From 0d5048785d6edd2fee3b22aa6901e55539e07525 Mon Sep 17 00:00:00 2001

From: Paolo Bonzini <pbonzini@redhat.com>

Date: Mon, 22 Jul 2019 18:22:11 +0100

Subject: [PATCH 30/39] target/i386: kvm: Block migration for vCPUs exposed

 with nested virtualization

RH-Author: Paolo Bonzini <pbonzini@redhat.com>

Message-id: <20190722182220.19374-10-pbonzini@redhat.com>

Patchwork-id: 89633

O-Subject: [RHEL-8.1.0 PATCH qemu-kvm v3 09/18] target/i386: kvm: Block migration for vCPUs exposed with nested virtualization

Bugzilla: 1689269

RH-Acked-by: Peter Xu <zhexu@redhat.com>

RH-Acked-by: Laurent Vivier <lvivier@redhat.com>

RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

From: Liran Alon <liran.alon@oracle.com>

Commit d98f26073beb ("target/i386: kvm: add VMX migration blocker")

added a migration blocker for vCPU exposed with Intel VMX.

However, migration should also be blocked for vCPU exposed with

AMD SVM.

Both cases should be blocked because QEMU should extract additional

vCPU state from KVM that should be migrated as part of vCPU VMState.

E.g. Whether vCPU is running in guest-mode or host-mode.

Fixes: d98f26073beb ("target/i386: kvm: add VMX migration blocker")

Reviewed-by: Maran Wilson <maran.wilson@oracle.com>

Signed-off-by: Liran Alon <liran.alon@oracle.com>

Message-Id: <20190619162140.133674-6-liran.alon@oracle.com>

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

(cherry picked from commit 18ab37ba1cee290923240744288dbee8be9355fb)

Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>

---

 target/i386/cpu.c |  6 ------

 target/i386/cpu.h | 12 ++++++++++++

 target/i386/kvm.c | 14 +++++++-------

 3 files changed, 19 insertions(+), 13 deletions(-)

diff --git a/target/i386/cpu.c b/target/i386/cpu.c

index af62281..bd0b784 100644

--- a/target/i386/cpu.c

+++ b/target/i386/cpu.c

@@ -5034,12 +5034,6 @@ static int x86_cpu_filter_features(X86CPU *cpu)

     return rv;

 }

-#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \

-                           (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \

-                           (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)

-#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \

-                         (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \

-                         (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)

 static void x86_cpu_realizefn(DeviceState *dev, Error **errp)

 {

     CPUState *cs = CPU(dev);

diff --git a/target/i386/cpu.h b/target/i386/cpu.h

index 923dfcd..f595fc3 100644

--- a/target/i386/cpu.h

+++ b/target/i386/cpu.h

@@ -722,6 +722,13 @@ typedef uint32_t FeatureWordArray[FEATURE_WORDS];

 #define CPUID_VENDOR_VIA   "CentaurHauls"

+#define IS_INTEL_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_INTEL_1 && \

+                           (env)->cpuid_vendor2 == CPUID_VENDOR_INTEL_2 && \

+                           (env)->cpuid_vendor3 == CPUID_VENDOR_INTEL_3)

+#define IS_AMD_CPU(env) ((env)->cpuid_vendor1 == CPUID_VENDOR_AMD_1 && \

+                         (env)->cpuid_vendor2 == CPUID_VENDOR_AMD_2 && \

+                         (env)->cpuid_vendor3 == CPUID_VENDOR_AMD_3)

+

 #define CPUID_MWAIT_IBE     (1U << 1) /* Interrupts can exit capability */

 #define CPUID_MWAIT_EMX     (1U << 0) /* enumeration supported */

@@ -1829,6 +1836,11 @@ static inline int32_t x86_get_a20_mask(CPUX86State *env)

     }

 }

+static inline bool cpu_has_vmx(CPUX86State *env)

+{

+    return env->features[FEAT_1_ECX] & CPUID_EXT_VMX;

+}

+

 /* fpu_helper.c */

 void update_fp_status(CPUX86State *env);

 void update_mxcsr_status(CPUX86State *env);

diff --git a/target/i386/kvm.c b/target/i386/kvm.c

index 1a4ff3c..f741e8b 100644

--- a/target/i386/kvm.c

+++ b/target/i386/kvm.c

@@ -772,7 +772,7 @@ static int hyperv_handle_properties(CPUState *cs)

 }

 static Error *invtsc_mig_blocker;

-static Error *vmx_mig_blocker;

+static Error *nested_virt_mig_blocker;

 #define KVM_MAX_CPUID_ENTRIES  100

@@ -1116,13 +1116,13 @@ int kvm_arch_init_vcpu(CPUState *cs)

                                   !!(c->ecx & CPUID_EXT_SMX);

     }

-    if ((env->features[FEAT_1_ECX] & CPUID_EXT_VMX) && !vmx_mig_blocker) {

-        error_setg(&vmx_mig_blocker,

-                   "Nested VMX virtualization does not support live migration yet");

-        r = migrate_add_blocker(vmx_mig_blocker, &local_err);

+    if (cpu_has_vmx(env) && !nested_virt_mig_blocker) {

+        error_setg(&nested_virt_mig_blocker,

+                   "Nested virtualization does not support live migration yet");

+        r = migrate_add_blocker(nested_virt_mig_blocker, &local_err);

         if (local_err) {

             error_report_err(local_err);

-            error_free(vmx_mig_blocker);

+            error_free(nested_virt_mig_blocker);

             return r;

         }

     }

@@ -1191,7 +1191,7 @@ int kvm_arch_init_vcpu(CPUState *cs)

  fail:

     migrate_del_blocker(invtsc_mig_blocker);

  fail2:

-    migrate_del_blocker(vmx_mig_blocker);

+    migrate_del_blocker(nested_virt_mig_blocker);

     return r;

 }

-- 

1.8.3.1