Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp1419108rdh; Mon, 25 Sep 2023 12:09:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHp9XqsCzrFvDfN86Bg9WHHqDBI1CGB6zY1hFHbpAgimUDbUd+fGWs1EItgBftPWmlNN5f8 X-Received: by 2002:a9d:6a4d:0:b0:6b9:a926:4a12 with SMTP id h13-20020a9d6a4d000000b006b9a9264a12mr8963250otn.28.1695668985285; Mon, 25 Sep 2023 12:09:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695668985; cv=none; d=google.com; s=arc-20160816; b=Y44E34PYsnjHnvU8xtw12mToVKteEbJlhF/+As4O156XJIY5XS8ZcTL2SxTN5RO1jO mo3AE6Vm7ZHTO9XJvw7TwWoTiH95sUOTIzShUPQo6rF//tj4dDKunHrZ5XDENsIxf43R WPNMjx7ocuaLRHXApXSsUjfhIHWx5Pr3GXzOJOo8xkPdtZTy4VJPWnUwhdkP7Y1mSlIB Kj19jpPOpgotbtECoXhrPRaUu3rdx80C4l73vCTqCRk4RBCsUEQ6olQTSwiH7IyTCNiE dd/Bm5jPFhZ+0rpg1e4BLKWG+sTXJKZbzLPO26l/bgs0N8HMvB0lmL6K4wTV88dCn5DI UkSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:autocrypt :from:references:cc:to:content-language:subject:user-agent :mime-version:date:message-id; bh=MHdsfyuzVW15OWLo/VbdYFSFycB9uHj+NPEqieCr0O4=; fh=Zluzx7rYVVHJxCCk/Gj7fKxcB7N7I3H5V5MV2Othfkw=; b=DoC55wCr2hzH+oeSYQ5tiiX/bG5jAjDLqQAMmFT9Wn13p/nxqsJ7YsHkj8n7BDvcIA TaQM5g51v1+ChrIthExo3DzLLiJ147NkR3j06CDCNk0wsbCHhmluxShS0ucqOLBMhN0X mXZM5SmxKUJTHpBAq2vFK3oRWsSnHC76QNm/xQ9Qt3VrIlJ1yeharkPsTcveXWhhtTvR /eq6qJfaaXWIZQm1MCihW2OKuXBQpYXAnjOy19UBa0tyXXaBI7l+s8I8B/jYjFaTCO5G yr35SZ2anTH+A+le3m68bJOh9hw1fnl3aUDbrOTGUmFoN9QT07CsvKtIrq9lRYISDqAR g/TA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id e190-20020a6369c7000000b0056c55eb251csi9931347pgc.123.2023.09.25.12.09.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 12:09:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id D6C7B80C5FBC; Mon, 25 Sep 2023 11:53:53 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233267AbjIYSx5 (ORCPT + 99 others); Mon, 25 Sep 2023 14:53:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230125AbjIYSx4 (ORCPT ); Mon, 25 Sep 2023 14:53:56 -0400 Received: from vps-vb.mhejs.net (vps-vb.mhejs.net [37.28.154.113]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0EC14B3; Mon, 25 Sep 2023 11:53:48 -0700 (PDT) Received: from MUA by vps-vb.mhejs.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1qkqiF-0001TD-1u; Mon, 25 Sep 2023 20:53:43 +0200 Message-ID: <8c6a1fc8-2ac5-4767-8b02-9ef56434724e@maciej.szmigiero.name> Date: Mon, 25 Sep 2023 20:53:16 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] KVM: x86: Ignore MSR_AMD64_BU_CFG access Content-Language: en-US, pl-PL To: Sean Christopherson Cc: Paolo Bonzini , Borislav Petkov , kvm@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org References: <0ffde769702c6cdf6b6c18e1dcb28b25309af7f7.1695659717.git.maciej.szmigiero@oracle.com> From: "Maciej S. Szmigiero" Autocrypt: addr=mail@maciej.szmigiero.name; keydata= xsFNBFpGusUBEADXUMM2t7y9sHhI79+2QUnDdpauIBjZDukPZArwD+sDlx5P+jxaZ13XjUQc 6oJdk+jpvKiyzlbKqlDtw/Y2Ob24tg1g/zvkHn8AVUwX+ZWWewSZ0vcwp7u/LvA+w2nJbIL1 N0/QUUdmxfkWTHhNqgkNX5hEmYqhwUPozFR0zblfD/6+XFR7VM9yT0fZPLqYLNOmGfqAXlxY m8nWmi+lxkd/PYqQQwOq6GQwxjRFEvSc09m/YPYo9hxh7a6s8hAP88YOf2PD8oBB1r5E7KGb Fv10Qss4CU/3zaiyRTExWwOJnTQdzSbtnM3S8/ZO/sL0FY/b4VLtlZzERAraxHdnPn8GgxYk