lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 3 May 2022 20:04:40 +0700
From:   Suravee Suthikulpanit <suravee.suthikulpanit@....com>
To:     Maxim Levitsky <mlevitsk@...hat.com>, linux-kernel@...r.kernel.org,
        kvm@...r.kernel.org
Cc:     pbonzini@...hat.com, seanjc@...gle.com, joro@...tes.org,
        jon.grimm@....com, wei.huang2@....com, terry.bowman@....com
Subject: Re: [PATCH v2 08/12] KVM: SVM: Update AVIC settings when changing
 APIC mode

Maxim,

On 5/3/22 12:13 AM, Maxim Levitsky wrote:
>> In the kvm/queue branch, I found a regression on nested SVM guest, where L2 guest cannot
>> launch. The bad commit is:
>>
>> commit a4cfff3f0f8c07f1f7873a82bdeb3995807dac8c (bisect)
>> Merge: 42dcbe7d8bac 8d5678a76689
>> Author: Paolo Bonzini<pbonzini@...hat.com>
>> Date:   Fri Apr 8 12:43:40 2022 -0400
>>
>>       Merge branch 'kvm-older-features' into HEAD
>>
>>       Merge branch for features that did not make it into 5.18:
>>
>>       * New ioctls to get/set TSC frequency for a whole VM
>>
>>       * Allow userspace to opt out of hypercall patching
>>
>>       Nested virtualization improvements for AMD:
>>
>>       * Support for "nested nested" optimizations (nested vVMLOAD/VMSAVE,
>>         nested vGIF)
>>
>>       * Allow AVIC to co-exist with a nested guest running
>>
>>       * Fixes for LBR virtualizations when a nested guest is running,
>>         and nested LBR virtualization support
>>
>>       * PAUSE filtering for nested hypervisors
>>
>>       Guest support:
>>
>>       * Decoupling of vcpu_is_preempted from PV spinlocks
>>
>>       Signed-off-by: Paolo Bonzini<pbonzini@...hat.com>
>>
>> I am still working on the bisect into the merge commits.
>>
>> Regards,
>> Suravee
>>
> What happens when the guest can't launch? It sure works for me for kvm/queue
> from yesterday.
> 
> I'll test again tomorrow.

I have bisected it to this commit:

commit 74fd41ed16fd71725e69e2cb90b755505326c2e6
Author: Maxim Levitsky <mlevitsk@...hat.com>
Date:   Tue Mar 22 19:40:47 2022 +0200

     KVM: x86: nSVM: support PAUSE filtering when L0 doesn't intercept PAUSE

     Expose the pause filtering and threshold in the guest CPUID
     and support PAUSE filtering when possible:

     - If the L0 doesn't intercept PAUSE (cpu_pm=on), then allow L1 to
       have full control over PAUSE filtering.

     - if the L1 doesn't intercept PAUSE, use host values and update
       the adaptive count/threshold even when running nested.

     - Otherwise always exit to L1; it is not really possible to merge
       the fields correctly.  It is expected that in this case, userspace
       will not enable this feature in the guest CPUID, to avoid having the
       guest update both fields pointlessly.

     Signed-off-by: Maxim Levitsky <mlevitsk@...hat.com>
     Message-Id: <20220322174050.241850-4-mlevitsk@...hat.com>
     Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>

I can revert this one or specify pause_filter_count=0 pause_filter_thresh=0,
and then I can boot the L2 guest.

Regards,
Suravee

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