I found this in xen-unstable.hg c/s 15426: vmx: Exclude VMX_PROCBASED_CTL2 from set of MSRs a VMX guest is allowd to access. Signed-off-by: Keir Fraser <keir> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2601,7 +2601,7 @@ static inline int vmx_do_msr_read(struct case MSR_IA32_APICBASE: msr_content = vcpu_vlapic(v)->hw.apic_base_msr; break; - case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_CR4_FIXED1: + case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_PROCBASED_CTLS2: goto gp_fault; default: if ( long_mode_do_msr_read(regs) ) @@ -2727,7 +2727,7 @@ static inline int vmx_do_msr_write(struc case MSR_IA32_APICBASE: vlapic_msr_set(vcpu_vlapic(v), msr_content); break; - case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_CR4_FIXED1: + case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_PROCBASED_CTLS2: goto gp_fault; default: if ( !long_mode_do_msr_write(regs) ) The bits we use in VMX_PROCBASED_CTLS2 are "enable EPT" and "virtualize APIC accesses". I don't know what happens if a guest disable those, but I wouldn't be surprised if it's ugly so in the meanwhile I'm making the bug private.
The MSR write ultimately becomes a no-op, while other VMX registers fail and inject a #GP in the guest (the #GP in turn is trapped if using wrmsr_safe and becomes an EFAULT).
Created attachment 519794 [details] test module The test module should print "failed" twice.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Patch(es) available in kernel-2.6.18-284.el5 You can download this test kernel (or newer) from http://people.redhat.com/jwilson/el5 Detailed testing feedback is always welcomed.
Verified with kernel-xen-2.6.18-300.el5. On the 5.7 GA kernel host, insmod the module in comment 2 within HVM guests(RHEL5.7 i386, x86_64 and RHEL6.1 i386), got the following messages in dmesg: $ dmesg Check MSR write failed -14 MSR write succeeded 0 After update host to kernel-xen-2.6.18-300.el5, got the following messages: $ dmesg Check MSR write failed -14 MSR write failed -14
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0150.html