* [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
@ 2017-03-31 8:19 Ladi Prosek
2017-03-31 13:47 ` Radim Krčmář
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Ladi Prosek @ 2017-03-31 8:19 UTC (permalink / raw)
To: kvm; +Cc: kai.huang, wanpeng.li
The PML feature is not exposed to guests so we should not be forwarding
the vmexit either.
This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V
enabled Windows Server 2016 in L1 on hardware that supports PML.
Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX")
Signed-off-by: Ladi Prosek <lprosek@redhat.com>
---
arch/x86/kvm/vmx.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 2ee00db..6051832 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8198,6 +8198,9 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
case EXIT_REASON_PREEMPTION_TIMER:
return false;
+ case EXIT_REASON_PML_FULL:
+ /* We don't expose PML support to L1. */
+ return false;
default:
return true;
}
--
2.9.3
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-03-31 8:19 [PATCH] KVM: nVMX: do not leak PML full vmexit to L1 Ladi Prosek
@ 2017-03-31 13:47 ` Radim Krčmář
2017-04-03 11:24 ` David Hildenbrand
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Radim Krčmář @ 2017-03-31 13:47 UTC (permalink / raw)
To: Ladi Prosek; +Cc: kvm, kai.huang, wanpeng.li
2017-03-31 10:19+0200, Ladi Prosek:
> The PML feature is not exposed to guests so we should not be forwarding
> the vmexit either.
>
> This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V
> enabled Windows Server 2016 in L1 on hardware that supports PML.
>
> Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX")
> Signed-off-by: Ladi Prosek <lprosek@redhat.com>
> ---
Good catch,
Reviewed-by: Radim Krčmář <rkrcmar@redhat.com>
> arch/x86/kvm/vmx.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 2ee00db..6051832 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -8198,6 +8198,9 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
> return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
> case EXIT_REASON_PREEMPTION_TIMER:
> return false;
> + case EXIT_REASON_PML_FULL:
> + /* We don't expose PML support to L1. */
> + return false;
> default:
> return true;
> }
> --
> 2.9.3
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-03-31 8:19 [PATCH] KVM: nVMX: do not leak PML full vmexit to L1 Ladi Prosek
2017-03-31 13:47 ` Radim Krčmář
@ 2017-04-03 11:24 ` David Hildenbrand
2017-04-03 11:27 ` David Hildenbrand
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: David Hildenbrand @ 2017-04-03 11:24 UTC (permalink / raw)
To: Ladi Prosek, kvm; +Cc: kai.huang, wanpeng.li
On 31.03.2017 10:19, Ladi Prosek wrote:
> The PML feature is not exposed to guests so we should not be forwarding
> the vmexit either.
>
> This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V
> enabled Windows Server 2016 in L1 on hardware that supports PML.
>
> Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX")
> Signed-off-by: Ladi Prosek <lprosek@redhat.com>
> ---
> arch/x86/kvm/vmx.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 2ee00db..6051832 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -8198,6 +8198,9 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
> return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
> case EXIT_REASON_PREEMPTION_TIMER:
> return false;
> + case EXIT_REASON_PML_FULL:
> + /* We don't expose PML support to L1. */
> + return false;
> default:
> return true;
> }
>
Reviewed-by: David Hildenbrand <david@redhat.com>
--
Thanks,
David
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-03-31 8:19 [PATCH] KVM: nVMX: do not leak PML full vmexit to L1 Ladi Prosek
2017-03-31 13:47 ` Radim Krčmář
2017-04-03 11:24 ` David Hildenbrand
@ 2017-04-03 11:27 ` David Hildenbrand
2017-04-03 11:43 ` Paolo Bonzini
2017-04-05 14:50 ` Radim Krčmář
2017-05-02 13:05 ` Paolo Bonzini
4 siblings, 1 reply; 9+ messages in thread
From: David Hildenbrand @ 2017-04-03 11:27 UTC (permalink / raw)
To: Ladi Prosek, kvm; +Cc: kai.huang, wanpeng.li
On 31.03.2017 10:19, Ladi Prosek wrote:
> The PML feature is not exposed to guests so we should not be forwarding
> the vmexit either.
I wonder if a whitelist of vmexits would make more sense, compared to
defaulting to passing them through. But I don't know the history of this
>
> This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V
> enabled Windows Server 2016 in L1 on hardware that supports PML.
>
> Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX")
> Signed-off-by: Ladi Prosek <lprosek@redhat.com>
--
Thanks,
David
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-04-03 11:27 ` David Hildenbrand
@ 2017-04-03 11:43 ` Paolo Bonzini
2017-04-03 11:55 ` David Hildenbrand
0 siblings, 1 reply; 9+ messages in thread
From: Paolo Bonzini @ 2017-04-03 11:43 UTC (permalink / raw)
To: David Hildenbrand, Ladi Prosek, kvm; +Cc: kai.huang, wanpeng.li
On 03/04/2017 13:27, David Hildenbrand wrote:
>> The PML feature is not exposed to guests so we should not be forwarding
>> the vmexit either.
>
> I wonder if a whitelist of vmexits would make more sense, compared to
> defaulting to passing them through. But I don't know the history of this
I checked the other day and it's really 50-50 between "return true" and
"return false" vmexits. Adding a WARNing would probably make even more
sense. :)
Thanks,
Paolo
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-04-03 11:43 ` Paolo Bonzini
@ 2017-04-03 11:55 ` David Hildenbrand
0 siblings, 0 replies; 9+ messages in thread
From: David Hildenbrand @ 2017-04-03 11:55 UTC (permalink / raw)
To: Paolo Bonzini, Ladi Prosek, kvm; +Cc: kai.huang, wanpeng.li
On 03.04.2017 13:43, Paolo Bonzini wrote:
>
>
> On 03/04/2017 13:27, David Hildenbrand wrote:
>>> The PML feature is not exposed to guests so we should not be forwarding
>>> the vmexit either.
