* Fri Apr 26 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-24.el8

- kvm-x86-host-phys-bits-limit-option.patch [bz#1688915]
- kvm-rhel-Set-host-phys-bits-limit-48-on-rhel-machine-typ.patch [bz#1688915]
- Resolves: bz#1688915
  ([Intel 8.0 Alpha] physical bits should  <= 48  when host with 5level paging &EPT5 and qemu command with "-cpu qemu64" parameters.)
This commit is contained in:
Danilo C. L. de Paula 2019-04-26 14:54:36 +01:00
parent 7d4fc9ff68
commit c82fe81190
3 changed files with 165 additions and 1 deletions

View File

@ -0,0 +1,57 @@
From e204c887357f2d2ee1df5436a7d7f68b227c4b64 Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Fri, 22 Mar 2019 17:45:15 +0000
Subject: [PATCH 2/2] rhel: Set host-phys-bits-limit=48 on rhel machine-types
RH-Author: plai@redhat.com
Message-id: <1553276715-26278-3-git-send-email-plai@redhat.com>
Patchwork-id: 85126
O-Subject: [RHEL8.0 qemu-kvm PATCH 2/2] rhel: Set host-phys-bits-limit=48 on rhel machine-types
Bugzilla: 1688915
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
From: Eduardo Habkost <ehabkost@redhat.com>
Upstream status: not applicable
Currently we use the host physical address size by default on
VMs. This was a good default on most cases, but this is not the
case on host CPUs supporting 5-level EPT. On those cases, we
want VMs to use 4-level EPT by default.
Ensure VMs will use 4-level EPT by default, by limiting physical
address bits to 48.
Not applicable upstream because upstream doesn't set
host-phys-bits=on by default.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit 01a2ecb4c38fe4a35455ea706e76984ee8d5a769)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
include/hw/i386/pc.h | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index 782d728..de25407 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -992,6 +992,11 @@ extern void igd_passthrough_isa_bridge_create(PCIBus *bus, uint16_t gpu_dev_id);
.property = "host-phys-bits",\
.value = "on",\
},\
+ { /* PC_RHEL_COMPAT */ \
+ .driver = TYPE_X86_CPU,\
+ .property = "host-phys-bits-limit",\
+ .value = "48",\
+ },\
{ /* PC_RHEL_COMPAT bz 1508330 */ \
.driver = "vfio-pci",\
.property = "x-no-geforce-quirks",\
--
1.8.3.1

View File

@ -0,0 +1,97 @@
From 5588db6fc02b530c73e51b43a0119562aa93f51d Mon Sep 17 00:00:00 2001
From: "plai@redhat.com" <plai@redhat.com>
Date: Fri, 22 Mar 2019 17:45:14 +0000
Subject: [PATCH 1/2] x86: host-phys-bits-limit option
RH-Author: plai@redhat.com
Message-id: <1553276715-26278-2-git-send-email-plai@redhat.com>
Patchwork-id: 85128
O-Subject: [RHEL8.0 qemu-kvm PATCH 1/2] x86: host-phys-bits-limit option
Bugzilla: 1688915
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Eduardo Habkost <ehabkost@redhat.com>
RH-Acked-by: Michael S. Tsirkin <mst@redhat.com>
From: Eduardo Habkost <ehabkost@redhat.com>
Some downstream distributions of QEMU set host-phys-bits=on by
default. This worked very well for most use cases, because
phys-bits really didn't have huge consequences. The only
difference was on the CPUID data seen by guests, and on the
handling of reserved bits.
This changed in KVM commit 855feb673640 ("KVM: MMU: Add 5 level
EPT & Shadow page table support"). Now choosing a large
phys-bits value for a VM has bigger impact: it will make KVM use
5-level EPT even when it's not really necessary. This means
using the host phys-bits value may not be the best choice.
Management software could address this problem by manually
configuring phys-bits depending on the size of the VM and the
amount of MMIO address space required for hotplug. But this is
not trivial to implement.
However, there's another workaround that would work for most
cases: keep using the host phys-bits value, but only if it's
smaller than 48. This patch makes this possible by introducing a
new "-cpu" option: "host-phys-bits-limit". Management software
or users can make sure they will always use 4-level EPT using:
"host-phys-bits=on,host-phys-bits-limit=48".
This behavior is still not enabled by default because QEMU
doesn't enable host-phys-bits=on by default. But users,
management software, or downstream distributions may choose to
change their defaults using the new option.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20181211192527.13254-1-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
(cherry picked from commit b6a062c64f9639558a88f46edc3dd76b54b26bb5)
Signed-off-by: Paul Lai <plai@redhat.com>
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
target/i386/cpu.c | 5 +++++
target/i386/cpu.h | 3 +++
2 files changed, 8 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d92c128..0c2e1c7 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -5211,6 +5211,10 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp)
if (cpu->host_phys_bits) {
/* The user asked for us to use the host physical bits */
cpu->phys_bits = host_phys_bits;
+ if (cpu->host_phys_bits_limit &&
+ cpu->phys_bits > cpu->host_phys_bits_limit) {
+ cpu->phys_bits = cpu->host_phys_bits_limit;
+ }
}
/* Print a warning if the user set it to a value that's not the
@@ -5798,6 +5802,7 @@ static Property x86_cpu_properties[] = {
DEFINE_PROP_BOOL("kvm", X86CPU, expose_kvm, true),
DEFINE_PROP_UINT32("phys-bits", X86CPU, phys_bits, 0),
DEFINE_PROP_BOOL("host-phys-bits", X86CPU, host_phys_bits, false),
+ DEFINE_PROP_UINT8("host-phys-bits-limit", X86CPU, host_phys_bits_limit, 0),
DEFINE_PROP_BOOL("fill-mtrr-mask", X86CPU, fill_mtrr_mask, true),
DEFINE_PROP_UINT32("level", X86CPU, env.cpuid_level, UINT32_MAX),
DEFINE_PROP_UINT32("xlevel", X86CPU, env.cpuid_xlevel, UINT32_MAX),
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 26412f1..db49f44 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1458,6 +1458,9 @@ struct X86CPU {
/* if true override the phys_bits value with a value read from the host */
bool host_phys_bits;
+ /* if set, limit maximum value for phys_bits when host_phys_bits is true */
+ uint8_t host_phys_bits_limit;
+
/* Stop SMI delivery for migration compatibility with old machines */
bool kvm_no_smi_migration;
--
1.8.3.1

