public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Stefan Sterz <s.sterz@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH pve-kernel] backport exposing FLUSHBYASID when running nested VMs on AMD CPUs
Date: Thu, 19 Oct 2023 16:59:12 +0200	[thread overview]
Message-ID: <20231019145912.3152371-1-s.sterz@proxmox.com> (raw)

this exposes the FLUSHBYASID CPU flag to nested VMs when running on an
AMD CPU. also reverts a made up check that would advertise
FLUSHBYASID as not supported. this enable certain modern hypervisors
such as VMWare ESXi 7 and Workstation 17 to run nested VMs properly
again.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
---
 ...k-for-reserved-encodings-of-TLB_CONT.patch | 49 +++++++++++++++++++
 ...-Advertise-support-for-flush-by-ASID.patch | 39 +++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch
 create mode 100644 patches/kernel/0015-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch

diff --git a/patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch b/patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch
new file mode 100644
index 0000000..2c77272
--- /dev/null
+++ b/patches/kernel/0014-Revert-nSVM-Check-for-reserved-encodings-of-TLB_CONT.patch
@@ -0,0 +1,49 @@
+From 379ad2e0326c55682d0bb9391f16f1072fe400d2 Mon Sep 17 00:00:00 2001
+From: Stefan Sterz <s.sterz@proxmox.com>
+Date: Wed, 18 Oct 2023 10:45:45 +0200
+Subject: [PATCH 1/2] Revert "nSVM: Check for reserved encodings of TLB_CONTROL
+ in nested VMCB"
+
+This reverts commit 174a921b6975ef959dd82ee9e8844067a62e3ec1.
+
+Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
+---
+ arch/x86/kvm/svm/nested.c | 15 ---------------
+ 1 file changed, 15 deletions(-)
+
+diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
+index add65dd59756..61a6c0235519 100644
+--- a/arch/x86/kvm/svm/nested.c
++++ b/arch/x86/kvm/svm/nested.c
+@@ -242,18 +242,6 @@ static bool nested_svm_check_bitmap_pa(struct kvm_vcpu *vcpu, u64 pa, u32 size)
+ 	    kvm_vcpu_is_legal_gpa(vcpu, addr + size - 1);
+ }
+
+-static bool nested_svm_check_tlb_ctl(struct kvm_vcpu *vcpu, u8 tlb_ctl)
+-{
+-	/* Nested FLUSHBYASID is not supported yet.  */
+-	switch(tlb_ctl) {
+-		case TLB_CONTROL_DO_NOTHING:
+-		case TLB_CONTROL_FLUSH_ALL_ASID:
+-			return true;
+-		default:
+-			return false;
+-	}
+-}
+-
+ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
+ 					 struct vmcb_ctrl_area_cached *control)
+ {
+@@ -273,9 +261,6 @@ static bool __nested_vmcb_check_controls(struct kvm_vcpu *vcpu,
+ 					   IOPM_SIZE)))
+ 		return false;
+
+-	if (CC(!nested_svm_check_tlb_ctl(vcpu, control->tlb_ctl)))
+-		return false;
+-
+ 	return true;
+ }
+
+--
+2.39.2
+
diff --git a/patches/kernel/0015-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch b/patches/kernel/0015-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
new file mode 100644
index 0000000..611a90c
--- /dev/null
+++ b/patches/kernel/0015-KVM-nSVM-Advertise-support-for-flush-by-ASID.patch
@@ -0,0 +1,39 @@
+From 42af81abf0b96ab661591d024aed55c05dd85b91 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Wed, 18 Oct 2023 12:41:04 -0700
+Subject: [PATCH 2/2] KVM: nSVM: Advertise support for flush-by-ASID
+
+Advertise support for FLUSHBYASID when nested SVM is enabled, as KVM can
+always emulate flushing TLB entries for a vmcb12 ASID, e.g. by running L2
+with a new, fresh ASID in vmcb02.  Some modern hypervisors, e.g. VMWare
+Workstation 17, require FLUSHBYASID support and will refuse to run if it's
+not present.
+
+Punt on proper support, as "Honor L1's request to flush an ASID on nested
+VMRUN" is one of the TODO items in the (incomplete) list of issues that
+need to be addressed in order for KVM to NOT do a full TLB flush on every
+nested SVM transition (see nested_svm_transition_tlb_flush()).
+
+Reported-by: Stefan Sterz <s.sterz@proxmox.com>
+Closes: https://lkml.kernel.org/r/b9915c9c-4cf6-051a-2d91-44cc6380f455%40proxmox.com
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
+---
+ arch/x86/kvm/svm/svm.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
+index 9a194aa1a75a..0fde9b0c464b 100644
+--- a/arch/x86/kvm/svm/svm.c
++++ b/arch/x86/kvm/svm/svm.c
+@@ -4880,6 +4880,7 @@ static __init void svm_set_cpu_caps(void)
+ 	if (nested) {
+ 		kvm_cpu_cap_set(X86_FEATURE_SVM);
+ 		kvm_cpu_cap_set(X86_FEATURE_VMCBCLEAN);
++		kvm_cpu_cap_set(X86_FEATURE_FLUSHBYASID);
+
+ 		if (nrips)
+ 			kvm_cpu_cap_set(X86_FEATURE_NRIPS);
+--
+2.39.2
+
--
2.39.2





             reply	other threads:[~2023-10-19 14:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-19 14:59 Stefan Sterz [this message]
2023-10-21 10:46 ` [pve-devel] applied: " Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20231019145912.3152371-1-s.sterz@proxmox.com \
    --to=s.sterz@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal