Re: kvm_intel fails to load on Conroe CPUs running Linux 4.12

From: Sebastian Rachuj
Date: Mon Aug 07 2017 - 13:19:14 EST

On 07.08.2017 11:43, Paolo Bonzini wrote:
On 06/08/2017 23:23, Sebastian Rachuj wrote:
On 06.08.2017 23:10, Paolo Bonzini wrote:
On 05/08/2017 21:26, Sebastian Rachuj wrote:
Dear linux developers,

since my upgrade from linux 4.11 to linux 4.12 the "kvm_intel" module
does not load correctly anymore. "Modprobing" the kernel module gives an
Input/Output error. It seems to be related to the CPU architecture and
(to my knowledge) affects Conroe CPUs. I did a bisect and found the
following commit as the guilty one:

What is your cpuinfo? I tested on a Conroe Xeon X3220 (family 6,
model 15, stepping 11) when I posted that patch, and it did have virtual

Thank you for looking into the issue. My cpuinfo is as follows:

Looks like Intel was already differentiating virtualization features
across SKUs. Please run the attached script as root to see what other
things are different (apparently) between non-Xeon and Xeon Conroes.

Here you are, I hope it helps:

# python vmxcap
Basic VMX Information
Hex: 0x1a040000000007
Revision 7
VMCS size 1024
VMCS restricted to 32 bit addresses no
Dual-monitor support yes
VMCS memory type 6
INS/OUTS instruction information no
IA32_VMX_TRUE_*_CTLS support no
pin-based controls
External interrupt exiting yes
NMI exiting yes
Virtual NMIs no
Activate VMX-preemption timer no
Process posted interrupts no
primary processor-based controls
Interrupt window exiting yes
Use TSC offsetting yes
HLT exiting yes
INVLPG exiting yes
MWAIT exiting yes
RDPMC exiting yes
RDTSC exiting yes
CR3-load exiting forced
CR3-store exiting forced
CR8-load exiting yes
CR8-store exiting yes
Use TPR shadow yes
NMI-window exiting no
MOV-DR exiting yes
Unconditional I/O exiting yes
Use I/O bitmaps yes
Monitor trap flag no
Use MSR bitmaps yes
MONITOR exiting yes
PAUSE exiting yes
Activate secondary control no
secondary processor-based controls
Virtualize APIC accesses no
Enable EPT no
Descriptor-table exiting no
Enable RDTSCP no
Virtualize x2APIC mode no
Enable VPID no
WBINVD exiting no
Unrestricted guest no
APIC register emulation no
Virtual interrupt delivery no
PAUSE-loop exiting no
RDRAND exiting no
Enable INVPCID no
Enable VM functions no
VMCS shadowing no
Enable ENCLS exiting no
RDSEED exiting no
Enable PML no
EPT-violation #VE no
Conceal non-root operation from PT no
Mode-based execute control (XS/XU) no
TSC scaling no
VM-Exit controls
Save debug controls forced
Host address-space size yes
Acknowledge interrupt on exit yes
Save IA32_PAT no
Load IA32_PAT no
Save IA32_EFER no
Load IA32_EFER no
Save VMX-preemption timer value no
Clear IA32_BNDCFGS no
Conceal VM exits from PT no
VM-Entry controls
Load debug controls forced
IA-32e mode guest yes
Entry to SMM yes
Deactivate dual-monitor treatment yes
Load IA32_PAT no
Load IA32_EFER no
Load IA32_BNDCFGS no
Conceal VM entries from PT no
Miscellaneous data
Hex: 0x403c0
VMX-preemption timer scale (log2) 0
Store EFER.LMA into IA-32e mode guest control no
HLT activity state yes
Shutdown activity state yes
Wait-for-SIPI activity state yes
IA32_SMBASE support no
Number of CR3-target values 4
MSR-load/store count recommendation 0
IA32_SMM_MONITOR_CTL[2] can be set to 1 no
VMWRITE to VM-exit information fields no
Inject event with insn length=0 no
MSEG revision identifier 0
VPID and EPT capabilities
Hex: 0x0
Execute-only EPT translations no
Page-walk length 4 no
Paging-structure memory type UC no
Paging-structure memory type WB no
2MB EPT pages no
1GB EPT pages no
INVEPT supported no
EPT accessed and dirty flags no
Single-context INVEPT no
All-context INVEPT no
INVVPID supported no
Individual-address INVVPID no
Single-context INVVPID no
All-context INVVPID no
Single-context-retaining-globals INVVPID no
VM Functions
Hex: 0x0
EPTP Switching no