Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp1564294iog; Tue, 14 Jun 2022 08:29:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwmbLYMKdO+f/KTE+RS+if0iBe+6530bUO2fy5x/0bgvBPQCvSVH1rT3sTTTkx4/FcsAVEo X-Received: by 2002:a63:86c8:0:b0:3fd:9e47:65e6 with SMTP id x191-20020a6386c8000000b003fd9e4765e6mr4992347pgd.554.1655220575959; Tue, 14 Jun 2022 08:29:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655220575; cv=none; d=google.com; s=arc-20160816; b=UfGkuitznEMW2KIt70Kge75P9YNhJ29IK2MaI8615Nc4qxGeA91YgmakAHDQKYjG59 Y50KdgfOTfiV/E0s1RL7AUQLuS0Fjb4IxOu3809akiLaHg1vT8ROjSPcQU54dnkXuiBS 6yuaO3qmk2YeAYddjkl+BsGdlr1/sKp2woOH/aeP1vOdA9Sho4QNTtr774KrzRfi08+P YtKYssyh81Q7m1DRNXbvnKCIntE517FnyrDk09wKlBKTVYlswJJcAB3r0SeftuDt6SsW 94o+ntXvngZS5hWXd5xqJKwz0lOP1QwgdJPUY1/O4i+BcKO7W7rG8jt0KzJ+e4K0YUGx 0vxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature :dkim-filter; bh=Qh14grxeKYerXFZ6SXH2tW7e96Dn6YlUHZJv+OP8fXA=; b=MSZOd/Z8oM7ZdbPRmMYJiNTTtyChB1wpkNhkVunwHaX4O+iyoZMrq4+0hThVZuBjt6 zAjAhTdaJDyy94y0a8KGCjyU+9M4ZjR/n4cLYHjc4KbdHidJPiMEOkpSlduId6Xc11bt g9rfLzAphj56vgwWN6wrt6XfrUldyQJIuAQRAcEUHFhAp19AjevbKaSa4S+SW6bzHVQO 0vQT3a0ALRzGOEHjujuyseB9WMx7hjvGSPoPZ0JOHLNXS7NY/qtbVOjt8DkYyvg9mR+j QZF3U+kyuJwaYCPAHULEf8lmlce4TIFm7e+wvVrn0IC0CrgJG0G9W+SsEv+lOyjN2Mu4 nhuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=cofucmTr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w2-20020a634902000000b003fe49ec934asi14667497pga.83.2022.06.14.08.29.22; Tue, 14 Jun 2022 08:29:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=cofucmTr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344297AbiFNPRW (ORCPT + 99 others); Tue, 14 Jun 2022 11:17:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1356696AbiFNPRR (ORCPT ); Tue, 14 Jun 2022 11:17:17 -0400 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 7BA55419A2; Tue, 14 Jun 2022 08:17:16 -0700 (PDT) Received: from anrayabh-desk (unknown [167.220.238.193]) by linux.microsoft.com (Postfix) with ESMTPSA id B00BF20C317B; Tue, 14 Jun 2022 08:17:10 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com B00BF20C317B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1655219836; bh=Qh14grxeKYerXFZ6SXH2tW7e96Dn6YlUHZJv+OP8fXA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=cofucmTrirayR3BAchof8DY2g+eFoKLrV2GFTmuTY4XOMDYSxCoLomlKibI8ve/tc Rvu5k//xuojwDiH4Z68RLTrjvwiJbnWrrnuJnG+Jn0R+hb6YM5Daj/tXmJn0wcKNIF tvCZkx+jYGQv0rFO24QLY945ImhgCjFJPJT5tZec= Date: Tue, 14 Jun 2022 20:47:05 +0530 From: Anirudh Rayabharam To: Paolo Bonzini Cc: Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ilias Stamatis , Maxim Levitsky , mail@anirudhrb.com, kumarpraveen@linux.microsoft.com, wei.liu@kernel.org, robert.bradford@intel.com, liuwe@microsoft.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] KVM: nVMX: Don't expose TSC scaling to L1 when on Hyper-V Message-ID: References: <20220613161611.3567556-1-anrayabh@linux.microsoft.com> <592ab920-51f3-4794-331f-8737e1f5b20a@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-19.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 14, 2022 at 10:25:52AM +0530, Anirudh Rayabharam wrote: > On Mon, Jun 13, 2022 at 06:49:17PM +0200, Paolo Bonzini wrote: > > On 6/13/22 18:16, Anirudh Rayabharam wrote: > > > + if (!kvm_has_tsc_control) > > > + msrs->secondary_ctls_high &= ~SECONDARY_EXEC_TSC_SCALING; > > > + > > > msrs->secondary_ctls_low = 0; > > > msrs->secondary_ctls_high &= > > > SECONDARY_EXEC_DESC | > > > @@ -6667,8 +6670,7 @@ void nested_vmx_setup_ctls_msrs(struct nested_vmx_msrs *msrs, u32 ept_caps) > > > SECONDARY_EXEC_RDRAND_EXITING | > > > SECONDARY_EXEC_ENABLE_INVPCID | > > > SECONDARY_EXEC_RDSEED_EXITING | > > > - SECONDARY_EXEC_XSAVES | > > > - SECONDARY_EXEC_TSC_SCALING; > > > + SECONDARY_EXEC_XSAVES; > > > /* > > > > This is wrong because it _always_ disables SECONDARY_EXEC_TSC_SCALING, > > even if kvm_has_tsc_control == true. > > The MSR actually allows 1-setting of the "use TSC scaling" control. So this > line is redundant anyway. > > > > > That said, I think a better implementation of this patch is to just add > > a version of evmcs_sanitize_exec_ctrls that takes a struct > > nested_vmx_msrs *, and call it at the end of nested_vmx_setup_ctl_msrs like > > > > evmcs_sanitize_nested_vmx_vsrs(msrs); > > Sanitize at the end might not work because I see some cases in > nested_vmx_setup_ctls_msrs() where we want to expose some things to L1 > even though the hardware doesn't support it. > > > > > Even better (but I cannot "mentally test it" offhand) would be just > > > > diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > > index e802f71a9e8d..b3425ce835c5 100644 > > --- a/arch/x86/kvm/vmx/vmx.c > > +++ b/arch/x86/kvm/vmx/vmx.c > > @@ -1862,7 +1862,7 @@ int vmx_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) > > * sanity checking and refuse to boot. Filter all unsupported > > * features out. > > */ > > - if (!msr_info->host_initiated && > > + if (static_branch_unlikely(&enable_evmcs) || > > vmx->nested.enlightened_vmcs_enabled) > > nested_evmcs_filter_control_msr(msr_info->index, > > &msr_info->data); > > I will try this. This patch fixed the issue for me. But again, this might filter out things that we wan't to expose to L1 even if not available in hardware. Thanks, Anirudh. > > Thanks, > > Anirudh. > > > > > I cannot quite understand the host_initiated check, so I'll defer to > > Vitaly on why it is needed. Most likely, removing it would cause some > > warnings in QEMU with e.g. "-cpu Haswell,+vmx"; but I think it's a > > userspace bug and we should remove that part of the condition. You > > don't need to worry about that part, we'll cross that bridge if the > > above patch works for your case. > > > > Thanks, > > > > Paolo