|
| From: | Montes, Julio |
| Subject: | Re: [PATCH] target/i386: do not set unsupported VMX secondary execution controls |
| Date: | Tue, 31 Mar 2020 17:37:24 +0000 |
|
David
I'm using master
17083d6d1e Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
-
Cheers
Julio
From: Dr. David Alan Gilbert <address@hidden>
Sent: Tuesday, March 31, 2020 11:26 AM To: Montes, Julio <address@hidden> Cc: Paolo Bonzini <address@hidden>; Vitaly Kuznetsov <address@hidden>; address@hidden <address@hidden>; Marcelo Tosatti <address@hidden>; Eduardo Habkost <address@hidden>; Richard Henderson <address@hidden> Subject: Re: [PATCH] target/i386: do not set unsupported VMX secondary execution controls * Montes, Julio (address@hidden) wrote:
> Sorry for my last email, it was incomplete > > Hi Vitaly > > thanks for raising this, unfortunately this patch didn't work for me, I still get the same error: Are you trying that on top of 5.0 or ontop of the older 4.2 world? > qemu-system-x86_64: error: failed to set MSR 0x48b to 0x1582e00000000 > qemu-system-x86_64: /home/testpmem/go/src/github.com/kata-containers/qemu/target/i386/kvm.c:2695: kvm_buf_set_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs If my reading of 0x1582e00000000 is correct then we have: 0x1582e 00000000 VMX_SECONDARY_EXEC_RDSEED_EXITING 0x00010000 ! VMX_SECONDARY_EXEC_SHADOW_VMCS 0x00004000 ! VMX_SECONDARY_EXEC_ENABLE_INVPCID 0x00001000 VMX_SECONDARY_EXEC_RDRAND_EXITING 0x00000800 VMX_SECONDARY_EXEC_ENABLE_VPID 0x00000020 VMX_SECONDARY_EXEC_ENABLE_EPT 0x00000002 VMX_SECONDARY_EXEC_DESC 0x00000004 VMX_SECONDARY_EXEC_RDTSCP 0x00000008 > > my qemu command line: > /usr/bin/qemu-system-x86_64 -name sandbox-f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633 -uuid 8189ac12-5a5c-4989-bf82-c0218f8a3d33 -machine pc,accel=kvm,kernel_irqchip,nvdimm -cpu host,pmu=off -qmp unix:/run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/qmp.sock,server,nowait -m 2048M,slots=10,maxmem=17041M -device pci-bridge,bus=pci.0,id=pci-bridge-0,chassis_nr=1,shpc=on,addr=2,romfile= -device virtio-serial-pci,disable-modern=true,id=serial0,romfile= -device virtconsole,chardev=charconsole0,id=console0 -chardev socket,id=charconsole0,path=/run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/console.sock,server,nowait -device nvdimm,id=nv0,memdev=mem0 -object memory-backend-file,id=mem0,mem-path=/usr/share/kata-containers/kata-containers-clearlinux-32700-osbuilder-891b61c-agent-73afd1a.img,size=134217728 -device virtio-scsi-pci,id=scsi0,disable-modern=true,romfile= -object rng-random,id=rng0,filename=/dev/urandom -device virtio-rng-pci,rng=rng0,romfile= -device virtserialport,chardev=charch0,id=channel0,name=agent.channel.0 -chardev socket,id=charch0,path=/run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/kata.sock,server,nowait -device virtio-9p-pci,disable-modern=true,fsdev=extra-9p-kataShared,mount_tag=kataShared,romfile= -fsdev local,id=extra-9p-kataShared,path=/run/kata-containers/shared/sandboxes/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633,security_model=none -netdev tap,id=network-0,vhost=on,vhostfds=3,fds=4 -device driver=virtio-net-pci,netdev=network-0,mac=02:42:ac:11:00:02,disable-modern=true,mq=on,vectors=4,romfile= -global kvm-pit.lost_tick_policy=discard -vga none -no-user-config -nodefaults -nographic -daemonize -object memory-backend-ram,id=dimm1,size=2048M -numa node,memdev=dimm1 -kernel /usr/share/kata-containers/vmlinuz-5.4.15-71 -append tsc=reliable no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k console=hvc0 console=hvc1 iommu=off cryptomgr.notests net.ifnames=0 pci=lastbus=0 root=/dev/pmem0p1 rootflags=dax,data="" ro rootfstype=ext4 debug systemd.show_status=true systemd.log_level=debug panic=1 nr_cpus=4 agent.use_vsock=false systemd.unit=kata-containers.target systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket agent.log=debug agent.log=debug -pidfile /run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f37 > 7a877c03ddc64e1e5e8685633/pid -D /run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/qemu.log -smp 1,cores=1,threads=1,sockets=4,maxcpus=4 > > > > ./vmxcap output: > > secondary processor-based controls > Virtualize APIC accesses no > Enable EPT yes > Descriptor-table exiting yes > Enable RDTSCP yes > Virtualize x2APIC mode no > Enable VPID yes > WBINVD exiting no > Unrestricted guest no > APIC register emulation no > Virtual interrupt delivery no > PAUSE-loop exiting no > RDRAND exiting yes > Enable INVPCID yes > Enable VM functions no > VMCS shadowing no <<<<< > Enable ENCLS exiting no > RDSEED exiting no <<<<< > Enable PML no > EPT-violation #VE no > Conceal non-root operation from PT no > Enable XSAVES/XRSTORS no > Mode-based execute control (XS/XU) no > Sub-page write permissions no > GPA translation for PT no > TSC scaling no > User wait and pause no > ENCLV exiting no So we're apparently trying to enable both RDSEED_EXITING and SHADOW_VMCS which are missing. > On 31/03/20 18:27, Vitaly Kuznetsov wrote: > > case MSR_IA32_VMX_PROCBASED_CTLS2: > > - /* KVM forgot to add these bits for some time, do this ourselves. */ > > - if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & CPUID_XSAVE_XSAVES) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & CPUID_EXT_RDRAND) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_INVPCID) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & CPUID_7_0_EBX_RDSEED) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & CPUID_EXT2_RDTSCP) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32; > > + if (!has_msr_vmx_procbased_ctls2) { > > + /* KVM forgot to add these bits for some time, do this ourselves. */ > > + if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & > > + CPUID_XSAVE_XSAVES) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & > > + CPUID_EXT_RDRAND) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & > > + CPUID_7_0_EBX_INVPCID) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & > > + CPUID_7_0_EBX_RDSEED) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & > > + CPUID_EXT2_RDTSCP) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32; > > + } So you would think that would tkae care of RDSEED exiting - but what about VMCS shadowing? Dave > > } > > /* fall through */ > > case MSR_IA32_VMX_TRUE_PINBASED_CTLS: > > @@ -2060,6 +2068,9 @@ static int kvm_get_supported_msrs(KVMState *s) > > case MSR_IA32_UCODE_REV: > > has_msr_ucode_rev = true; > > break; > > + case MSR_IA32_VMX_PROCBASED_CTLS2: > > + has_msr_vmx_procbased_ctls2 = true; > > + break; > > } > > } > > } > > > > -- Dr. David Alan Gilbert / address@hidden / Manchester, UK |
| [Prev in Thread] | Current Thread | [Next in Thread] |