lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0e12d654-d388-a0f9-e7f9-7e96921786b7@oracle.com>
Date:   Tue, 7 Feb 2023 11:15:38 +0000
From:   Joao Martins <joao.m.martins@...cle.com>
To:     Igor Mammedov <imammedo@...hat.com>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Alejandro Jimenez <alejandro.j.jimenez@...cle.com>,
        Suravee Suthikulpanit <suravee.suthikulpanit@....com>,
        Sean Christopherson <seanjc@...gle.com>
Subject: Re: [PATCH v2 2/3] KVM: SVM: Modify AVIC GATag to support max number
 of 512 vCPUs

On 07/02/2023 08:33, Igor Mammedov wrote:
> On Tue,  7 Feb 2023 00:21:55 +0000
> Sean Christopherson <seanjc@...gle.com> wrote:
> 
>> From: Suravee Suthikulpanit <suravee.suthikulpanit@....com>
>>
>> Define AVIC_VCPU_ID_MASK based on AVIC_PHYSICAL_MAX_INDEX, i.e. the mask
>> that effectively controls the largest guest physical APIC ID supported by
>> x2AVIC, instead of hardcoding the number of bits to 8 (and the number of
>> VM bits to 24).
> 
> Is there any particular reason not to tie it to max supported by KVM
> KVM_MAX_VCPU_IDS?
> 
> Another question:
>  will guest fail to start when configured with more than 512 vCPUs
>  or it will start broken?
> 

I think the problem is not so much the GATag (which can really be anything at
the resolution you want). It's more of an SVM limit AIUI. Provided you can't
have GATAgs if you don't have guest-mode/AVIC active, then makes sense have the
same limit on both.

SVM seems to be limited to 256 vcpus in xAPIC mode or 512 vcpus in x2APIC
mode[0]. IIUC You actually won't be able to create guests with more than
512vcpus as KVM bound checks those max limits very early in the vCPU init (see
avic_init_vcpu()). I guess the alternative would an AVIC inhibit if vCPU count
goes beyond those limits -- probably a must have once avic flips to 1 by default
like Intel.

[0] in APM Volume 2 15.29.4.3 Physical Address Pointer Restrictions,

* All the addresses point to 4-Kbyte aligned data structures. Bits 11:0 are
reserved (except for offset 0F8h) and should be set to zero. The lower 8 bits of
offset 0F8h are used for the field AVIC_PHYSICAL_MAX_INDEX. VMRUN fails with
#VMEXIT(VMEXIT_INVALID) if AVIC_PHYSICAL_MAX_INDEX is greater than 255 in xAVIC
mode or greater than 511 in x2AVIC mode.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