lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 18 Jun 2008 18:08:56 -0700 (PDT)
From:	Eli Collins <ecollins@...are.com>
To:	Martin Michlmayr <tbm@...ius.com>
Cc:	"devzero@....de" <devzero@....de>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Javier Guerra <javier@...rrag.com>,
	Anthony Liguori <anthony@...emonkey.ws>
Subject: Re: Linux with kvm-intel locks up VMplayer guest is started


Hi Martin,

This lockup is fixed in the latest dot releases of Workstation, Player, 
and Server.

The vmmon module now checks if VT is already enabled (actually it just 
tests if CR4.VMXE is set since checking if the cpu is in VMX mode is a 
pain). The vmmon module enables VMX mode when world switching to our 
monitor and disables it when world switching back to the host. The 
kvm-intel module puts the cpu(s) in VMX mode and does not exit VMX mode 
until the module is unloaded, so if you want to run player and kvm you 
need to first unload the kvm-intel module. However, this only works with 
very recent kvm modules. If you're using a kvm-intel module that doesn't 
contain the patch I submitted a couple weeks ago then even unloading the 
kvm-intel module is not enough since it leaves CR4.VMXE set. So for "old" 
modules you need to not load the kvm-intel module in the first place.

Note that the above is only relevant to kvm-intel. The vmmon and kvm-amd 
modules do not need exclusive access to SVM mode. I've run VMs on kvm-69 
and Workstation 6.5 beta simultaneously on an AMD-V host without any 
issues.

Also note that this issue is relevant for any software that wants to use 
VT: QEMU, VirtualBox, Parallels, etc. won't be able to if the host (via 
the kvm-intel module) has already claimed it.

Thanks,
Eli
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