Bug 732752
| Summary: | exclude VMX_PROCBASED_CTL2 from the MSRs a VMX guest is allowed to access | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Paolo Bonzini <pbonzini> | ||||
| Component: | kernel-xen | Assignee: | Paolo Bonzini <pbonzini> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 5.7 | CC: | drjones, imammedo, leiwang, lersek, mrezanin, pmatouse, qguan, qwan | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | kernel-2.6.18-284.el5 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2012-02-21 03:53:36 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 514490 | ||||||
| Attachments: |
|
||||||
The MSR write ultimately becomes a no-op, while other VMX registers fail and inject a #GP in the guest (the #GP in turn is trapped if using wrmsr_safe and becomes an EFAULT). Created attachment 519794 [details]
test module
The test module should print "failed" twice.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Patch(es) available in kernel-2.6.18-284.el5 You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5 Detailed testing feedback is always welcomed. Patch(es) available in kernel-2.6.18-284.el5 You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5 Detailed testing feedback is always welcomed. Verified with kernel-xen-2.6.18-300.el5. On the 5.7 GA kernel host, insmod the module in comment 2 within HVM guests(RHEL5.7 i386, x86_64 and RHEL6.1 i386), got the following messages in dmesg: $ dmesg Check MSR write failed -14 MSR write succeeded 0 After update host to kernel-xen-2.6.18-300.el5, got the following messages: $ dmesg Check MSR write failed -14 MSR write failed -14 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0150.html |
I found this in xen-unstable.hg c/s 15426: vmx: Exclude VMX_PROCBASED_CTL2 from set of MSRs a VMX guest is allowd to access. Signed-off-by: Keir Fraser <keir> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2601,7 +2601,7 @@ static inline int vmx_do_msr_read(struct case MSR_IA32_APICBASE: msr_content = vcpu_vlapic(v)->hw.apic_base_msr; break; - case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_CR4_FIXED1: + case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_PROCBASED_CTLS2: goto gp_fault; default: if ( long_mode_do_msr_read(regs) ) @@ -2727,7 +2727,7 @@ static inline int vmx_do_msr_write(struc case MSR_IA32_APICBASE: vlapic_msr_set(vcpu_vlapic(v), msr_content); break; - case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_CR4_FIXED1: + case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_PROCBASED_CTLS2: goto gp_fault; default: if ( !long_mode_do_msr_write(regs) ) The bits we use in VMX_PROCBASED_CTLS2 are "enable EPT" and "virtualize APIC accesses". I don't know what happens if a guest disable those, but I wouldn't be surprised if it's ugly so in the meanwhile I'm making the bug private.