Received: by 2002:a05:7412:419a:b0:f3:1519:9f41 with SMTP id i26csp4219525rdh; Tue, 28 Nov 2023 15:43:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IGg8JMqC4p7NXzVSfPEeUHzhMz0mBMPWyTrFTb93vm2RgxBFKdU/OcosMDYRBsH95RuHJ9h X-Received: by 2002:a9d:6292:0:b0:6d8:28e2:acfd with SMTP id x18-20020a9d6292000000b006d828e2acfdmr8970101otk.15.1701215018007; Tue, 28 Nov 2023 15:43:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701215017; cv=none; d=google.com; s=arc-20160816; b=x8CBKDXVf9ULRwMfL0HvEU4/0HuKQ24haH7RW1XUIBZ+dFI1o8J3pAwLllJ13p22qD njAPj/Jut+2eyHutz59fnhkg50epL610BiisCqBqt56BFSC8yJXYGsOhTNx5GkF6i/wX vTwB1XMy1M1wLpCMOmxkXbgTbWLSGtdZoFr7f0jUxTfNs/KzJpU7vEu0vEW8VLajGrbu tJ4OsuoGb0MX1ke6WLLUhkBybp2cXhblnZclT+ADkRZCOb2qyzCND+Nn2+pGgYDx7++7 lASWDP/zScL3+SR6LuRfoBmGquyoMFO/uwot1078l0kjI1TvSZhglaNMRTG59jPcrH2G tpwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=iZUCKF6M2pncs6ikf31MzfqFi00tloLxxIfq7BGycqs=; fh=F9gYGd5j+DD5Qna5n6U0l9ESiSIxt5M+4dR8qvvJfHU=; b=rUObNdoNGoYZLioLyUWj6dPKo4fpVUCvCwEPLYOt4+r560D9Bv+fuzi1oXX2yNfKBt uNmMfV88LHc+i1zQ6umjIfCEeo1CajnysqqEEVIR0USDnC2zLwfSzUanLlFrMShxI2UD Eh6pdW1llSNx+NMTWByTBh3x1qCgnt5uHIi1gJJNXrziTaDrULNDSoKfZZSt6hy95mVh E7s5ViledEj7f1NuWToeQoj0ihBaBa7qtqgHuk5dNOrKbSXcA8HlRjtX35avURcECwah 8DsVjO5+6dhgmGICzAwdkRe8uijD86zLmqvqTskY2fLj2X0VXnrrgc5rYdZN9u10QuWT dSSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=mgCxOmkN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id v202-20020a6361d3000000b005c1b303c414si12976831pgb.625.2023.11.28.15.43.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 15:43:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=mgCxOmkN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 6E5A180A4AF6; Tue, 28 Nov 2023 15:43:35 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376606AbjK1Xmi (ORCPT + 99 others); Tue, 28 Nov 2023 18:42:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229526AbjK1Xmh (ORCPT ); Tue, 28 Nov 2023 18:42:37 -0500 Received: from mail-yw1-x114a.google.com (mail-yw1-x114a.google.com [IPv6:2607:f8b0:4864:20::114a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF294197 for ; Tue, 28 Nov 2023 15:42:43 -0800 (PST) Received: by mail-yw1-x114a.google.com with SMTP id 00721157ae682-5d1ed4b268dso13765087b3.0 for ; Tue, 28 Nov 2023 15:42:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1701214963; x=1701819763; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=iZUCKF6M2pncs6ikf31MzfqFi00tloLxxIfq7BGycqs=; b=mgCxOmkNpxwd+gH23CfHATU5w412/KoL2bkNEmfm8tQEHy1pX1BQ1MpQTT8/2cuurN wDXW1T6h+i8y9Vnw+jND4/qaZqhPnpfbYfaJQISN2ZwW/wLGc2G/zTJ1pPkKL5glYecG PwQ2PeB5miNMDqC1MYxkloGGIm7iE4ERjFsPdXPQdcNu3nTGLCoObiAhc9sbrzs97Mn0 Q+AltMl+D7fjVamHpXeWKymopzA8rUVEtiDNjUz0u0RahvMHb0dfioUFoVfK/tQrEBAf Dh/q8BBgp1F26kqCO0i5RROLftd0lWh7O3l2m0IFl0SOm2N+LopfM55pQQrsmsKBsyNA JghQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701214963; x=1701819763; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iZUCKF6M2pncs6ikf31MzfqFi00tloLxxIfq7BGycqs=; b=RX2jl1i2ehalAqmnCJ50faG+tc3hfgJzPXf2/XNjvl/M8JnkOE7+MIjtI094BJ+K3o yjkSMaHoxLEarBG1Sm01cr+TIH5+NxV2zdTNjN8xnxPH9IsdwovKhuMyQM0ok+VJ76tk s6uY+LRZ/+zzaafUrQSAT4JzDGZzHHPHzJEqobikC1TgNdriDVhNFu81MAhKpTXmxW3d IPyLaUItZx52J+cvcWsm2phqGD9lYmEJXNVLeV8ZEYyKQrO/l+K41wbsL18dvjXJxbco yPQEcUheI9xY3PN/Wcd1I807zzYlOl5+I4sLeqdlzb34OoXu6dpxotDpmKFFbFtSZDVy 0SsA== X-Gm-Message-State: AOJu0YyBg+3/evA/SJiUZtcuwBBMZGdMlX4bGVdQ9NQfhAabV1hdMqJp Z5sJt2KP4mPJk61GMmIJ045v7DRmicg= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a81:ae56:0:b0:5cb:4e0e:59c1 with SMTP id g22-20020a81ae56000000b005cb4e0e59c1mr474555ywk.1.1701214962937; Tue, 28 Nov 