| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z7Z9iKOHf9VBKkoU@intel.com> Date: Thu, 20 Feb 2025 08:55:36 +0800 From: Chao Gao <chao.gao@...el.com> To: Jon Kohler <jon@...anix.com> CC: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, Eiichi Tsukata <eiichi.tsukata@...anix.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "mingo@...hat.com" <mingo@...hat.com>, "bp@...en8.de" <bp@...en8.de>, "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "x86@...nel.org" <x86@...nel.org>, "hpa@...or.com" <hpa@...or.com>, "vkuznets@...hat.com" <vkuznets@...hat.com>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [RFC PATCH] KVM: x86: hyper-v: Inhibit APICv with VP Assist on SPR/EMR On Wed, Feb 19, 2025 at 03:03:39PM +0000, Jon Kohler wrote: > > >> On Aug 7, 2024, at 9:10 AM, Sean Christopherson <seanjc@...gle.com> wrote: >> >> !-------------------------------------------------------------------| >> CAUTION: External Email >> >> |-------------------------------------------------------------------! >> >> On Tue, Aug 06, 2024, Paolo Bonzini wrote: >>> On Tue, Aug 6, 2024 at 6:03 PM Sean Christopherson <seanjc@...gle.com> wrote: >>>>> As is noted in [1], this issue is considered to be a microcode issue >>>>> specific to SPR/EMR. >>>> >>>> I don't think we can claim that without a more explicit statement from Intel. >>>> And I would really like Intel to clarify exactly what is going on, so that (a) >>>> it can be properly documented and (b) we can implement a precise, targeted >>>> workaround in KVM. >>> >>> It is not even clear to me why this patch has any effect at all, >>> because PV EOI and APICv don't work together anyway: PV EOI requires >>> apic->highest_isr_cache == -1 (see apic_sync_pv_eoi_to_guest()) but >>> the cache is only set without APICv (see apic_set_isr()). Therefore, >>> PV EOI should be basically a no-op with APICv in use. >> >> Per Chao, this is a ucode bug though. Speculating wildly, I wonder if Intel added >> acceleration and/or redirection of HV_X64_MSR_EOI when APICv is enabled, e.g. to >> speed up existing VMs, and something went sideways. > >Hey Sean, Chao, Paolo, quick follow up on this one. > >Eiichi was working on pulling down Intel Microcode 20250211 [1], and I had >asked to retest this one. > >Knock on wood, it looks like the issue is “gone” with 20250211 on SPR/EMR > >The EMR [2] and SPR [3] release notes allude to some Erratum regarding >some vmexit fixups that sound interesting, but I’m not sure if they are actually >the backing issue, Yes. EMR137 and SPR141 are exactly the backing issue and have been fixed in recent microcode releases. >or if this is sheer coincidence, or if there was another fix >but just isn’t fully documented as an errata? > >These two are listed as “fixed” in the release notes: >EMR137. VM Exit Following MOV to CR8 Instruction May Lead to Unexpected IDT Vectoring-Information >SPR141. VM Exit Following MOV to CR8 Instruction May Lead to Unexpected IDT Vectoring-Information > >@Chao - could you help confirm our observations one way or the other? > >[1] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20250211 >[2] https://cdrdv2.intel.com/v1/dl/getContent/793902 (EMR microcode release notes) >[3] https://cdrdv2.intel.com/v1/dl/getContent/772415 (SPR microcode release notes)
Powered by blists - more mailing lists