Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4037391rdh; Tue, 28 Nov 2023 10:04:24 -0800 (PST) X-Google-Smtp-Source: AGHT+IGc86OY68ic78uwUjuUwROBrxkImLMOfPo5QvKAz4qiMLxOgh77PgeUqGw1FIDY74Wm5fIC X-Received: by 2002:a05:6870:75c9:b0:1f9:602e:7b0b with SMTP id de9-20020a05687075c900b001f9602e7b0bmr22818765oab.2.1701194663843; Tue, 28 Nov 2023 10:04:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701194663; cv=none; d=google.com; s=arc-20160816; b=U3ePuoJlF0NQtknovMgx5iN+yOaNMHr8/jYvxsRPWf8rKw6LQjWNDfM/NcAqWS1K7M XRgrPRgpHQhZDRFVTCVj7AGX7Gj5d6kHW/V5xY54MPpBECzJ/Mh1EEr/kM/1EVGUWbca TdtxfIrjHFZLTLFESWUMSeGOLfgrvd/iXbIvQ+jVXAmtQqeixpmcB4w6/nc+DY8r9bal 3ZLQ3bReeWSnsNJdIuI9CmIOFHKrwc9Cuff26HRwUQSDEAdwjQa68s2VCEWtXzkotMHC 08N3Am7tz3Fln1PY7wQ25p8yMStdbtCJCyi6b2gI45OVgGcWO0dKrkxRo/496n32Dni9 KcXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:autocrypt :from:references:cc:to:content-language:subject:user-agent :mime-version:date:message-id; bh=lH+BiXfWV0jFNX6qIWZZhVL2Bi5oNq/zyjPjuQXgP78=; fh=IczE/FYqinQ7k7O3D1SswHC93QrfXqbblVYzr34TRlc=; b=reBI0UTRETKV4KGHEd7Z97K0YtTF5Zu5x3iY35E/1UzNp+emuLpk9Yt/dTUzjpZQ/F Z3YffWGO1qFAnD3DWZXVPyn6m6PHdK/tRUQepSRdFqFFC2qBid1kqsVz9NQ5IFYSz7JD 9PtG9uH9z1Mjl7pnGAKckHJSulZ7K3VuBk9dDGNVMEznbw1XQZGdyFEs8In3UnmUIeOr 8OKJ4QfmTRHkHDZvqA39vLTYvoSzTC51giwuGYqD01mnA0Kh9EN3KCD51kl0BpDTzUwm E+h4dRVOjDf6U+PXsr9PWJXtSun8fFQBE2jlFAym2/TpyLlQpQ5UBkE2F4e1VIddKmIY vcUQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id m2-20020a9d7ac2000000b006d7eca8f5d1si4665352otn.226.2023.11.28.10.04.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:04:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id A1F4C8099CC3; Tue, 28 Nov 2023 10:04:20 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345321AbjK1SEF (ORCPT + 99 others); Tue, 28 Nov 2023 13:04:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49292 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1344975AbjK1SEE (ORCPT ); Tue, 28 Nov 2023 13:04:04 -0500 Received: from vps-vb.mhejs.net (vps-vb.mhejs.net [37.28.154.113]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 242A291; Tue, 28 Nov 2023 10:04:09 -0800 (PST) Received: from MUA by vps-vb.mhejs.net with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1r82RI-0008LK-P0; Tue, 28 Nov 2023 19:04:04 +0100 Message-ID: Date: Tue, 28 Nov 2023 19:03:58 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH] KVM: x86: Allow XSAVES on CPUs where host doesn't use it due to an errata Content-Language: en-US, pl-PL To: Sean Christopherson Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org References: <50076263-8b4f-4167-8419-e8baede7e9b0@maciej.szmigiero.name> From: "Maciej S. Szmigiero" Autocrypt: addr=mail@maciej.szmigiero.name; keydata= xsFNBFpGusUBEADXUMM2t7y9sHhI79+2QUnDdpauIBjZDukPZArwD+sDlx5P+jxaZ13XjUQc 