oPtAqoyf52RkCabL9dsXPWYQjkwG8WEUPScHDy8Uoo6imQujshG23A99iPuXcWc/5ld9mIo/ Ee7kN50MOXwS4vCJSv0cMkVhh77CmGUv5++E/rPcbXPLTPeRVy6SHgdDhIj7elmx2Lgo0cyh uyxyBKSuzPvb61nh5EKAGL7kPqflNw7LJkInzHqKHDNu57rVuCHEx4yxcKNB4pdE2SgyPxs9 9W7Cz0q2Hd7Yu8GOXvMfQfrBiEV4q4PzidUtV6sLqVq0RMK7LEi0RiZpthwxz0IUFwRw2KS/ 9Kgs9LmOXYimodrV0pMxpVqcyTepmDSoWzyXNP2NL1+GuQtaTQARAQABzTBNYWNpZWogUy4g U3ptaWdpZXJvIDxtYWlsQG1hY2llai5zem1pZ2llcm8ubmFtZT7CwZQEEwEIAD4CGwMFCwkI BwIGFQoJCAsCBBYCAwECHgECF4AWIQRyeg1N257Z9gOb7O+Ef143kM4JdwUCZHu3rAUJC4vC 5wAKCRCEf143kM4Jdw74EAC6WUqhTI7MKKqJIjFpR3IxzqAKhoTl/lKPnhzwnB9Zdyj9WJlv wIITsQOvhHj6K2Ds63zmh/NKccMY8MDaBnffXnH8fi9kgBKHpPPMXJj1QOXCONlCVp5UGM8X j/gs94QmMxhr9TPY5WBa50sDW441q8zrDB8+B/hfbiE1B5k9Uwh6p/aAzEzLCb/rp9ELUz8/ bax/e8ydtHpcbAMCRrMLkfID127dlLltOpOr+id+ACRz0jabaWqoGjCHLIjQEYGVxdSzzu+b 27kWIcUPWm+8hNX35U3ywT7cnU/UOHorEorZyad3FkoVYfz/5necODocsIiBn2SJ3zmqTdBe sqmYKDf8gzhRpRqc+RrkWJJ98ze2A9w/ulLBC5lExXCjIAdckt2dLyPtsofmhJbV/mIKcbWx GX4vw1ufUIJmkbVFlP2MAe978rdj+DBHLuWT0uusPgOqpgO9v12HuqYgyBDpZ2cvhjU+uPAj Bx8eLu/tpxEHGONpdET42esoaIlsNnHC7SehyOH/liwa6Ew0roRHp+VZUaf9yE8lS0gNlKzB H5YPyYBMVSRNokVG4QUkzp30nJDIZ6GdAUZ1bfafSHFHH1wzmOLrbNquyZRIAkcNCFuVtHoY CUDuGAnZlqV+e4BLBBtl9VpJOS6PHKx0k6A8D86vtCMaX/M/SSdbL6Kd5M7AzQRaRrwiAQwA xnVmJqeP9VUTISps+WbyYFYlMFfIurl7tzK74bc67KUBp+PHuDP9p4ZcJUGC3UZJP85/GlUV dE1NairYWEJQUB7bpogTuzMI825QXIB9z842HwWfP2RW5eDtJMeujzJeFaUpmeTG9snzaYxY N3r0TDKj5dZwSIThIMQpsmhH2zylkT0jH7kBPxb8IkCQ1c6wgKITwoHFjTIO0B75U7bBNSDp XUaUDvd6T3xd1Fz57ujAvKHrZfWtaNSGwLmUYQAcFvrKDGPB5Z3ggkiTtkmW3OCQbnIxGJJw /+HefYhB5/kCcpKUQ2RYcYgCZ0/WcES1xU5dnNe4i0a5gsOFSOYCpNCfTHttVxKxZZTQ/rxj XwTuToXmTI4Nehn96t25DHZ0t9L9UEJ0yxH2y8Av4rtf75K2yAXFZa8dHnQgCkyjA/gs0ujG wD+Gs7dYQxP4i+rLhwBWD3mawJxLxY0vGwkG7k7npqanlsWlATHpOdqBMUiAR22hs02FikAo iXNgWTy7ABEBAAHCwXwEGAEIACYCGwwWIQRyeg1N257Z9gOb7O+Ef143kM4JdwUCZHu3zQUJ C4vBowAKCRCEf143kM4Jd2NnD/9E9Seq0HDZag4Uazn9cVsYWV/cPK4vKSqeGWMeLpJlG/UB PHY9q8a79jukEArt610oWj7+wL8SG61/YOyvYaC+LT9R54K8juP66hLCUTNDmv8s9DEzJkDP +ct8MwzA3oYtuirzbas0qaSwxHjZ3aV40vZk0uiDDG6kK24pv3SXcMDWz8m+sKu3RI3H+hdQ gnDrBIfTeeT6DCEgTHsaotFDc7vaNESElHHldCZTrg56T82to6TMm571tMW7mbg9O+u2pUON xEQ5hHCyvNrMAEel191KTWKE0Uh4SFrLmYYCRL9RIgUzxFF+ahPxjtjhkBmtQC4vQ20Bc3X6 35ThI4munnjDmhM4eWVdcmDN4c8y+2FN/uHS5IUcfb9/7w+BWiELb3yGienDZ44U6j+ySA39 gT6BAecNNIP47FG3AZXT3C1FZwFgkKoZ3lgN5VZgX2Gj53XiHqIGO8c3ayvHYAmrgtYYXG1q H5/qn1uUAhP1Oz+jKLUECbPS2ll73rFXUr+U3AKyLpx4T+/Wy1ajKn7rOB7udmTmYb8nnlQb 0fpPzYGBzK7zWIzFotuS5x1PzLYhZQFkfegyAaxys2joryhI6YNFo+BHYTfamOVfFi8QFQL5 5ZSOo27q/Ox95rwuC/n+PoJxBfqU36XBi886VV4LxuGZ8kfy0qDpL5neYtkC9w== In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Mon, 25 Sep 2023 11:53:54 -0700 (PDT) On 25.09.2023 20:30, Sean Christopherson wrote: > On Mon, Sep 25, 2023, Maciej S. Szmigiero wrote: >> From: "Maciej S. Szmigiero" >> >> Hyper-V enabled Windows Server 2022 KVM VM cannot be started on Zen1 Ryzen >> since it crashes at boot with SYSTEM_THREAD_EXCEPTION_NOT_HANDLED + >> STATUS_PRIVILEGED_INSTRUCTION (in other words, because of an unexpected #GP >> in the guest kernel). >> >> This is because Windows