It was found that fine-grained VMX feature enablement in QEMU is broken
when combined with SynIC:
qemu-system-x86_64 -machine q35,accel=kvm -cpu host,hv_vpindex,hv_synic -smp 2 -m 16384 -vnc :0
qemu-system-x86_64: error: failed to set MSR 0x48d to 0xff00000016
qemu-system-x86_64: <...>: kvm_buf_set_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs' failed.
Aborted
QEMU thread: https://lists.gnu.org/archive/html/qemu-devel/2020-02/msg04838.html
Turns out, this is a KVM issue: when SynIC is enabled, PIN_BASED_POSTED_INTR
gets filtered out from VMX MSRs for all newly created (but not existent!)
vCPUS. Patch1 addresses this. Also, apicv disablement for L1 doesn't seem
to disable it for L2 (at least on CPU0) so unless there's a good reason
to not allow this we need to make it work. PATCH2, suggested by Paolo,
is supposed to do the job.
RFC: I looked at the code and ran some tests and nothing suspicious popped
out, however, I'm still not convinced this is a good idea to have apicv
enabled for L2 when it's disabled for L1... Also, we may prefer to merge
or re-order these two patches.
Vitaly Kuznetsov (2):
KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only
when apicv is globally disabled
KVM: nVMX: handle nested posted interrupts when apicv is disabled for
L1
arch/x86/include/asm/kvm_host.h | 2 +-
arch/x86/kvm/lapic.c | 5 +----
arch/x86/kvm/svm.c | 7 ++++++-
arch/x86/kvm/vmx/capabilities.h | 1 +
arch/x86/kvm/vmx/nested.c | 5 ++---
arch/x86/kvm/vmx/nested.h | 3 +--
arch/x86/kvm/vmx/vmx.c | 23 +++++++++++++----------
7 files changed, 25 insertions(+), 21 deletions(-)
--
2.24.1
