lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 26 Jan 2024 20:27:56 +0100
From: "Maciej S. Szmigiero" <mail@...iej.szmigiero.name>
To: Paolo Bonzini <pbonzini@...hat.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Subject: Re: [PATCH v2] KVM: x86: Give a hint when Win2016 might fail to boot
 due to XSAVES erratum

On 26.01.2024 19:46, Paolo Bonzini wrote:
> From: "Maciej S. Szmigiero" <maciej.szmigiero@...cle.com>
> 
> Since commit b0563468eeac ("x86/CPU/AMD: Disable XSAVES on AMD family 0x17")
> kernel unconditionally clears the XSAVES CPU feature bit on Zen1/2 CPUs.
> 
> Because KVM CPU caps are initialized from the kernel boot CPU features this
> makes the XSAVES feature also unavailable for KVM guests in this case.
> At the same time the XSAVEC feature is left enabled.
> 
> Unfortunately, having XSAVEC but no XSAVES in CPUID breaks Hyper-V enabled
> Windows Server 2016 VMs that have more than one vCPU.
> 
> Let's at least give users hint in the kernel log what could be wrong since
> these VMs currently simply hang at boot with a black screen - giving no
> clue what suddenly broke them and how to make them work again.
> 
> Trigger the kernel message hint based on the particular guest ID written to
> the Guest OS Identity Hyper-V MSR implemented by KVM.
> 
> Defer this check to when the L1 Hyper-V hypervisor enables SVM in EFER
> since we want to limit this message to Hyper-V enabled Windows guests only
> (Windows session running nested as L2) but the actual Guest OS Identity MSR
> write is done by L1 and happens before it enables SVM.
> 
> Fixes: b0563468eeac ("x86/CPU/AMD: Disable XSAVES on AMD family 0x17")
> Signed-off-by: Maciej S. Szmigiero <maciej.szmigiero@...cle.com>
> Message-Id: <b83ab45c5e239e5d148b0ae7750133a67ac9575c.1706127425.git.maciej.szmigiero@...cle.com>
> [Move some checks before mutex_lock(), rename function. - Paolo]
> Signed-off-by: Paolo Bonzini <pbonzini@...hat.com>
> ---

I have tested this version now and it seems to work well, too.

Thanks,
Maciej

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