VirtualBox

Custom Query (16363 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (988 - 990 of 16363)

Ticket Resolution Summary Owner Reporter
#18690 duplicate Feature flags for optimal mitigation of Meltdown and Spectre variants are not exposed to guests kerframil
Description

In the course of hardening a Windows 10 guest, I found that Microsoft's Get-SpeculationControlSettings command, as provided by the SpeculationControl PowerShell module, reports CVE-2017-5175 as not being mitigated, owing to a lack of hardware support. Additionally, it reports CVE-2018-3639 as not having any hardware support. These are the lines from the report that indicate so:-

Speculation control settings for CVE-2017-5715 [branch target injection]

Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True

Speculation control settings for CVE-2018-3639 [speculative store bypass]

Hardware support for speculative store bypass disable is present: False

My understanding is that Windows needs support for IBRS and/or IBPB to mitigate CVE-2017-5715, and that it needs support for SSBD to mitigate CVE-2018-3639. The host does have these features, however:-

$ egrep -o 'ibpb|ibrs|invpcid|pcid|ssbd|stibp' /proc/cpuinfo | sort -u
ibpb
ibrs
pcid
ssbd
stibp

I then booted a Linux guest and confirmed that none of the above five flags are shown as being supported in the guest context. Similarly, Mark Russinovich's CoreInfo utility reports some of the flags as missing in Windows.

This has additional implications. For example, PCID and/or INVPCID may be used to reduce the extent of the TLB flushing that is caused by mitigating CVE-2017-5754 (Meltdown). I understand that Windows requires both of these flags to be present before it will consider any such optimisation. In that case, while my host CPU doesn't have INVPCID support, that PCID isn't being exposed does not bode well.

Further, the absence of the flags pertaining to Branch Target Injection makes it impossible to enable retpoline support in Windows 10. The ability to use retpolines was introduced by the following update:-

https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887

Qemu/KVM can expose the appropriate flags by specifying -cpu host or by explicitly activating any flags known to be supported by the host (+pcid, +spec-ctrl, +ssbd, +stibp etc), with the guest OS reacting accordingly and being able to employ best-in-class mitigations, with the minimal possible impact upon performance.

In summary, would it be possible for VirtualBox to expose the relevant flags to a guest, and in such a way that it would benefit from them?

#18687 duplicate VERR_NEM_VM_CREATE_FAILED after Activating Hyper-V features in Windows 10 mir82517
Description

Hi,

I am running several Virtual Machines in VirtualBox 6.0.8. I have installed the latest Windows 10 Version 1903 (Build 18362.145) with all patches.

After activating the Windows Features for Hyper-V (Hyper-V and Windows Hypervisor Platform) the VMs in VirtualBox will not start anymore.

The following error message appears, regardless of the guest operating system:

Call to WHvSetupPartition failed: ERROR_SUCCESS (Last=0xc000000d/87) (VERR_NEM_VM_CREATE_FAILED).

Fehlercode:E_FAIL (0x80004005)
Komponente:ConsoleWrap
Interface:IConsole {872da645-4a9b-1727-bee2-5585105b9eed}

It is not an option to deactivate the Hyper-V features because it is used within the company! Should we migrate all VMs to Hyper-V?

Best regards

Mathias John

#18686 invalid CloseHandle() on WinUSB device hangs until device disconnect fenugrec
Description

Hi, I'm getting a strange USB issue on an XP VM, running in 6.08 on an artix-x64 linux box. (tried both the community and the Oracle-branded (6.0.8 r130520) versions, no change).

I'm writing software (attached is the most reduced test case) that uses winusb to talk to a "candlelight" USB-CAN interface, via this library : https://github.com/HubertD/cangaroo/tree/master/src/driver/CandleApiDriver/api

The "problematic" code is at https://github.com/HubertD/cangaroo/blob/master/src/driver/CandleApiDriver/api/candle.c#L351

Everything looks fine there : call WinUsb_Free(), then CloseHandle().

Note, I didn't write that library so I'm fairly confident it should work.

When I run my test code, it successfully opens the USB device but when I get to that CloseHandle(), the program hangs completely. If I "disconnect" the usb device (through the Devices->Usb->... menu), CloseHandle() completes normally and the program exits cleanly.

I have tried both with "USB 1.1" and "USB 2.0" modes, no change.

Attached is the VM log, and the minimal test harness that essentially just opens then closes the USB device.

I wasn't able to get a proper API trace to winusb.dll, but it goes something like this:

***** "manual" call trace
WinUsb_Initialize
WinUsb_QueryInterfaceSettings
WinUsb_QueryPipe
WinUsb_SetPipePolicy
(some more initial config)
Prepare 30 URBs with CreateEvent and WinUsb_ReadPipe()
CloseHandle on all events
WinUsb_Free
CloseHandle on device
*****

Any ideas to isolate the problem more ? I realize it's going to be difficult to reproduce the problem unless someone has access to that hardware, or a STM32F072 eval kit (firmware is open source and compatible).

Thanks, Chris

Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy