Custom Query (16363 matches)
Results (988 - 990 of 16363)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #18690 | duplicate | Feature flags for optimal mitigation of Meltdown and Spectre variants are not exposed to guests | ||
| Description |
In the course of hardening a Windows 10 guest, I found that Microsoft's Get-SpeculationControlSettings command, as provided by the SpeculationControl PowerShell module, reports CVE-2017-5175 as not being mitigated, owing to a lack of hardware support. Additionally, it reports CVE-2018-3639 as not having any hardware support. These are the lines from the report that indicate so:- Speculation control settings for CVE-2017-5715 [branch target injection] Hardware support for branch target injection mitigation is present: False Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True Speculation control settings for CVE-2018-3639 [speculative store bypass] Hardware support for speculative store bypass disable is present: False My understanding is that Windows needs support for IBRS and/or IBPB to mitigate CVE-2017-5715, and that it needs support for SSBD to mitigate CVE-2018-3639. The host does have these features, however:- $ egrep -o 'ibpb|ibrs|invpcid|pcid|ssbd|stibp' /proc/cpuinfo | sort -u ibpb ibrs pcid ssbd stibp I then booted a Linux guest and confirmed that none of the above five flags are shown as being supported in the guest context. Similarly, Mark Russinovich's CoreInfo utility reports some of the flags as missing in Windows. This has additional implications. For example, PCID and/or INVPCID may be used to reduce the extent of the TLB flushing that is caused by mitigating CVE-2017-5754 (Meltdown). I understand that Windows requires both of these flags to be present before it will consider any such optimisation. In that case, while my host CPU doesn't have INVPCID support, that PCID isn't being exposed does not bode well. Further, the absence of the flags pertaining to Branch Target Injection makes it impossible to enable retpoline support in Windows 10. The ability to use retpolines was introduced by the following update:- https://support.microsoft.com/en-us/help/4482887/windows-10-update-kb4482887 Qemu/KVM can expose the appropriate flags by specifying -cpu host or by explicitly activating any flags known to be supported by the host (+pcid, +spec-ctrl, +ssbd, +stibp etc), with the guest OS reacting accordingly and being able to employ best-in-class mitigations, with the minimal possible impact upon performance. In summary, would it be possible for VirtualBox to expose the relevant flags to a guest, and in such a way that it would benefit from them? |
|||
| #18687 | duplicate | VERR_NEM_VM_CREATE_FAILED after Activating Hyper-V features in Windows 10 | ||
| Description |
Hi, I am running several Virtual Machines in VirtualBox 6.0.8. I have installed the latest Windows 10 Version 1903 (Build 18362.145) with all patches. After activating the Windows Features for Hyper-V (Hyper-V and Windows Hypervisor Platform) the VMs in VirtualBox will not start anymore. The following error message appears, regardless of the guest operating system: Call to WHvSetupPartition failed: ERROR_SUCCESS (Last=0xc000000d/87) (VERR_NEM_VM_CREATE_FAILED).
Fehlercode:E_FAIL (0x80004005)
Komponente:ConsoleWrap
Interface:IConsole {872da645-4a9b-1727-bee2-5585105b9eed}
It is not an option to deactivate the Hyper-V features because it is used within the company! Should we migrate all VMs to Hyper-V? Best regards Mathias John |
|||
| #18686 | invalid | CloseHandle() on WinUSB device hangs until device disconnect | ||
| Description |
Hi, I'm getting a strange USB issue on an XP VM, running in 6.08 on an artix-x64 linux box. (tried both the community and the Oracle-branded (6.0.8 r130520) versions, no change). I'm writing software (attached is the most reduced test case) that uses winusb to talk to a "candlelight" USB-CAN interface, via this library : https://github.com/HubertD/cangaroo/tree/master/src/driver/CandleApiDriver/api The "problematic" code is at https://github.com/HubertD/cangaroo/blob/master/src/driver/CandleApiDriver/api/candle.c#L351 Everything looks fine there : call WinUsb_Free(), then CloseHandle(). Note, I didn't write that library so I'm fairly confident it should work. When I run my test code, it successfully opens the USB device but when I get to that CloseHandle(), the program hangs completely. If I "disconnect" the usb device (through the Devices->Usb->... menu), CloseHandle() completes normally and the program exits cleanly. I have tried both with "USB 1.1" and "USB 2.0" modes, no change. Attached is the VM log, and the minimal test harness that essentially just opens then closes the USB device. I wasn't able to get a proper API trace to winusb.dll, but it goes something like this: ***** "manual" call trace WinUsb_Initialize WinUsb_QueryInterfaceSettings WinUsb_QueryPipe WinUsb_SetPipePolicy (some more initial config) Prepare 30 URBs with CreateEvent and WinUsb_ReadPipe() CloseHandle on all events WinUsb_Free CloseHandle on device ***** Any ideas to isolate the problem more ? I realize it's going to be difficult to reproduce the problem unless someone has access to that hardware, or a STM32F072 eval kit (firmware is open source and compatible). Thanks, Chris |
|||

