Bump patchset: v51 -> v52#153
Merged
phip1611 merged 178 commits intoMay 20, 2026
Merged
Conversation
phip1611
force-pushed
the
gardenlinux-next-v52
branch
from
bc2452a to
1a41fef
Compare
Member
Author
|
@olivereanderson please take a brief look. I grouped all your commits and brought them into consecutive order. Once cloud-hypervisor#8029 is merged - what are the implications for our fork? What is your recommendation to keep the patchset working and maintainable? What are your thoughts and ideas? |
I plan to backport cloud-hypervisor#8029 as soon as it is merged because the code is simply better. |
Member
Author
|
If possible, I'd prefer to not merge (or backport) anything into gardenlinux before we finish this. But we can plan this together next week as well! |
We can definitely merge this PR (v52) first. Let's discuss further next week 🙂 |
phip1611
force-pushed
the
gardenlinux-next-v52
branch
7 times, most recently
from
768a632 to
7ddbe2c
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
phip1611
force-pushed
the
gardenlinux-next-v52
branch
5 times, most recently
from
892081b to
c5d2ed1
Compare
Member
Author
|
All normal tests and the live migration tests are passing locally! 🥳 Pipeline is running! https://gitlab.cyberus-technology.de/cyberus/cloud/libvirt/-/merge_requests/194/pipelines |
phip1611
force-pushed
the
gardenlinux-next-v52
branch
4 times, most recently
from
4e67461 to
deca83b
Compare
phip1611
force-pushed
the
gardenlinux-next-v52
branch
from
deca83b to
601b1e8
Compare
phip1611
force-pushed
the
gardenlinux-next-v52
branch
from
505b051 to
873f3e0
Compare
We include a list of non-architectural MSRS. This list will only be used to help the CPU profile generation tool rule out MSRs that it does not know how to handle. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We include a list of MSRS defined by KVM that may be approved by CPU profiles and another list of those that may not be approved by CPU profiles. These lists will later be used by the CPU profile generation tool. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
The list of HyperV MSRs introduced here will be utilized during CPU profile generation and also at runtime to filter them out whenever `kvm_hyperv` is set to `false`. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We introduce functionality related to computing necessary MSR updates in accordance with the given CPU profile. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We introduce functionality to filter out MSRs which we want to deny guests from using. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We record the necessary MSR-based feature modifications that need to be set in the `CpuManager` and make sure to set these MSR values upon vCPU configuration. We also use the Vm to filter access to MSRs that are incompatible with the chosen CPU profile. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We adapt the CPU profile generation tool to also take the MSR-based features into account. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We regenerate the CPU profiles and include the MSR-related data. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
Windows server needs the machine check architecture (MCA) CPUID bit to be set in order to boot. Since Windows server is a use-case we want to support we need to revert our previous decision to disable MCA for non-host CPU profiles. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We permit these MSRs because they are expected to be available when the CPUID 0x1.EDX[14](MCA) feature bit is set. Recall that MCA is necessary in order to boot Windows Server which we want to support. We also do not list the error reporting banks as forbidden any longer. Aside: The previous implementation did not end up denying those MSRs anyway, because KVM does not report them via KVM_GET_MSR_INDEX_LIST. Now with MCA explicitly set, the guest will certainly expect the presence of error reporting banks, so we make sure not to indicate otherwise. Recall that by default KVM reports all (32) error banks as available and leaves all feature bits of IA32_MCG_CAP unset, hence the information displayed to the guest in these MSRs will remain consistent before and after a live migration in the absence of machine check errors. Note that as of today Cloud hypervisor does not transfer the error reporting banks to the destination of a live migration which can indeed lead to surprises, but on the other hand the information is likely to be inaccurate at the point of resume anyway. As a follow up we could try to mitigate the aforementioned problem by checking for MCEs during live migration and marking the migration as failed if any MCE occurred before or during the live migration. That should however be addressed in a separate PR. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
Regenerate CPU profiles in order to enable machine check architecture (MCA) for non-host CPU profiles which is required to boot Windows server. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