>>
>> I wonder if a whitelist of vmexits would make more sense, compared to
>> defaulting to passing them through. But I don't know the history of this
>
> I checked the other day and it's really 50-50 between "return true" and
> "return false" vmexits. Adding a WARNing would probably make even more
> sense. :)
>
Well, a whitelist will make sure that L1 really only sees what you want
it to see. As an alternative, specify all of them explicitly
(white+black list - should that currently already be done? haven't
checked it), default to "false" and print a WARNing (unhandled exit
code). But don't expose it to L1. (just what I have in mind).
> Thanks,
>
> Paolo
>
--
Thanks,
David
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-03-31 8:19 [PATCH] KVM: nVMX: do not leak PML full vmexit to L1 Ladi Prosek
` (2 preceding siblings ...)
2017-04-03 11:27 ` David Hildenbrand
@ 2017-04-05 14:50 ` Radim Krčmář
2017-05-02 13:05 ` Paolo Bonzini
4 siblings, 0 replies; 9+ messages in thread
From: Radim Krčmář @ 2017-04-05 14:50 UTC (permalink / raw)
To: Ladi Prosek; +Cc: kvm, kai.huang, wanpeng.li
2017-03-31 10:19+0200, Ladi Prosek:
> The PML feature is not exposed to guests so we should not be forwarding
> the vmexit either.
>
> This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V
> enabled Windows Server 2016 in L1 on hardware that supports PML.
>
> Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX")
> Signed-off-by: Ladi Prosek <lprosek@redhat.com>
> ---
Applied to kvm/master, thanks.
> arch/x86/kvm/vmx.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 2ee00db..6051832 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -8198,6 +8198,9 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
> return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
> case EXIT_REASON_PREEMPTION_TIMER:
> return false;
> + case EXIT_REASON_PML_FULL:
> + /* We don't expose PML support to L1. */
> + return false;
> default:
> return true;
> }
> --
> 2.9.3
>
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-03-31 8:19 [PATCH] KVM: nVMX: do not leak PML full vmexit to L1 Ladi Prosek
` (3 preceding siblings ...)
2017-04-05 14:50 ` Radim Krčmář
@ 2017-05-02 13:05 ` Paolo Bonzini
2017-05-02 18:31 ` Radim Krčmář
4 siblings, 1 reply; 9+ messages in thread
From: Paolo Bonzini @ 2017-05-02 13:05 UTC (permalink / raw)
To: Ladi Prosek, kvm; +Cc: kai.huang, wanpeng.li
On 31/03/2017 10:19, Ladi Prosek wrote:
> The PML feature is not exposed to guests so we should not be forwarding
> the vmexit either.
>
> This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V
> enabled Windows Server 2016 in L1 on hardware that supports PML.
>
> Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX")
> Signed-off-by: Ladi Prosek <lprosek@redhat.com>
> ---
> arch/x86/kvm/vmx.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index 2ee00db..6051832 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -8198,6 +8198,9 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
> return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
> case EXIT_REASON_PREEMPTION_TIMER:
> return false;
> + case EXIT_REASON_PML_FULL:
> + /* We don't expose PML support to L1. */
> + return false;
> default:
> return true;
> }
>
This fell through the cracks, I'm queueing it now.
Paolo
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH] KVM: nVMX: do not leak PML full vmexit to L1
2017-05-02 13:05 ` Paolo Bonzini
@ 2017-05-02 18:31 ` Radim Krčmář
0 siblings, 0 replies; 9+ messages in thread
From: Radim Krčmář @ 2017-05-02 18:31 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: Ladi Prosek, kvm, kai.huang, wanpeng.li
2017-05-02 15:05+0200, Paolo Bonzini:
> On 31/03/2017 10:19, Ladi Prosek wrote:
>> The PML feature is not exposed to guests so we should not be forwarding
>> the vmexit either.
>>
>> This commit fixes BSOD 0x20001 (HYPERVISOR_ERROR) when running Hyper-V
>> enabled Windows Server 2016 in L1 on hardware that supports PML.
>>
>> Fixes: 843e4330573c ("KVM: VMX: Add PML support in VMX")
>> Signed-off-by: Ladi Prosek <lprosek@redhat.com>
>> ---
>> arch/x86/kvm/vmx.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 2ee00db..6051832 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -8198,6 +8198,9 @@ static bool nested_vmx_exit_handled(struct kvm_vcpu *vcpu)
>> return nested_cpu_has2(vmcs12, SECONDARY_EXEC_XSAVES);
>> case EXIT_REASON_PREEMPTION_TIMER:
>> return false;
>> + case EXIT_REASON_PML_FULL:
>> + /* We don't expose PML support to L1. */
>> + return false;
>> default:
>> return true;
>> }
>>
>
> This fell through the cracks, I'm queueing it now.
It is in Linus' tree as ab007cc94ff9, we are just missing it in queue
and next as they haven't merged yet.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2017-05-02 18:31 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-31 8:19 [PATCH] KVM: nVMX: do not leak PML full vmexit to L1 Ladi Prosek
2017-03-31 13:47 ` Radim Krčmář
2017-04-03 11:24 ` David Hildenbrand
2017-04-03 11:27 ` David Hildenbrand
2017-04-03 11:43 ` Paolo Bonzini
2017-04-03 11:55 ` David Hildenbrand
2017-04-05 14:50 ` Radim Krčmář
2017-05-02 13:05 ` Paolo Bonzini
2017-05-02 18:31 ` Radim Krčmář
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.