Project

General

Profile

Bug #12916

bhyve should be able to limit vmx capabilities

Added by Patrick Mooney 5 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Category:
bhyve
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
bhyve
Gerrit CR:

Description

Presently, bhyve detects certain the availability of certain CPU capabilities such as APICv during loading. If it fines any of these capabilities, it enables them globally for all VMs. It does so in a way that makes it challenging to create a VM which does not use those capabilities. Being able to test various combinations, or the total absence of those capabilities when running on a CPU that features them all would be useful. We should start splitting up how the capabilities are detected and then later activated.

#1

Updated by Electric Monk 5 months ago

  • Gerrit CR set to 767
#2

Updated by Patrick Mooney 5 months ago

With this patch applied, I can see the VMX capabilities properly populated on an Ivy Bridge test system:

> vmx_capabilities::print
0xf (VMX_CAP_{TPR_SHADOW|APICV|APICV_X2APIC|APICV_PIR})

I can zero out the global vmx_capabilities without affecting the operation of existing guests, as they have a local copy which represents the capability state at the time of their creation.

By toggling bits in vmx_capabilities via mdb -kw, emulation logic which doesn't rely on those CPU features can be tested on a machine which is nonetheless capable. With the default capabilities on that machine, calls to vmx_post_intr() can be seen (using APICv posted-interrupts). With it disabled (vmx_capabilities = 0x7), the posted interrupt calls disappear, but @vmx_set_intr_ready() calls are still prevalent, as the remaining APICv functionality is still used. With all but TPR-shadowing disabled, the APICv calls disappear, but we can see vlapic_get_cr8 calls during VMX entry setup as that state is synchronized into the VMCS. With vmx_capabilities zeroed out, the guest still runs fine, but bhyve uses all of the in-kernel APIC emulation, rather than the advanced VMX features.

#3

Updated by Patrick Mooney 5 months ago

I fired this up on an older (and less capable) Westmere machine to make sure it properly detected and enabled the available VMX features:

> vmx_capabilities::print
0x1 (VMX_CAP_TPR_SHADOW)

It booted and ran a Linux guest just as it had prior to the change.

#4

Updated by Electric Monk 4 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit c3ae3afa3e57b39e29577c4b791adbe511bb7e3f

commit  c3ae3afa3e57b39e29577c4b791adbe511bb7e3f
Author: Patrick Mooney <pmooney@pfmooney.com>
Date:   2020-07-28T19:43:29.000Z

    12916 bhyve should be able to limit vmx capabilities
    12917 bhyve should always use Unrestricted Guest
    Reviewed by: Mike Zeller <mike.zeller@joyent.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF