Bug 711070
Summary: | mask the SMEP bit for PV, do the same or backport SMEP emulation for HVM | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Paolo Bonzini <pbonzini> |
Component: | kernel-xen | Assignee: | Igor Mammedov <imammedo> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 5.7 | CC: | ddugger, drjones, imammedo, jzheng, leiwang, mrezanin, pcao, qwan, xen-maint |
Target Milestone: | rc | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | kernel-2.6.18-294.el5 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-21 03:35:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 526862 | ||
Bug Blocks: | 514489 | ||
Attachments: |
Description
Paolo Bonzini
2011-06-06 12:47:52 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. First part of back-port is done. But as for back-porting HVM support for it I've chosen easy way, i.e. mask SMEP from HVM guest (done). It's too much difference in hvm code with upstream, and scary dependencies for example: c/s 17917. Queued reservation of ivy bridge beaker box for testing. Also tested on box without SMEP support: x86_64 host: 32-bit pv guest, 64-bit pv guest Looks like nothing regressed on older hardware so far. Created attachment 524631 [details] patch for RHEL5 kernel to verify if SMEP is visible via pv_cpuid Kernel build with smep enabled hv and patched kernel to check it. https://brewweb.devel.redhat.com/taskinfo?taskID=3658054 Created attachment 524633 [details]
[RHEL5.8 Xen PATCH 1/2] x86: Enable Supervisor Mode Execution Protection (SMEP)
Created attachment 524634 [details]
[RHEL5.8 Xen PATCH 2/2] x86: Hide SMEP support from HVM guest
Created attachment 526888 [details]
[RHEL5.8 Xen PATCH 1/2] xen: mask out SMEP feature from PV guest
Created attachment 526889 [details]
[RHEL5.8 Xen PATCH 2/2] x86: Hide SMEP support from HVM guest
Closing because CPUID white-listing will cover masking out leaf 7. And there is no point in fixing up CR4 since it's not enabled in hv in first place and guest can't set it. *** This bug has been marked as a duplicate of bug 526862 *** Moving to POST, since the patch posted for bug 526862 is intended to cover this bug as well. Patch(es) available in kernel-2.6.18-294.el5 You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5 Detailed testing feedback is always welcomed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0150.html |