David I'm using master 17083d6d1e Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
- Cheers Julio ________________________________ From: Dr. David Alan Gilbert <[email protected]> Sent: Tuesday, March 31, 2020 11:26 AM To: Montes, Julio <[email protected]> Cc: Paolo Bonzini <[email protected]>; Vitaly Kuznetsov <[email protected]>; [email protected] <[email protected]>; Marcelo Tosatti <[email protected]>; Eduardo Habkost <[email protected]>; Richard Henderson <[email protected]> Subject: Re: [PATCH] target/i386: do not set unsupported VMX secondary execution controls * Montes, Julio ([email protected]) wrote: > Sorry for my last email, it was incomplete > > Hi Vitaly > > thanks for raising this, unfortunately this patch didn't work for me, I still > get the same error: Are you trying that on top of 5.0 or ontop of the older 4.2 world? > qemu-system-x86_64: error: failed to set MSR 0x48b to 0x1582e00000000 > qemu-system-x86_64: > /home/testpmem/go/src/github.com/kata-containers/qemu/target/i386/kvm.c:2695: > kvm_buf_set_msrs: Assertion `ret == cpu->kvm_msr_buf->nmsrs If my reading of 0x1582e00000000 is correct then we have: 0x1582e 00000000 VMX_SECONDARY_EXEC_RDSEED_EXITING 0x00010000 ! VMX_SECONDARY_EXEC_SHADOW_VMCS 0x00004000 ! VMX_SECONDARY_EXEC_ENABLE_INVPCID 0x00001000 VMX_SECONDARY_EXEC_RDRAND_EXITING 0x00000800 VMX_SECONDARY_EXEC_ENABLE_VPID 0x00000020 VMX_SECONDARY_EXEC_ENABLE_EPT 0x00000002 VMX_SECONDARY_EXEC_DESC 0x00000004 VMX_SECONDARY_EXEC_RDTSCP 0x00000008 > > my qemu command line: > /usr/bin/qemu-system-x86_64 -name > sandbox-f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633 > -uuid 8189ac12-5a5c-4989-bf82-c0218f8a3d33 -machine > pc,accel=kvm,kernel_irqchip,nvdimm -cpu host,pmu=off -qmp > unix:/run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/qmp.sock,server,nowait > -m 2048M,slots=10,maxmem=17041M -device > pci-bridge,bus=pci.0,id=pci-bridge-0,chassis_nr=1,shpc=on,addr=2,romfile= > -device virtio-serial-pci,disable-modern=true,id=serial0,romfile= -device > virtconsole,chardev=charconsole0,id=console0 -chardev > socket,id=charconsole0,path=/run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/console.sock,server,nowait > -device nvdimm,id=nv0,memdev=mem0 -object > memory-backend-file,id=mem0,mem-path=/usr/share/kata-containers/kata-containers-clearlinux-32700-osbuilder-891b61c-agent-73afd1a.img,size=134217728 > -device virtio-scsi-pci,id=scsi0,disable-modern=true,romfile= -object > rng-random,id=rng0,filename=/dev/urandom -device > virtio-rng-pci,rng=rng0,romfile= -device > virtserialport,chardev=charch0,id=channel0,name=agent.channel.0 -chardev > socket,id=charch0,path=/run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/kata.sock,server,nowait > -device > virtio-9p-pci,disable-modern=true,fsdev=extra-9p-kataShared,mount_tag=kataShared,romfile= > -fsdev > local,id=extra-9p-kataShared,path=/run/kata-containers/shared/sandboxes/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633,security_model=none > -netdev tap,id=network-0,vhost=on,vhostfds=3,fds=4 -device > driver=virtio-net-pci,netdev=network-0,mac=02:42:ac:11:00:02,disable-modern=true,mq=on,vectors=4,romfile= > -global kvm-pit.lost_tick_policy=discard -vga none -no-user-config > -nodefaults -nographic -daemonize -object > memory-backend-ram,id=dimm1,size=2048M -numa node,memdev=dimm1 -kernel > /usr/share/kata-containers/vmlinuz-5.4.15-71 -append tsc=reliable > no_timer_check rcupdate.rcu_expedited=1 i8042.direct=1 i8042.dumbkbd=1 > i8042.nopnp=1 i8042.noaux=1 noreplace-smp reboot=k console=hvc0 console=hvc1 > iommu=off