These are already displayed as not available to guests via CPUID for non-host CPU profiles, but we forgot to forbid the corresponding MSRs. The profiles we have generated are OK with respect to this oversight because KVM_GET_MSR_INDEX_LIST did not report those MSRs at the time they were generated, but it does now. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
Hardware duty cycling (HDC) does not make sense in the virtualization setting and should thus not be displayed as available to guests. We have already disabled certain HDC aspects via CPUID 0x6 ECX[13], but we forgot to disable the state components which is what we do in this commit. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We have already disabled architectural LBR (last branch record) for CPU profiles, but we forgot to disable the corresponding state components. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
Hardware P-states (HWP) is already disabled for non-host CPU profiles, but we forgot to also disable the associated state components. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We already disabled Processor Trace (PT) for CPU profiles, but forgot to disable the associated state components. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We have already forbidden IA32_PASID, an MSR related to process address space identifiers (PASID), but we forgot to disable the associated state components. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
Bit 56 of VM_ENTRY_HARDWARE_EXCEPTIONS in IA32_VMX_BASIC is only set on rather recent KVM versions. Thus whenever a CPU profile is generated on a machine with a recent Linux kernel, the current inherit policy will lead to the CPU profile being incompatible on deplyoments with older Linux kernels. This may not be the intention of the person generating the CPU profile, thus we change the policy to `Static(0)` for the time being. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
IA32_XSS (Extended Supervisor State Mask) is only reported via KVM_GET_MSR_INDEX_LIST on rather recent kernels. This can lead to CPU profiles that are generated on a machine with the latest Linux kernel, not work with deployments where the hosts use a bit older kernels which may be unintentional. We thus decide to forbid this MSR for now, even though CPUID 0xd.0x1.EAX[3] can inform the guest that the MSR is available. We do not want to force the aforementioned feature bit to 0 because it is also used to report support for XSAVES/XRSTORS. Although not ideal, we consider denying access to IA32_XSS to be acceptable because the 0xd CPUID leaves report all IA32_XSS related state components to be unsupported. There is thus no reason for the guest to be interested in using this MSR. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We have disabled LBR for non-host CPU profiles, but forgot to also do so in the VM-Exit and VM-Entry control MSRs. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We add developer documentation on how to use the CPU profile generation tool. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We will later use flate2 in arch/build.rs to compress CPU profile JSON files at compile time and also later to decompress them at runtime. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
We introduce a build.rs build script in the arch crate which automatically constructs the x86_64 CpuProfile enum with one variant per pre-generated CPU profile. In order to keep the binary size in check we also take the opportunity to compress the CPU profile JSON files into the binary which then get decompressed at runtime. We will adapt cpu_profile.rs in the next commit to use the output of build.rs Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
When we introduced our build script we forgot to tell `serde` to (de-) serialize the `CpuProfile` enum in kebab-case which is a breaking change. Signed-off-by: Oliver Anderson <oliver.anderson@cyberus-technology.de> On-behalf-of: SAP oliver.anderson@sap.com
phip1611
force-pushed
the
gardenlinux-next-v52
branch
from
df8700f to
8a11273
Compare
phip1611
merged commit 9902cf3
into
cyberus-technology:gardenlinux-next-v52-base
17 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This series bumps the gardenlinux Cloud Hypervisor patchset onto the recently released v52.
You can find an overview of the difficulties during the rebase in this outline document (trivial patches, hard to rebase patches, patches that are now upstream...).
From ~250 commits we have in the current
gardenlinuxbranch, we are now down to ~170.Changes & Hints for Reviewers
init A -> ... -> fix Acommits where squashed)pci_device_idfrom upstream back tobdf_deviceto be compatible with usCommand::CompletePausedfrom upstream (NEW) clashes with Command::KeepAlive` (our fork)flake: initcommit0ab89ac(#8254)The result is a shorter and more reviewable branch than
cyberus-github/gardenlinuxwhile preserving the relevant Gardenlinux behavioron top of the current Cloud Hypervisor base.
Ticket: https://github.com/cobaltcore-dev/cobaltcore/issues/503#issuecomment-4311454443