Re: [PATCH v2] KVM: VMX: Enable Notify VM exit

From: Xiaoyao Li
Date: Tue Sep 07 2021 - 09:33:42 EST

On 9/3/2021 12:29 AM, Sean Christopherson wrote:
On Thu, Sep 02, 2021, Chenyi Qiang wrote:
On 8/3/2021 8:38 AM, Xiaoyao Li wrote:
On 8/2/2021 11:46 PM, Sean Christopherson wrote:
IIRC, SGX instructions have a hard upper bound of 25k cycles before they
have to check for pending interrupts, e.g. it's why EINIT is
interruptible. The 25k cycle limit is likely a good starting point for
the combined minimum. That's why I want to know the internal minimum; if
the internal minimum is _guaranteed_ to be >25k, then KVM can be more
aggressive with its default value.

OK. I will go internally to see if we can publish the internal threshold.

Hi Sean,

After syncing internally, we know that the internal threshold is not
architectural but a model-specific value. It will be published in some place
in future.

Any chance it will also be discoverable, e.g. via an MSR?

I also hope we can expose it via MSR. If not, we can maintain a table per FMS in KVM to get the internal threshold. However, per FMS info is not friendly to be virtualized (when we are going to enable the nested support). I'll try to persuade internal to expose it via MSR, but I guarantee nothing.

That would be ideal
as we could give the module param an "auto" mode where the combined threshold is
set to a minimum KVM-defined value, e.g.

static int __read_mostly notify_window = -1;
module_param(notify_window, int, 444);


rdmsrl_safe(MSR_NOTIFY_WINDOW_BUFFER, &buffer);
if (notify_window == -1) {
notify_window = 0;
notifiy_window = KVM_DEFAULT_NOTIFY_WINDOW - buffer;

On Sapphire Rapids platform, the threshold is 128k. With this in mind, is it
appropriate to set 0 as the default value of notify_window?

Maybe? That's still not a guarantee that _future_ CPUs will have an internal
threshold >25k.

but we can always use the formula above to guarantee it.

vmcs.notify_window = KVM_DEFAULT_NOTIFY_WINDOW > internal ?

On a related topic, this needs tests. One thought would be to stop unconditionally
intercepting #AC if NOTIFY_WINDOW is enabled, and then have the test set up the
infinite #AC vectoring scenario.

yes, we have already tested with this case with notify_window set to 0. No false positive.