-reply-to :content-transfer-encoding; bh=vfGAHWMcThoU3wboNMsB+3o85C/to02NSWQZiLFEu4U=; b=in5RrW+A6ffT2PkmoLpHYxPfJBpVZmQ7aZWRzRASwQkjuPTrSkbVBbS7AdVtZH2Me/ yO3sDGe0Is9lMGzG6KPJ2Vrl5MjjddDrGw9/3R9/zIZWzfu8B+5N0nQuxwj2Ub6Pr05h HMvdIiOPt9WjA5etIZh3uulSw3O3KpqnJ5SyrBk4DLeiPVZfV5DohWIsyfKcyvcjwTI0 DEzdCJxg2N4mHKr2/3i4RSeDqSwo2a3jwDAGv7EHZdJFOHyaOapgDsZA6gzg4+u6XLk6 07Dq4GTEEsJQlssebd8v5PO3Cvua+jtrnkVq9TOdqN6Z8DfcffkknvYzuUu6BHeEEcIp B4lg== X-Gm-Message-State: AOAM5332GAcJijMKnkjFrftoqHZyrdSnBnMHxaysbFxoWZgxD5Cp5Q0N 8vVOkJR7sPllCyTK/xT3tEvHRLJ8C2aBD2LoA8UvkjZ9nzrSlBNnTvdFy+6zBvSk7iv8D23biyx S2B7i9AdtO/4c8007gxao7Jgl X-Received: by 2002:a17:907:7781:b0:6fe:4398:47b3 with SMTP id ky1-20020a170907778100b006fe439847b3mr617828ejc.513.1655138962080; Mon, 13 Jun 2022 09:49:22 -0700 (PDT) X-Received: by 2002:a17:907:7781:b0:6fe:4398:47b3 with SMTP id ky1-20020a170907778100b006fe439847b3mr617810ejc.513.1655138961846; Mon, 13 Jun 2022 09:49:21 -0700 (PDT) Received: from ?IPV6:2001:b07:6468:f312:5e2c:eb9a:a8b6:fd3e? ([2001:b07:6468:f312:5e2c:eb9a:a8b6:fd3e]) by smtp.googlemail.com with ESMTPSA id p13-20020aa7c88d000000b0043151e18630sm5276460eds.21.2022.06.13.09.49.19 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 13 Jun 2022 09:49:21 -0700 (PDT) Message-ID: <592ab920-51f3-4794-331f-8737e1f5b20a@redhat.com> Date: Mon, 13 Jun 2022 18:49:17 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0 Content-Language: en-US To: Anirudh Rayabharam , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ilias Stamatis , Maxim Levitsky Cc: mail@anirudhrb.com, kumarpraveen@linux.microsoft.com, wei.liu@kernel.org, robert.bradford@intel.com, liuwe@microsoft.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220613161611.3567556-1-anrayabh@linux.microsoft.com> From: Paolo Bonzini Subject: Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V In-Reply-To: <20220613161611.3567556-1-anrayabh@linux.microsoft.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/13/22 18:16, Anirudh Rayabharam wrote: > + if (!kvm_has_tsc_control) > + msrs->secondary_ctls_high &= ~SECONDARY_EXEC_TSC_SCALING; > + > msrs->secondary_ctls_low = 0; > msrs->secondary_ctls_high &= > SECONDARY_EXEC_DESC | > @@ -6667,8 +6670,7 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > SECONDARY_EXEC_RDRAND_EXITING | > SECONDARY_EXEC_ENABLE_INVPCID | > SECONDARY_EXEC_RDSEED_EXITING | > - SECONDARY_EXEC_XSAVES | > - SECONDARY_EXEC_TSC_SCALING; > + SECONDARY_EXEC_XSAVES; > > /* This is wrong because it _always_ disables SECONDARY_EXEC_TSC_SCALING, even if kvm_has_tsc_control == true. That said, I think a better implementation of this patch is to just add a version of evmcs_sanitize_exec_ctrls that takes a struct nested_vmx_msrs *, and call it at the end of nested_vmx_setup_ctl_msrs like evmcs_sanitize_nested_vmx_vsrs(msrs); Even better (but I cannot "mentally test it" offhand) would be just diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index e802f71a9e8d..b3425ce835c5 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -1862,7 +1862,7 @@ int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) * sanity checking and refuse to boot. Filter all unsupported * features out. */ - if (!msr_info->host_initiated && + if (static_branch_unlikely(&enable_evmcs) || vmx->nested.enlightened_vmcs_enabled) nested_evmcs_filter_control_msr(msr_info->index, &msr_info->data); I cannot quite understand the host_initiated check, so I'll defer to Vitaly on why it is needed. Most likely, removing it would cause some warnings in QEMU with e.g. "-cpu Haswell,+vmx"; but I think it's a userspace bug and we should remove that part of the condition. You don't need to worry about that part, we'll cross that bridge if the above patch works for your case. Thanks, Paolo