2023 15:42:42 -0800 (PST) Date: Tue, 28 Nov 2023 15:42:41 -0800 In-Reply-To: Mime-Version: 1.0 References: <50076263-8b4f-4167-8419-e8baede7e9b0@maciej.szmigiero.name> Message-ID: Subject: Re: [PATCH] KVM: x86: Allow XSAVES on CPUs where host doesn't use it due to an errata From: Sean Christopherson To: "Maciej S. Szmigiero" Cc: Paolo Bonzini , kvm@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Tue, 28 Nov 2023 15:43:35 -0800 (PST) On Tue, Nov 28, 2023, Maciej S. Szmigiero wrote: > On 28.11.2023 17:48, Sean Christopherson wrote: > > On Mon, Nov 27, 2023, Maciej S. Szmigiero wrote: > > > On 27.11.2023 18:24, Sean Christopherson wrote: > > > > On Thu, Nov 23, 2023, Maciej S. Szmigiero wrote: > > > > > From: "Maciej S. Szmigiero" > > > > > > > > > > Since commit b0563468eeac ("x86/CPU/AMD: Disable XSAVES on AMD family 0x17") > > > > > kernel unconditionally clears the XSAVES CPU feature bit on Zen1/2 CPUs. > > > > > > > > > > Since KVM CPU caps are initialized from the kernel boot CPU features this > > > > > makes the XSAVES feature also unavailable for KVM guests in this case, even > > > > > though they might want to decide on their own whether they are affected by > > > > > this errata. > > > > > > > > > > Allow KVM guests to make such decision by setting the XSAVES KVM CPU > > > > > capability bit based on the actual CPU capability > > > > > > > > This is not generally safe, as the guest can make such a decision if and only if > > > > the Family/Model/Stepping information is reasonably accurate. > > > > > > If one lies to the guest about the CPU it is running on then obviously > > > things may work non-optimally. > > > > But this isn't about running optimally, it's about functional correctness. And > > "lying" to the guest about F/M/S is extremely common. > > > > > > > This fixes booting Hyper-V enabled Windows Server 2016 VMs with more than > > > > > one vCPU on Zen1/2 CPUs. > > > > > > > > How/why does lack of XSAVES break a multi-vCPU setup? Is Windows blindly doing > > > > XSAVES based on FMS? > > > > > > The hypercall from L2 Windows to L1 Hyper-V asking to boot the first AP > > > returns HV_STATUS_CPUID_XSAVE_FEATURE_VALIDATION_ERROR. > > > > If it's just about CPUID enumeration, then userspace can simply stuff the XSAVES > > feature flag. This is not something that belongs in KVM, because this is safe if > > and only if F/M/S is accurate and the guest is actually aware of the erratum (or > > will not actually use XSAVES for other reasons), neither of which KVM can guarantee. > > In other words, your suggestion is that QEMU (or other VMM) not KVM > should be the one setting the XSAVES CPUID bit back, correct? > > I don't think this would work with the current KVM code since it seems > to make various decisions depending on presence of XSAVES bit in KVM > caps rather than the guest CPUID and on boot_cpu_has(XSAVES) - one of > such code blocks was even modified by this patch. > > It even says in the comment above that code that it is not possible to > actually disable XSAVES without disabling all other variants on SVM so > this has to be enabled if CPU supports it to switch the XSS MSR at > guest entry/exit (in this case it looks harmless since Zen1/2 > supposedly don't support any supervisor extended states). > > So it looks like we would need changes to *both* KVM and QEMU to > restore the XSAVES support this way. I'm not suggesting we restore XSAVES support, I'm suggesting that _if_ someone wants to hack their setup to let the guest use broken hardware, then they should do that in userspace or in an a private kernel, not in upstream KVM.