6oJdk+jpvKiyzlbKqlDtw/Y2Ob24tg1g/zvkHn8AVUwX+ZWWewSZ0vcwp7u/LvA+w2nJbIL1 N0/QUUdmxfkWTHhNqgkNX5hEmYqhwUPozFR0zblfD/6+XFR7VM9yT0fZPLqYLNOmGfqAXlxY m8nWmi+lxkd/PYqQQwOq6GQwxjRFEvSc09m/YPYo9hxh7a6s8hAP88YOf2PD8oBB1r5E7KGb Fv10Qss4CU/3zaiyRTExWwOJnTQdzSbtnM3S8/ZO/sL0FY/b4VLtlZzERAraxHdnPn8GgxYk oPtAqoyf52RkCabL9dsXPWYQjkwG8WEUPScHDy8Uoo6imQujshG23A99iPuXcWc/5ld9mIo/ Ee7kN50MOXwS4vCJSv0cMkVhh77CmGUv5++E/rPcbXPLTPeRVy6SHgdDhIj7elmx2Lgo0cyh uyxyBKSuzPvb61nh5EKAGL7kPqflNw7LJkInzHqKHDNu57rVuCHEx4yxcKNB4pdE2SgyPxs9 9W7Cz0q2Hd7Yu8GOXvMfQfrBiEV4q4PzidUtV6sLqVq0RMK7LEi0RiZpthwxz0IUFwRw2KS/ 9Kgs9LmOXYimodrV0pMxpVqcyTepmDSoWzyXNP2NL1+GuQtaTQARAQABzTBNYWNpZWogUy4g U3ptaWdpZXJvIDxtYWlsQG1hY2llai5zem1pZ2llcm8ubmFtZT7CwZQEEwEIAD4CGwMFCwkI BwIGFQoJCAsCBBYCAwECHgECF4AWIQRyeg1N257Z9gOb7O+Ef143kM4JdwUCZHu3rAUJC4vC 5wAKCRCEf143kM4Jdw74EAC6WUqhTI7MKKqJIjFpR3IxzqAKhoTl/lKPnhzwnB9Zdyj9WJlv wIITsQOvhHj6K2Ds63zmh/NKccMY8MDaBnffXnH8fi9kgBKHpPPMXJj1QOXCONlCVp5UGM8X j/gs94QmMxhr9TPY5WBa50sDW441q8zrDB8+B/hfbiE1B5k9Uwh6p/aAzEzLCb/rp9ELUz8/ bax/e8ydtHpcbAMCRrMLkfID127dlLltOpOr+id+ACRz0jabaWqoGjCHLIjQEYGVxdSzzu+b 27kWIcUPWm+8hNX35U3ywT7cnU/UOHorEorZyad3FkoVYfz/5necODocsIiBn2SJ3zmqTdBe sqmYKDf8gzhRpRqc+RrkWJJ98ze2A9w/ulLBC5lExXCjIAdckt2dLyPtsofmhJbV/mIKcbWx GX4vw1ufUIJmkbVFlP2MAe978rdj+DBHLuWT0uusPgOqpgO9v12HuqYgyBDpZ2cvhjU+uPAj Bx8eLu/tpxEHGONpdET42esoaIlsNnHC7SehyOH/liwa6Ew0roRHp+VZUaf9yE8lS0gNlKzB H5YPyYBMVSRNokVG4QUkzp30nJDIZ6GdAUZ1bfafSHFHH1wzmOLrbNquyZRIAkcNCFuVtHoY CUDuGAnZlqV+e4BLBBtl9VpJOS6PHKx0k6A8D86vtCMaX/M/SSdbL6Kd5M7AzQRaRrwiAQwA xnVmJqeP9VUTISps+WbyYFYlMFfIurl7tzK74bc67KUBp+PHuDP9p4ZcJUGC3UZJP85/GlUV dE1NairYWEJQUB7bpogTuzMI825QXIB9z842HwWfP2RW5eDtJMeujzJeFaUpmeTG9snzaYxY N3r0TDKj5dZwSIThIMQpsmhH2zylkT0jH7kBPxb8IkCQ1c6wgKITwoHFjTIO0B75U7bBNSDp XUaUDvd6T3xd1Fz57ujAvKHrZfWtaNSGwLmUYQAcFvrKDGPB5Z3ggkiTtkmW3OCQbnIxGJJw /+HefYhB5/kCcpKUQ2RYcYgCZ0/WcES1xU5dnNe4i0a5gsOFSOYCpNCfTHttVxKxZZTQ/rxj XwTuToXmTI4Nehn96t25DHZ0t9L9UEJ0yxH2y8Av4rtf75K2yAXFZa8dHnQgCkyjA/gs0ujG wD+Gs7dYQxP4i+rLhwBWD3mawJxLxY0vGwkG7k7npqanlsWlATHpOdqBMUiAR22hs02FikAo iXNgWTy7ABEBAAHCwXwEGAEIACYCGwwWIQRyeg1N257Z9gOb7O+Ef143kM4JdwUCZHu3zQUJ C4vBowAKCRCEf143kM4Jd2NnD/9E9Seq0HDZag4Uazn9cVsYWV/cPK4vKSqeGWMeLpJlG/UB PHY9q8a79jukEArt610oWj7+wL8SG61/YOyvYaC+LT9R54K8juP66hLCUTNDmv8s9DEzJkDP +ct8MwzA3oYtuirzbas0qaSwxHjZ3aV40vZk0uiDDG6kK24pv3SXcMDWz8m+sKu3RI3H+hdQ gnDrBIfTeeT6DCEgTHsaotFDc7vaNESElHHldCZTrg56T82to6TMm571tMW7mbg9O+u2pUON xEQ5hHCyvNrMAEel191KTWKE0Uh4SFrLmYYCRL9RIgUzxFF+ahPxjtjhkBmtQC4vQ20Bc3X6 35ThI4munnjDmhM4eWVdcmDN4c8y+2FN/uHS5IUcfb9/7w+BWiELb3yGienDZ44U6j+ySA39 gT6BAecNNIP47FG3AZXT3C1FZwFgkKoZ3lgN5VZgX2Gj53XiHqIGO8c3ayvHYAmrgtYYXG1q H5/qn1uUAhP1Oz+jKLUECbPS2ll73rFXUr+U3AKyLpx4T+/Wy1ajKn7rOB7udmTmYb8nnlQb 0fpPzYGBzK7zWIzFotuS5x1PzLYhZQFkfegyAaxys2joryhI6YNFo+BHYTfamOVfFi8QFQL5 5ZSOo27q/Ox95rwuC/n+PoJxBfqU36XBi886VV4LxuGZ8kfy0qDpL5neYtkC9w== In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 