| 2019-11-11 22:26:07 |
Thadeu Lima de Souza Cascardo |
description |
Starting with 4.15.0-68.77, currently in bionic-proposed, I can no longer launch VMs when I disable EPT support in the kvm_intel module. This works fine under 4.15.0-66.75 from bionic-security.
ubuntu@vought:~$ cat /proc/version_signature
Ubuntu 4.15.0-68.77-generic 4.15.18
ubuntu@vought:~$ sudo rmmod kvm_intel
ubuntu@vought:~$ sudo modprobe kvm_intel ept=0
ubuntu@vought:~$ cat /sys/module/kvm_intel/parameters/ept
N
ubuntu@vought:~$ virsh start --console l1
Domain l1 started
Connected to domain l1
Escape character is ^]
Under 4.15.0-66.75, I see full console output from the guest and reach a login prompt. Under 4.15.0-68.77, I see no output and the VM is unresponsive. I see nothing of use in /var/log/libvirt/qemu/l1.log.
I see this on the following system:
ubuntu@vought:~$ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 96
On-line CPU(s) list: 0-95
Thread(s) per core: 2
Core(s) per socket: 24
Socket(s): 2
NUMA node(s): 2
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6252 CPU @ 2.10GHz
Stepping: 6
CPU MHz: 1000.135
CPU max MHz: 3700.0000
CPU min MHz: 1000.0000
BogoMIPS: 4200.00
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 1024K
L3 cache: 36608K
NUMA node0 CPU(s): 0-23,48-71
NUMA node1 CPU(s): 24-47,72-95
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req pku ospke avx512_vnni md_clear flush_l1d arch_capabilities |
[Impact]
On CPUs with no EPT support, or when disabling kvm-intel ept support by use of ept=0 module parameter, users are not able to launch a linux VM.
[Test case]
# modprobe kvm-intel ept=0
# cat /sys/module/kvm_intel/parameters/ept
N
# qemu-system-x86_64 -enable-kvm -kernel /boot/vmlinuz-4.15.0-68-generic
Make sure you get console log at all. With the bug, there is not a single line of output.
[Regression potential]
The fix might cause some very specific use of virtualization to fail, but no pratical case is known.
===============================
Starting with 4.15.0-68.77, currently in bionic-proposed, I can no longer launch VMs when I disable EPT support in the kvm_intel module. This works fine under 4.15.0-66.75 from bionic-security.
ubuntu@vought:~$ cat /proc/version_signature
Ubuntu 4.15.0-68.77-generic 4.15.18
ubuntu@vought:~$ sudo rmmod kvm_intel
ubuntu@vought:~$ sudo modprobe kvm_intel ept=0
ubuntu@vought:~$ cat /sys/module/kvm_intel/parameters/ept
N
ubuntu@vought:~$ virsh start --console l1
Domain l1 started
Connected to domain l1
Escape character is ^]
Under 4.15.0-66.75, I see full console output from the guest and reach a login prompt. Under 4.15.0-68.77, I see no output and the VM is unresponsive. I see nothing of use in /var/log/libvirt/qemu/l1.log.
I see this on the following system:
ubuntu@vought:~$ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 96
On-line CPU(s) list: 0-95
Thread(s) per core: 2
Core(s) per socket: 24
Socket(s): 2
NUMA node(s): 2
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6252 CPU @ 2.10GHz
Stepping: 6
CPU MHz: 1000.135
CPU max MHz: 3700.0000
CPU min MHz: 1000.0000
BogoMIPS: 4200.00
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 1024K
L3 cache: 36608K
NUMA node0 CPU(s): 0-23,48-71
NUMA node1 CPU(s): 24-47,72-95
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req pku ospke avx512_vnni md_clear flush_l1d arch_capabilities |
|