cryptomgr.notests net.ifnames=0 pci=lastbus=0 root=/dev/pmem0p1 > rootflags=dax,data=ordered,errors=remount-ro ro rootfstype=ext4 debug > systemd.show_status=true systemd.log_level=debug panic=1 nr_cpus=4 > agent.use_vsock=false systemd.unit=kata-containers.target > systemd.mask=systemd-networkd.service systemd.mask=systemd-networkd.socket > agent.log=debug agent.log=debug -pidfile > /run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f37 > 7a877c03ddc64e1e5e8685633/pid -D > /run/vc/vm/f218abcb05f6e05cc68768f74e9106303066f377a877c03ddc64e1e5e8685633/qemu.log > -smp 1,cores=1,threads=1,sockets=4,maxcpus=4 > > > > ./vmxcap output: > > secondary processor-based controls > Virtualize APIC accesses no > Enable EPT yes > Descriptor-table exiting yes > Enable RDTSCP yes > Virtualize x2APIC mode no > Enable VPID yes > WBINVD exiting no > Unrestricted guest no > APIC register emulation no > Virtual interrupt delivery no > PAUSE-loop exiting no > RDRAND exiting yes > Enable INVPCID yes > Enable VM functions no > VMCS shadowing no <<<<< > Enable ENCLS exiting no > RDSEED exiting no <<<<< > Enable PML no > EPT-violation #VE no > Conceal non-root operation from PT no > Enable XSAVES/XRSTORS no > Mode-based execute control (XS/XU) no > Sub-page write permissions no > GPA translation for PT no > TSC scaling no > User wait and pause no > ENCLV exiting no So we're apparently trying to enable both RDSEED_EXITING and SHADOW_VMCS which are missing. > On 31/03/20 18:27, Vitaly Kuznetsov wrote: > > case MSR_IA32_VMX_PROCBASED_CTLS2: > > - /* KVM forgot to add these bits for some time, do this ourselves. > > */ > > - if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & > > CPUID_XSAVE_XSAVES) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & > > CPUID_EXT_RDRAND) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & > > CPUID_7_0_EBX_INVPCID) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & > > CPUID_7_0_EBX_RDSEED) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32; > > - } > > - if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & > > CPUID_EXT2_RDTSCP) { > > - value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32; > > + if (!has_msr_vmx_procbased_ctls2) { > > + /* KVM forgot to add these bits for some time, do this > > ourselves. */ > > + if (kvm_arch_get_supported_cpuid(s, 0xD, 1, R_ECX) & > > + CPUID_XSAVE_XSAVES) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_XSAVES << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 1, 0, R_ECX) & > > + CPUID_EXT_RDRAND) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_RDRAND_EXITING << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & > > + CPUID_7_0_EBX_INVPCID) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_ENABLE_INVPCID << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 7, 0, R_EBX) & > > + CPUID_7_0_EBX_RDSEED) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_RDSEED_EXITING << 32; > > + } > > + if (kvm_arch_get_supported_cpuid(s, 0x80000001, 0, R_EDX) & > > + CPUID_EXT2_RDTSCP) { > > + value |= (uint64_t)VMX_SECONDARY_EXEC_RDTSCP << 32; > > + } So you would think that would tkae care of RDSEED exiting - but what about VMCS shadowing? Dave > > } > > /* fall through */ > > case MSR_IA32_VMX_TRUE_PINBASED_CTLS: > > @@ -2060,6 +2068,9 @@ static int kvm_get_supported_msrs(KVMState *s) > > case MSR_IA32_UCODE_REV: > > has_msr_ucode_rev = true; > > break; > > + case MSR_IA32_VMX_PROCBASED_CTLS2: > > + has_msr_vmx_procbased_ctls2 = true; > > + break; > > } > > } > > } > > > > -- Dr. David Alan Gilbert / [email protected] / Manchester, UK
