Bug 732752 – exclude VMX_PROCBASED_CTL2 from the MSRs a VMX guest is allowed to access

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 732752 - exclude VMX_PROCBASED_CTL2 from the MSRs a VMX guest is allowed to access

Summary:	exclude VMX_PROCBASED_CTL2 from the MSRs a VMX guest is allowed to access

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	kernel-xen (Show other bugs)
Sub Component:
Version:	5.7
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Paolo Bonzini
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	514490
	Show dependency tree / graph

Reported:	2011-08-23 09:49 EDT by Paolo Bonzini
Modified:	2012-02-20 22:53 EST (History)
CC List:	8 users (show)

See Also:
Fixed In Version:	kernel-2.6.18-284.el5
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-02-20 22:53:36 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
test module (1.26 KB, application/zip) 2011-08-25 05:13 EDT, Paolo Bonzini	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0150	normal	SHIPPED_LIVE	Moderate: Red Hat Enterprise Linux 5.8 kernel update	2012-02-21 02:35:24 EST

Groups: None (edit)

Description Paolo Bonzini 2011-08-23 09:49:04 EDT

I found this in xen-unstable.hg c/s 15426:

vmx: Exclude VMX_PROCBASED_CTL2 from set of MSRs a VMX guest is allowd
to access.
Signed-off-by: Keir Fraser <keir@xensource.com>

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2601,7 +2601,7 @@ static inline int vmx_do_msr_read(struct
     case MSR_IA32_APICBASE:
         msr_content = vcpu_vlapic(v)->hw.apic_base_msr;
         break;
-    case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_CR4_FIXED1:
+    case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_PROCBASED_CTLS2:
         goto gp_fault;
     default:
         if ( long_mode_do_msr_read(regs) )
@@ -2727,7 +2727,7 @@ static inline int vmx_do_msr_write(struc
     case MSR_IA32_APICBASE:
         vlapic_msr_set(vcpu_vlapic(v), msr_content);
         break;
-    case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_CR4_FIXED1:
+    case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_PROCBASED_CTLS2:
         goto gp_fault;
     default:
         if ( !long_mode_do_msr_write(regs) )


The bits we use in VMX_PROCBASED_CTLS2 are "enable EPT" and "virtualize APIC accesses".  I don't know what happens if a guest disable those, but I wouldn't be surprised if it's ugly so in the meanwhile I'm making the bug private.

Comment 1 Paolo Bonzini 2011-08-25 05:12:47 EDT

The MSR write ultimately becomes a no-op, while other VMX registers fail and inject a #GP in the guest (the #GP in turn is trapped if using wrmsr_safe and becomes an EFAULT).

Comment 2 Paolo Bonzini 2011-08-25 05:13:44 EDT

Created attachment 519794 [details]
test module

The test module should print "failed" twice.

Comment 3 RHEL Product and Program Management 2011-08-25 05:29:41 EDT

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 5 Jarod Wilson 2011-09-02 11:41:45 EDT

Patch(es) available in kernel-2.6.18-284.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.

Comment 6 Jarod Wilson 2011-09-02 13:43:26 EDT

Patch(es) available in kernel-2.6.18-284.el5
You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5
Detailed testing feedback is always welcomed.

Comment 8 Qixiang Wan 2011-12-07 02:14:03 EST

Verified with kernel-xen-2.6.18-300.el5.

On the 5.7 GA kernel host, insmod the module in comment 2 within HVM guests(RHEL5.7 i386, x86_64 and RHEL6.1 i386), got the following messages in dmesg:

$ dmesg
Check MSR write failed -14
MSR write succeeded 0

After update host to kernel-xen-2.6.18-300.el5, got the following messages:

$ dmesg
Check MSR write failed -14
MSR write failed -14

Comment 9 errata-xmlrpc 2012-02-20 22:53:36 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0150.html

Note You need to log in before you can comment on or make changes to this bug.