Bug 636494

Summary:	-cpu check does not correctly enforce CPUID items
Product:	Red Hat Enterprise Linux 6	Reporter:	Daniel Berrangé <berrange>
Component:	qemu-kvm	Assignee:	john cooper <john.cooper>
Status:	CLOSED ERRATA	QA Contact:	Virtualization Bugs <virt-bugs>
Severity:	medium	Docs Contact:
Priority:	low
Version:	6.1	CC:	bcao, mhusnain, michen, mjenner, mkenneth, nobody, snagar, tburke, virt-maint
Target Milestone:	rc
Target Release:	6.1
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	qemu-kvm-0.12.1.2-2.132.el6	Doc Type:	Bug Fix
Doc Text:	Previously, the VMX and SVM CPU features were not applied in a uniform manner. Additionally, the check and enforce options were incorrectly validated, which caused confusion for guests in specific scenarios. This is now fixed to uniformly disallow VMX for all instances and to allow SVM only if nested kvm is in effect. This fix removes the confusions for guests that occurs due to unintentional VMX and SVM exposure. -- Comments -- Perhaps a more concise summary of the issue would be: "VMX and SVM cpuid flags were not correctly screened and could be passed to the guest even in the case they did not exist on the host or could not be supported by kvm. As this has the potential to confuse a guest, this fix assures these cpuid flags are visible only when appropriate and warns an interested user in the event they have been requested but cannot be made available."	Story Points:	---
Clone Of:		Environment:
Last Closed:	2011-05-19 11:33:24 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	580954

Description Daniel Berrangé 2010-09-22 11:27:15 UTC

Description of problem:
The 'check' option for '-cpu' is supposed to validate the requested CPUID against the host CPUID. 

I run on an Intel host, and request the 'SVM' flag, which only AMD cpus support. KVM does not exit when asked to validate this.

A slightly different situation occurs with 'vmx'. My host CPU does support 'vmx', but the KVM kmod does not support nested VMX. Thus 'check' should throw an error upon requesting 'vmx'. Again KVM happily runs.

In the case of 'svm' in CPUID + 'svm' on host, the check should require the '-enable-nesting' option to be present before its allowed to pass the check.

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.112.el6

How reproducible:
Always

Steps to Reproduce:
1. See no results from   # grep svm /proc/cpuinfo 
2. Run # /usr/bin/qemu-kvm  -cpu Penryn,+svm,check,enforce
3. Run # /usr/bin/qemu-kvm  -cpu Penryn,+vmx,check,enforce
  
Actual results:
QEMU runs in both cases

Expected results:
QEMU does not run, due to missing 'svm' feature on the host in first case, and lack of nested 'vmx' in the second case.

Additional info:

Comment 4 john cooper 2010-10-11 23:33:12 UTC

Case addressed by the following patch (resolution
detail within):

http://post-office.corp.redhat.com/archives/rhvirt-patches/2010-October/msg00141.html

Note "enforce" implies "check" and the latter needn't
accompany the former.

Comment 9 Mike Cao 2011-02-15 04:54:06 UTC

Reproduced on qemu-kvm-0.12.1.2-2.131.el6
Verified on qemu-kvm-0.12.1.2-2.144.el6

Actual Results:
#/usr/libexec/qemu-kvm -cpu Penryn,+vmx,check,enforce
warning: host cpuid 0000_0001:ecx flag restricted to guest 'vmx' [0x00000020]
Unable to support requested x86 CPU definition

#/usr/libexec/qemu-kvm -cpu Penryn,+svm,check,enforce
warning: host cpuid 8000_0001:ecx lacks requested flag 'svm' [0x00000004]
Unable to support requested x86 CPU definition

Based on above ,this issue has already been fixed.

Comment 10 john cooper 2011-05-05 15:11:33 UTC

Add CCFR.

Comment 11 john cooper 2011-05-05 15:11:33 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
    Cpu features "vmx" and "svm" are not validated correctly for
"check" and "enforce" options.

Consequence
    These flags may confuse a guest in certain scenarios if exposed.
Also "check" and "enforce" semantics should be uniformly
applied.

Fix
    Disallow "vmx" in all cases and "svm" only if nested kvm is
in effect.

Result
    Elimination of guest confusion related to unintententional exposure
of "vmx' and "svm".

Comment 12 Misha H. Ali 2011-05-15 00:27:52 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,16 +1 @@
-Cause
+Previously, the VMX and SVM CPU features were not applied in a uniform manner. Additionally, the check and enforce options were incorrectly validated, which caused confusion for guests in specific scenarios. This is now fixed to uniformly disallow VMX for all instances and to allow SVM only if nested kvm is in effect. This fix removes the confusions for guests that occurs due to unintentional VMX and SVM exposure.-    Cpu features "vmx" and "svm" are not validated correctly for
-"check" and "enforce" options.
-
-Consequence
-    These flags may confuse a guest in certain scenarios if exposed.
-Also "check" and "enforce" semantics should be uniformly
-applied.
-
-Fix
-    Disallow "vmx" in all cases and "svm" only if nested kvm is
-in effect.
-
-Result
-    Elimination of guest confusion related to unintententional exposure
-of "vmx' and "svm".

Comment 13 john cooper 2011-05-16 15:23:37 UTC

tech notes update.

Comment 14 john cooper 2011-05-16 15:23:37 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,13 @@
-Previously, the VMX and SVM CPU features were not applied in a uniform manner. Additionally, the check and enforce options were incorrectly validated, which caused confusion for guests in specific scenarios. This is now fixed to uniformly disallow VMX for all instances and to allow SVM only if nested kvm is in effect. This fix removes the confusions for guests that occurs due to unintentional VMX and SVM exposure.+Previously, the VMX and SVM CPU features were not applied in a uniform manner. Additionally, the check and enforce options were incorrectly validated, which caused confusion for guests in specific scenarios. This is now fixed to uniformly disallow VMX for all instances and to allow SVM only if nested kvm is in effect. This fix removes the confusions for guests that occurs due to unintentional VMX and SVM exposure.
+
+-- Comments --
+
+Perhaps a more concise summary of the issue would be:
+
+"VMX and SVM cpuid flags were not correctly screened and
+could be passed to the guest even in the case they did not
+exist on the host or could not be supported by kvm.  As
+this has the potential to confuse a guest, this fix
+assures these cpuid flags are visible only when
+appropriate and warns an interested user in the event
+they have been requested but cannot be made available."

Comment 15 errata-xmlrpc 2011-05-19 11:33:24 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html

Comment 16 errata-xmlrpc 2011-05-19 12:49:15 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html