Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp4100022iog; Tue, 28 Jun 2022 09:00:22 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tG5pitSRmd1HYdldMIdtUHV4bRXwwe1LWrtQ8utHhspHxTRJAmW0ceSP8X67qisHBQUYiC X-Received: by 2002:a63:28c:0:b0:3c1:6f72:7288 with SMTP id 134-20020a63028c000000b003c16f727288mr18171829pgc.564.1656432022647; Tue, 28 Jun 2022 09:00:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656432022; cv=none; d=google.com; s=arc-20160816; b=pmyKfAdKykHK61VcQd0HAFBA0x+WD2UYycqX8/Hp3YNCclfCHPc344xiYAPoAlk0I1 dPuY/KOF2XoxUrLXx6X8WoEMWq5GwyDNJRwNvUa3AZWnAn9+CDB6hGDKN637Lj9uqoHf Jl6HG6qczChmufEG3AwBhOdeRtOF9rbKuXPNCUtsTr1N83TsbHfS7SxU1bAxu7VGFXnU H02wHELE7Ydk38FrS+02aUOtzpsxpAuAkOHiWw1i60ZkIurX0PIMGVZtCE6UQNXTSQCE fJY/K8aS4tZ6uGFv9ffg9SB03Z+3B2USFaQBqfOlTjZ5e1UZm/gL7PD6UXwrH1eW8+o8 N4xA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=VcRyPc8yqfBxbqxUzat8njTxsc7Bb/ts4TuWMruxwXc=; b=qcQ2MyfXTfPO4VsK8Wjbjfan0orjVcyQaFVuEBlUwDyLep+0rHhoarQcX/SBcNJutO 4GqwGqlcWFSOi7jFOk/RNVrQtv3qbKKlY9iXJT8dkfJ468yehdfhzRr5jkSqQR1JjxIA D5ZD2zDO0SlkSGj1XBS8vJMFIrCyc9rExvotrXoCy5hL3ukQw7EMvpF5ebVIH5JXDN+j yNZ/7/eX8OnhyBnJygn+idLyPBB6vovwVqX+X8ztkSkcIYX7AnN7BrIyndOk73qaSpeY 3P7iEr7d1hssH39yzHls10n1WfUHvLdzNBsoukYtsUunAX8e8zDkrIQZFt6iCyuG4KZq RHtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="qk/4IDec"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e71-20020a63694a000000b004019f403fd4si19497279pgc.556.2022.06.28.09.00.06; Tue, 28 Jun 2022 09:00:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="qk/4IDec"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347768AbiF1P2Y (ORCPT + 99 others); Tue, 28 Jun 2022 11:28:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1347466AbiF1P2P (ORCPT ); Tue, 28 Jun 2022 11:28:15 -0400 Received: from mail-oi1-x235.google.com (mail-oi1-x235.google.com [IPv6:2607:f8b0:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F29B220 for ; Tue, 28 Jun 2022 08:28:14 -0700 (PDT) Received: by mail-oi1-x235.google.com with SMTP id u9so17603233oiv.12 for ; Tue, 28 Jun 2022 08:28:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VcRyPc8yqfBxbqxUzat8njTxsc7Bb/ts4TuWMruxwXc=; b=qk/4IDec+8fxrqULQrpZO7A+IWJXUJpEiB5Ohkg+/CQhlzu0O0WgEpbiGmUM5FmEq/ RpC3JfEieF+a7vYutAGb4X2QB6YnZddV3GSi0w2AcY4/1nm54BZ5Bjy2BiXeNYvjscQv WnTICfihQqVLUe+okt4h6XX9qsyKCqdYPAeA7oboAum1CHfo/15nmR7R6EZIFzVNxlPc 0sJcbeIUzVlK3l1I6tIeQ8ulpcZCnjjh6O3PFvLiDNXPaQgkx7Aj1qm8mzAXSj7JtlmZ NbdREPs4SYGKMzuG4LpLjtxUyQqlv8GYjlVlJo4OyG3RBk+MaqMSZJZfwEAip8PUan+x koDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VcRyPc8yqfBxbqxUzat8njTxsc7Bb/ts4TuWMruxwXc=; b=xLNE0g7DI7pAC9YEu/8yeuJrh2qCVbUjKhFsuH4bb7WxKfQ/q3fESR3ctIR0YOU+b6 /q0WJgeiK5ycGe64N1KZCak6Xc28tLc/ly4wB7RCJNl9ZVPUxQDqMSjJeebaQ4Z8vdrS ncTmffHgQ90VRl6YAC8iR3vk72Fpae/G1d9q0AiLcaD5xcvaWCh7Id75WxHiik5JMVle 1DW8ajQw81DzSQtcsVuNAUQwwtiwkpNlse74sm2tNtnp3krLw5XeAmNcOh6AHOqJK7YU Ty5OwE2Xv8M/iauMxQ0wBeEKXeLRzzPc9ZsaviyBe6dVdsTJVVogx0YXdDf90VgcVd0D e0gg== X-Gm-Message-State: AJIora9dbbSfOD/m0Ba2bDBMHRLa9m4L+Kha/BgcdoXHnOMawEX1eVKu 2f9ojo5dSiUUF2FAu4oM9889kPdH+25tjrYLjeJ3WQ== X-Received: by 2002:a05:6808:2124:b0:335:7483:f62d with SMTP id r36-20020a056808212400b003357483f62dmr128877oiw.112.1656430093380; Tue, 28 Jun 2022 08:28:13 -0700 (PDT) MIME-Version: 1.0 References: <20220627160440.31857-1-vkuznets@redhat.com> <87y1xgubot.fsf@redhat.com> In-Reply-To: <87y1xgubot.fsf@redhat.com> From: Jim Mattson Date: Tue, 28 Jun 2022 08:28:02 -0700 Message-ID: Subject: Re: [PATCH 00/14] KVM: nVMX: Use vmcs_config for setting up nested VMX MSRs To: Vitaly Kuznetsov Cc: kvm@vger.kernel.org, Paolo Bonzini , Sean Christopherson , Anirudh Rayabharam , Wanpeng Li , Maxim Levitsky , linux-hyperv@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 