On Tue, Jun 28, 2022 at 7:04 AM Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> wrote:
>
> Jim Mattson <jmattson@xxxxxxxxxx> writes:
>
> > On Mon, Jun 27, 2022 at 9:04 AM Vitaly Kuznetsov <vkuznets@xxxxxxxxxx> wrote:
> >>
> >> Changes since RFC:
> >> - "KVM: VMX: Extend VMX controls macro shenanigans" PATCH added and the
> >> infrastructure is later used in other patches [Sean] PATCHes 1-3 added
> >> to support the change.
> >> - "KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup" PATCH
> >> added [Sean].
> >> - Commit messages added.
> >>
> >> vmcs_config is a sanitized version of host VMX MSRs where some controls are
> >> filtered out (e.g. when Enlightened VMCS is enabled, some know bugs are
> >> discovered, some inconsistencies in controls are detected,...) but
> >> nested_vmx_setup_ctls_msrs() uses raw host MSRs instead. This may end up
> >> in exposing undesired controls to L1. Switch to using vmcs_config instead.
> >>
> >> Sean Christopherson (1):
> >> KVM: VMX: Clear controls obsoleted by EPT at runtime, not setup
> >>
> >> Vitaly Kuznetsov (13):
> >> KVM: VMX: Check VM_ENTRY_IA32E_MODE in setup_vmcs_config()
> >> KVM: VMX: Check CPU_BASED_{INTR,NMI}_WINDOW_EXITING in
> >> setup_vmcs_config()
> >> KVM: VMX: Tweak the special handling of SECONDARY_EXEC_ENCLS_EXITING
> >> in setup_vmcs_config()
> >> KVM: VMX: Extend VMX controls macro shenanigans
> >> KVM: VMX: Move CPU_BASED_CR8_{LOAD,STORE}_EXITING filtering out of
> >> setup_vmcs_config()
> >> KVM: VMX: Add missing VMEXIT controls to vmcs_config
> >> KVM: VMX: Add missing VMENTRY controls to vmcs_config
> >> KVM: VMX: Add missing CPU based VM execution controls to vmcs_config
> >> KVM: nVMX: Use sanitized allowed-1 bits for VMX control MSRs
> >> KVM: VMX: Store required-1 VMX controls in vmcs_config
> >> KVM: nVMX: Use sanitized required-1 bits for VMX control MSRs
> >> KVM: VMX: Cache MSR_IA32_VMX_MISC in vmcs_config
> >> KVM: nVMX: Use cached host MSR_IA32_VMX_MISC value for setting up
> >> nested MSR
> >>
> >> arch/x86/kvm/vmx/capabilities.h | 16 +--
> >> arch/x86/kvm/vmx/nested.c | 37 +++---
> >> arch/x86/kvm/vmx/nested.h | 2 +-
> >> arch/x86/kvm/vmx/vmx.c | 198 ++++++++++++++------------------
> >> arch/x86/kvm/vmx/vmx.h | 118 +++++++++++++++++++
> >> 5 files changed, 229 insertions(+), 142 deletions(-)
> >>
> >> --
> >> 2.35.3
> >>
> >
> > Just checking that this doesn't introduce any backwards-compatibility
> > issues. That is, all features that were reported as being available in
> > the past should still be available moving forward.
> >
>
> All the controls nested_vmx_setup_ctls_msrs() set are in the newly
> introduced KVM_REQ_VMX_*/KVM_OPT_VMX_* sets so we should be good here
> (unless I screwed up, of course).
>
> There's going to be some changes though. E.g this series was started by
> Anirudh's report when KVM was exposing SECONDARY_EXEC_TSC_SCALING while
> running on KVM and using eVMCS which doesn't support the control. This
> is a bug and I don't think we need and 'bug compatibility' here.
You cannot force VM termination on a kernel upgrade. On live migration
from an older kernel, the new kernel must be willing to accept the
suspended state of a VM that was running under the older kernel. In
particular, the new KVM_SET_MSRS must accept the values of the VMX
capability MSRS that userspace obtains from the older KVM_GET_MSRS. I
don't know if this is what you are referring to as "bug
compatibility," but if it is, then we absolutely do need it.
> Another change is that VM_ENTRY_LOAD_IA32_PERF_GLOBAL_CTRL/
> VM_EXIT_LOAD_IA32_PERF_GLOBAL_CTRL will now be filtered out on the
> "broken" CPUs (the list is in setup_vmcs_config()). I *think* this is
> also OK but if not, we can move the filtering to vmx_vmentry_ctrl()/
> vmx_vmexit_ctrl().
>
> --
> Vitaly
>