tries to set bit 8 in MSR_AMD64_BU_CFG and can't >> handle receiving a #GP when doing so. > > Any idea why? I guess it is trying to set some chicken bit? By the way, I tested Windows Server 2019 now - it has the same problem. So likely Windows 11 and newer version of Windows 10 have it, too. >> Give this MSR the same treatment that commit 2e32b7190641 >> ("x86, kvm: Add MSR_AMD64_BU_CFG2 to the list of ignored MSRs") gave >> MSR_AMD64_BU_CFG2 under justification that this MSR is baremetal-relevant >> only. > > Ugh, that commit set a terrible example. The kernel change should have been > conditioned on !X86_FEATURE_HYPERVISOR if the MSR only has meaning for bare metal. You are right with respect to the original guest kernel change that triggered the later KVM commit ignoring MSR_AMD64_BU_CFG2. This doesn't help Windows guests, however. >> Although apparently it was then needed for Linux guests, not Windows as in >> this case. >> >> With this change, the aforementioned guest setup is able to finish booting >> successfully. >> >> This issue can be reproduced either on a Summit Ridge Ryzen (with >> just "-cpu host") or on a Naples EPYC (with "-cpu host,stepping=1" since >> EPYC is ordinarily stepping 2). > > This seems like it needs to be tagged for stable? Like with just "Cc: stable@vger.kernel.org", but without "Fixes:" tag? Can do. >> Signed-off-by: Maciej S. Szmigiero >> --- >> arch/x86/include/asm/msr-index.h | 1 + >> arch/x86/kvm/x86.c | 2 ++ >> 2 files changed, 3 insertions(+) >> >> diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h >> index 1d111350197f..c80a5cea80c4 100644 >> --- a/arch/x86/include/asm/msr-index.h >> +++ b/arch/x86/include/asm/msr-index.h >> @@ -553,6 +553,7 @@ >> #define MSR_AMD64_CPUID_FN_1 0xc0011004 >> #define MSR_AMD64_LS_CFG 0xc0011020 >> #define MSR_AMD64_DC_CFG 0xc0011022 >> +#define MSR_AMD64_BU_CFG 0xc0011023 > > What document actually defines this MSR? All of the PPRs I can find for Family 17h > list it as: > > MSRC001_1023 [Table Walker Configuration] (Core::X86::Msr::TW_CFG) It's partially documented in various AMD BKDGs, however I couldn't find any definition for this particular bit (8) - other than that it is reserved. >> #define MSR_AMD64_DE_CFG 0xc0011029 >> #define MSR_AMD64_DE_CFG_LFENCE_SERIALIZE_BIT 1 >> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c >> index 9f18b06bbda6..2f3cdd798185 100644 >> --- a/arch/x86/kvm/x86.c >> +++ b/arch/x86/kvm/x86.c >> @@ -3639,6 +3639,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) >> case MSR_IA32_UCODE_WRITE: >> case MSR_VM_HSAVE_PA: >> case MSR_AMD64_PATCH_LOADER: >> + case MSR_AMD64_BU_CFG: > > I am sorely tempted to say that this should be solved in userspace via MSR > filtering. IIUC, the MSR truly is model specific, and I don't love the idea of > effectively ignoring accesses to unknown MSRs. And I really, really don't want > KVM to pivot on FMS. > > Paolo, is punting to userspace reasonable, or should we just bite the bullet in > KVM and commit to ignoring MSRs like this? > Waiting for Paolo's decision here then. Thanks, Maciej