Cmt: [SRU][J][PATCH 0/2] A general-proteciton exception during guest migration to unsupported PKRU machine

Fri Sep 1 12:57:02 UTC 2023

On 21/08/2023 08:47, Chengen Du wrote:
> BugLink: https://bugs.launchpad.net/bugs/2032164
>
> SRU Justification:
>
> [Impact]
> When a host that supports PKRU initiates a guest that lacks PKRU support, the flag is enabled on the guest's fpstate.
> This information is then passed to userspace through the vcpu ioctl KVM_GET_XSAVE.
> However, a problem arises when the user opts to migrate the mentioned guest to another machine that does not support PKRU.
> In this scenario, the new host attempts to restore the guest's fpu registers.
> Nevertheless, due to the absence of PKRU support on the new host, a general-protection exception takes place, leading to a guest crash.
>
> [Fix]
> The problem is resolved by the following upstream commit:
> ad856280ddea x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
>
> Additionally, a subsequent fix tackles the migration problem stemming from the earlier commit:
> a1020a25e697 KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
>
> [Test Plan]
> 1. Set up two machines: one with PKRU support and the other without.
> 2. Initiate a guest that lacks PKRU support on the machine with PKRU support.
> 3. Utilize libvirt to migrate the aforementioned guest to a different machine that lacks PKRU support.
> 4. The error emerges on the destination machine:
> KVM: entry failed, hardware error 0x80000021
>
> If you're running a guest on an Intel machine without unrestricted mode
> support, the failure can be most likely due to the guest entering an invalid
> state for Intel VT. For example, the guest maybe running in big real mode
> which is not supported on less recent Intel processors.
>
> EAX=86cf7970 EBX=00000000 ECX=00000001 EDX=005b0036
> ESI=00000087 EDI=00000087 EBP=87c03e38 ESP=87c03e18
> EIP=86cf7d5e EFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
> ES =0000 00000000 0000ffff 00009300
> CS =f000 ffff0000 0000ffff 00009b00
> SS =0000 00000000 0000ffff 00009300
> DS =0000 00000000 0000ffff 00009300
> FS =0000 00000000 0000ffff 00009300
> GS =0000 00000000 0000ffff 00009300
> LDT=0000 00000000 0000ffff 00008200
> TR =0000 00000000 0000ffff 00008b00
> GDT= 00000000 0000ffff
> IDT= 00000000 0000ffff
> CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
> DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
> DR6=00000000ffff0ff0 DR7=0000000000000400
> EFER=0000000000000000
> Code=00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> 2023-07-09T03:03:14.911750Z qemu-system-x86_64: terminating on signal 15 from pid 4134 (/usr/sbin/libvirtd)
> 2023-07-09 03:03:15.312+0000: shutting down, reason=destroyed
>
> [Where problems could occur]
> The introduced commits will impact the guest migration process,
> potentially leading to failures and preventing the guest from operating successfully on the migration destination.
>
> Dr. David Alan Gilbert (1):
>    KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
>
> Leonardo Bras (1):
>    x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0
>
>   arch/x86/kvm/cpuid.c | 8 ++++++++
>   1 file changed, 8 insertions(+)
>
Hi Chengen Du,

Could you make sure next time the commits include the buglink as well? 
Thanks!

Roxana