28, 2022 at 7:04 AM Vitaly Kuznetsov wrote: > > Jim Mattson writes: > > > On Mon, Jun 27, 2022 at 9:04 AM Vitaly Kuznetsov wrote: > >> > >> Changes since RFC: > >> - "KVM: VMX: Extend VMX controls macro shenanigans" PATCH added and the > >> infrastructure is later used in other patches [Sean] PATCHes 1-3 added > >> to support the change. > >> - "KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup" PATCH > >> added [Sean]. > >> - Commit messages added. > >> > >> vmcs_config is a sanitized version of host VMX MSRs where some controls are > >> filtered out (e.g. when Enlightened VMCS is enabled, some know bugs are > >> discovered, some inconsistencies in controls are detected,...) but > >> nested_vmx_setup_ctls_msrs() uses raw host MSRs instead. This may end up > >> in exposing undesired controls to L1. Switch to using vmcs_config instead. > >> > >> Sean Christopherson (1): > >> KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup > >> > >> Vitaly Kuznetsov (13): > >> KVM: VMX: Check VM_ENTRY_IA32E_MODE in setup_vmcs_config() > >> KVM: VMX: Check CPU_BASED_{INTR,NMI}_WINDOW_EXITING in > >> setup_vmcs_config() > >> KVM: VMX: Tweak the special handling of SECONDARY_EXEC_ENCLS_EXITING > >> in setup_vmcs_config() > >> KVM: VMX: Extend VMX controls macro shenanigans > >> KVM: VMX: Move CPU_BASED_CR8_{LOAD,STORE}_EXITING filtering out of > >> setup_vmcs_config() > >> KVM: VMX: Add missing VMEXIT controls to vmcs_config > >> KVM: VMX: Add missing VMENTRY controls to vmcs_config > >> KVM: VMX: Add missing CPU based VM execution controls to vmcs_config > >> KVM: nVMX: Use sanitized allowed-1 bits for VMX control MSRs > >> KVM: VMX: Store required-1 VMX controls in vmcs_config > >> KVM: nVMX: Use sanitized required-1 bits for VMX control MSRs > >> KVM: VMX: Cache MSR_IA32_VMX_MISC in vmcs_config > >> KVM: nVMX: Use cached host MSR_IA32_VMX_MISC value for setting up > >> nested MSR > >> > >> arch/x86/kvm/vmx/capabilities.h | 16 +-- > >> arch/x86/kvm/vmx/nested.c | 37 +++--- > >> arch/x86/kvm/vmx/nested.h | 2 +- > >> arch/x86/kvm/vmx/vmx.c | 198 ++++++++++++++------------------ > >> arch/x86/kvm/vmx/vmx.h | 118 +++++++++++++++++++ > >> 5 files changed, 229 insertions(+), 142 deletions(-) > >> > >> -- > >> 2.35.3 > >> > > > > Just checking that this doesn't introduce any backwards-compatibility > > issues. That is, all features that were reported as being available in > > the past should still be available moving forward. > > > > All the controls nested_vmx_setup_ctls_msrs() set are in the newly > introduced KVM_REQ_VMX_*/KVM_OPT_VMX_* sets so we should be good here > (unless I screwed up, of course). > > There's going to be some changes though. E.g this series was started by > Anirudh's report when KVM was exposing SECONDARY_EXEC_TSC_SCALING while > running on KVM and using eVMCS which doesn't support the control. This > is a bug and I don't think we need and 'bug compatibility' here. You cannot force VM termination on a kernel upgrade. On live migration from an older kernel, the new kernel must be willing to accept the suspended state of a VM that was running under the older kernel. In particular, the new KVM_SET_MSRS must accept the values of the VMX capability MSRS that userspace obtains from the older KVM_GET_MSRS. I don't know if this is what you are referring to as "bug compatibility," but if it is, then we absolutely do need it. > Another change is that VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL/ > VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL will now be filtered out on the > "broken" CPUs (the list is in setup_vmcs_config()). I *think* this is > also OK but if not, we can move the filtering to vmx_vmentry_ctrl()/ > vmx_vmexit_ctrl(). > > -- > Vitaly >