View File

@ -69,7 +69,7 @@ Obsoletes: %1-rhev
Summary: QEMU is a machine emulator and virtualizer Summary: QEMU is a machine emulator and virtualizer
Name: qemu-kvm Name: qemu-kvm
Version: 3.1.0 Version: 3.1.0
Release: 23%{?dist} Release: 24%{?dist}
# Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped
Epoch: 15 Epoch: 15
License: GPLv2 and GPLv2+ and CC-BY License: GPLv2 and GPLv2+ and CC-BY
@ -243,6 +243,10 @@ Patch79: kvm-i386-kvm-Disable-arch_capabilities-if-MSR-can-t-be-s.patch
Patch80: kvm-i386-Make-arch_capabilities-migratable.patch Patch80: kvm-i386-Make-arch_capabilities-migratable.patch
# For bz#1693173 - CVE-2018-20815 qemu-kvm: QEMU: device_tree: heap buffer overflow while loading device tree blob [rhel-av-8] # For bz#1693173 - CVE-2018-20815 qemu-kvm: QEMU: device_tree: heap buffer overflow while loading device tree blob [rhel-av-8]
Patch81: kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch Patch81: kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch
# For bz#1688915 - [Intel 8.0 Alpha] physical bits should <= 48 when host with 5level paging &EPT5 and qemu command with "-cpu qemu64" parameters.
Patch82: kvm-x86-host-phys-bits-limit-option.patch
# For bz#1688915 - [Intel 8.0 Alpha] physical bits should <= 48 when host with 5level paging &EPT5 and qemu command with "-cpu qemu64" parameters.
Patch83: kvm-rhel-Set-host-phys-bits-limit-48-on-rhel-machine-typ.patch
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: glib2-devel BuildRequires: glib2-devel
@ -1141,6 +1145,12 @@ useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin \
%changelog %changelog
* Fri Apr 26 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-24.el8
- kvm-x86-host-phys-bits-limit-option.patch [bz#1688915]
- kvm-rhel-Set-host-phys-bits-limit-48-on-rhel-machine-typ.patch [bz#1688915]
- Resolves: bz#1688915
([Intel 8.0 Alpha] physical bits should <= 48 when host with 5level paging &EPT5 and qemu command with "-cpu qemu64" parameters.)
* Tue Apr 23 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-23.el8 * Tue Apr 23 2019 Danilo Cesar Lemes de Paula <ddepaula@redhat.com> - 3.1.0-23.el8
- kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch [bz#1693173] - kvm-device_tree-Fix-integer-overflowing-in-load_device_t.patch [bz#1693173]
- Resolves: bz#1693173 - Resolves: bz#1693173