summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_WHPX/2461.toml
diff options
context:
space:
mode:
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_WHPX/2461.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_WHPX/2461.toml64
1 files changed, 64 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_WHPX/2461.toml b/gitlab/issues/target_missing/host_missing/accel_WHPX/2461.toml
new file mode 100644
index 00000000..72c10de3
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_WHPX/2461.toml
@@ -0,0 +1,64 @@
+id = 2461
+title = "Qemu with -accel whpx doesn't set WRMSR permissions, which blocks nested virtualization"
+state = "opened"
+created_at = "2024-07-26T17:41:16.874Z"
+closed_at = "n/a"
+labels = ["accel: WHPX"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2461"
+host-os = "Windows 11 23H2 Home"
+host-arch = "x86_64"
+qemu-version = "v9.0.0-12054-g923cf646f4"
+guest-os = "Ubuntu 22.04"
+guest-arch = "x86_64"
+description = """This bug blocks https://gitlab.com/qemu-project/qemu/-/issues/628
+
+Qemu doesn't set the host's Hyper-V permissions for WRMSR command to allow using SVM or VMX. Unset permissions lead to `unchecked MSR access error: WRMSR to 0xc0000080` inside Linux VM when trying to launch nested VM on real AMD cpu. Intel users do not see guest VMX feature at all. Please see **Additional info** section to understand how Hyper-V permissions for nested virtualization work in Windows."""
+reproduce = """1. Turn on VT-x (for Intel) or AMD-V virtualization in your real hardware BIOS/EFI. This was tested only on AMD cpu and Qemu 9, Intel \\*may\\* behave differently.
+ 2. Install any distro in qemu disk c:\\\\linux_disk.qcow2 with MSR enabled in kernel, for example, Ubuntu 22.04 LTS.
+ 3. Run qemu using `qemu-system-x86_64.exe -m 2048 -machine q35 -accel whpx -cpu Opteron_G5,check,+svm -hda c:\\linux_disk.qcow2`
+
+    To check if your distro has MSR mod enabled, run `grep -i msr /boot/config-$(uname -r)` and it should return `CONFIG_X86_MSR=m` or `CONFIG_X86_MSR=y`. If not, recompile and reinstall your kernel.
+ 4. Run `sudo modprobe msr` and then `sudo rdmsr 0xc0000080 #EFER`. You should see `d01` on modern AMD models. \\[Untested\\] For intel, run `sudo modprobe msr`, then `sudo rdmsr 0x3A`. You should see `5` or `0x5` or `0x100005`. d01 for AMD and 5 for Intel in output are necessary to enable nested VM. If RDMSR returns non-zero value, it means that qemu developers implemented this part of functionality and your Hyper-V on Windows is not broken.
+ 5. Run `cat /proc/cpuinfo | grep -c svm` on AMD cpu, which should output a positive digit.
+ 6. Run `sudo dmesg | grep kvm` and note:
+
+    `[1.924036] kvm_amd: Nested Virtualization enabled`
+
+    `[1.924038] kvm_amd: Nested Paging disabled`\\
+    `[1.924040] kvm_amd: PMU virtualization is disabled`
+ 7. This, in theory, is sufficient for KVM-acclelerated qemu to start a nested VM.
+ 8. Run `xhost si:localuser:root` to prevent `gtk initialization failed` error
+ 9. Run `sudo qemu-system-x86_64 -accel kvm`. A black window with "Guest has not initialized the display (yet)." appears.
+10. Run `sudo dmesg` and note qemu crash starting with `unchecked MSR access error: WRMSR`
+
+    \\* Steps 1-4 are only required for diagnostics, and KVM works (in native Windows Hyper-V manager) without the necessarity to enter these commands in usual usage scenarios. If you run <span dir="">`cat /proc/cpuinfo | grep -c vmx` on Intel cpu</span> on Step 5, you may get zero. See Step 5 of Additional Info to understand why.
+
+    \\
+    Microsoft released useful info about how to look into Hyper-V MSR access problems:\\
+    WRMSR research in Hyper-V - https://msrc.microsoft.com/blog/2018/12/first-steps-in-hyper-v-research/"""
+additional = """By default, Hyper-V manager in Windows does not allow nested virtualization.\\
+To see what happens, do the following:
+
+ 1. Open Hyper-V manager built in the host Windows and create default Ubuntu 22.04 LTS suggested. Upon installation, shut down the VM. Note the name of the VM ("Ubuntu 22.04 LTS" by default).
+ 2. Open Powershell console in the host and run `Set-VMProcessor -VMName "Ubuntu 22.04 LTS" -ExposeVirtualizationExtensions $false`
+ 3. Launch guest Ubuntu 22.04 LTS, open its terminal and run `sudo dmesg | grep kvm`. No output.
+ 4. Run `sudo rdmsr 0xc0000080 #EFER` that outputs d01, which means that Hyper-V manager allows this **ring 0 level** operation.
+ 5. Run `cat /proc/cpuinfo | grep -c svm` for AMD or `cat /proc/cpuinfo | grep -c vmx`  for Intel. Note that output is `0`.
+ 6. Shut the VM down.
+ 7. Now, Open Powershell console and `run Set-VMProcessor -VMName "Ubuntu 22.04 LTS" -ExposeVirtualizationExtensions $true`
+ 8. Launch Ubuntu 22.04 LTS, open its terminal and run `sudo dmesg | grep kvm`. Output:
+
+    `[2.369144] kvm: Nested Virtualization enabled`
+
+    `[2.369146] SVM: kvm: Nested Paging enabled`
+
+    `[2.369148] SVM: kvm: Hyper-V enlightened NPT TLB flush enabled`
+
+    `[2.369149] SVM: kvm: Hyper-V Direct TLB flush enabled`
+
+    `[2.369153] SVM: Virtual VMLOAD VMSAVE supported`
+ 9. Run `cat /proc/cpuinfo | grep -c svm` for AMD or `cat /proc/cpuinfo | grep -c vmx`  for Intel. Note that output is `1` or other positive digit, depending on the number of cpus you've assigned to the VM.
+10. Run `xhost si:localuser:root` to prevent `gtk initialization failed` error
+11. Run `sudo qemu-system-x86_64 -accel kvm` and it successfully boots into qemu BIOS.
+12. Running `sudo qemu-system-x86_64 -accel kvm` calls WRMSR in background, so if you see\\
+    booted qemu BIOS in KVM, wrmsr was successfully called."""