28 Nov 2023 10:04:20 -0800 (PST) On 28.11.2023 17:48, Sean Christopherson wrote: > On Mon, Nov 27, 2023, Maciej S. Szmigiero wrote: >> On 27.11.2023 18:24, Sean Christopherson wrote: >>> On Thu, Nov 23, 2023, Maciej S. Szmigiero wrote: >>>> From: "Maciej S. Szmigiero" >>>> >>>> Since commit b0563468eeac ("x86/CPU/AMD: Disable XSAVES on AMD family 0x17") >>>> kernel unconditionally clears the XSAVES CPU feature bit on Zen1/2 CPUs. >>>> >>>> Since KVM CPU caps are initialized from the kernel boot CPU features this >>>> makes the XSAVES feature also unavailable for KVM guests in this case, even >>>> though they might want to decide on their own whether they are affected by >>>> this errata. >>>> >>>> Allow KVM guests to make such decision by setting the XSAVES KVM CPU >>>> capability bit based on the actual CPU capability >>> >>> This is not generally safe, as the guest can make such a decision if and only if >>> the Family/Model/Stepping information is reasonably accurate. >> >> If one lies to the guest about the CPU it is running on then obviously >> things may work non-optimally. > > But this isn't about running optimally, it's about functional correctness. And > "lying" to the guest about F/M/S is extremely common. > >>>> This fixes booting Hyper-V enabled Windows Server 2016 VMs with more than >>>> one vCPU on Zen1/2 CPUs. >>> >>> How/why does lack of XSAVES break a multi-vCPU setup? Is Windows blindly doing >>> XSAVES based on FMS? >> >> The hypercall from L2 Windows to L1 Hyper-V asking to boot the first AP >> returns HV_STATUS_CPUID_XSAVE_FEATURE_VALIDATION_ERROR. > > If it's just about CPUID enumeration, then userspace can simply stuff the XSAVES > feature flag. This is not something that belongs in KVM, because this is safe if > and only if F/M/S is accurate and the guest is actually aware of the erratum (or > will not actually use XSAVES for other reasons), neither of which KVM can guarantee. In other words, your suggestion is that QEMU (or other VMM) not KVM should be the one setting the XSAVES CPUID bit back, correct? I don't think this would work with the current KVM code since it seems to make various decisions depending on presence of XSAVES bit in KVM caps rather than the guest CPUID and on boot_cpu_has(XSAVES) - one of such code blocks was even modified by this patch. It even says in the comment above that code that it is not possible to actually disable XSAVES without disabling all other variants on SVM so this has to be enabled if CPU supports it to switch the XSS MSR at guest entry/exit (in this case it looks harmless since Zen1/2 supposedly don't support any supervisor extended states). So it looks like we would need changes to *both* KVM and QEMU to restore the XSAVES support this way. Thanks, Maciej