134 lines
5.2 KiB
Text
134 lines
5.2 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-19:16.bhyve Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Bhyve instruction emulation improvements (opcode 03H and F7H)
|
|
|
|
Category: core
|
|
Module: bhyve
|
|
Announced: 2019-08-20
|
|
Credits: John Baldwin, Jason Tubnor
|
|
Affects: All supported versions of FreeBSD.
|
|
Corrected: 2019-07-07 17:30:23 UTC (stable/12, 12.0-STABLE)
|
|
2019-08-20 17:45:44 UTC (releng/12.0, 12.0-RELEASE-p10)
|
|
2019-07-07 17:31:13 UTC (stable/11, 11.3-STABLE)
|
|
2019-08-20 17:45:44 UTC (releng/11.3, 11.3-RELEASE-p3)
|
|
|
|
Note: This errata notice does not update FreeBSD 11.2. FreeBSD 11.2
|
|
users affected by this update should upgrade to FreeBSD 11.3.
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
bhyve(8) is a hypervisor that supports running a variety of guest operating
|
|
systems in virtual machines, using hardware virtualization in Intel and AMD
|
|
CPUs. Some instructions are not handled by hardware virtualization and must
|
|
be emulated by the hypervisor.
|
|
|
|
II. Problem Description
|
|
|
|
Some newer software uses instructions previously not handled by bhyve's
|
|
instruction emulation. This errata notice adds emulation for two instruction
|
|
opcodes, to enable flash variable storage in OVMF and to support guest
|
|
operating systems compiled with Clang 8.0.0 that use the TEST instruction
|
|
against local APIC registers (such as OpenBSD 6.6).
|
|
|
|
III. Impact
|
|
|
|
Guest firmware or operating systems using unsupported instructions caused
|
|
bhyve to exit with a "Failed to emulate instruction" error.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available.
|
|
|
|
V. Solution
|
|
|
|
Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date.
|
|
|
|
1) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
|
|
2) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 11.3, FreeBSD 12.0]
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:16/bhyve.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-19:16/bhyve.patch.asc
|
|
# gpg --verify bhyve.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile the operating system using buildworld and installworld as
|
|
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
|
|
|
Start the applicable virtual machines.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/12/ r349808
|
|
releng/12.0/ r351256
|
|
stable/11/ r349809
|
|
releng/11.3/ r351256
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238794>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-19:16.bhyve.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1cPfFfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cJzqA//XiWRn/psT+I8r7MSiS6K2bJASZlFGUDnVqLsFAnj2XoZlSp265dZw0R7
|
|
t++kBPu0Q9vm3FphkE/J3e4fR9PyCsa5QpEvTeXE9v1RixrkmmLT56ukR3BgivKa
|
|
rmCTjkwLikmRb8qrRMly9ERjwySKlUZmOMHX1xte33WTi2eVwZUfNg9xNq1c4YGi
|
|
QvIABOa1xTZHr0oyeZfmuEyhSDRD+jzb+mOboX9TFQSfAUwC16VDCAHu5SwXNeQS
|
|
l4/FxrYf0yupf2bqwWmfeRlAE25nHGErsaXiQwqdPZB3SUTECpDcl5BCwPwA+pr3
|
|
Jf7lxTPrp/NLi7sghgofOX5AwbiVacYxN45P4JNjBB5OpDut+e196VkzO1IAXVRb
|
|
spyc/zKE6BWYRT2KOeNlMzmQXmDIjZERuumV98DQQEAAw52p+RWdEU3IlfZ+plW7
|
|
bF8P/OmJ5DDcdW1XeONIzFaal4VFjauDsmPt5QTyb/SpX/20hvTT3/QCbDJJiRu3
|
|
5Lf7RPMK63r+uFwLz58XrGJwimYdKCn67nC+o1k/j9Izc63+At9h0tU2XR2u7V8c
|
|
iuQaGkeBT/OjtVg6/IjCs4SbT24wbmP1LecUtQyFzZkHdNkdw7+67Ty2Y3jGE3GG
|
|
sCpU88b0PIh2pJ+4oJ28WwH2M55VnxuId5N0uosrAGSo/C1kYWY=
|
|
=CkK1
|
|
-----END PGP SIGNATURE-----
|