port-amd64/47677: x86_errata() should be avoided if NetBSD runs as a KVM guest.

To: port-amd64-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-amd64/47677: x86_errata() should be avoided if NetBSD runs as a KVM guest.
From: aktado%users.sourceforge.jp@localhost
Date: Thu, 21 Mar 2013 12:45:01 +0000 (UTC)

>Number:         47677
>Category:       port-amd64
>Synopsis:       x86_errata() should be avoided if NetBSD runs as a KVM guest.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-amd64-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 21 12:45:00 +0000 2013
>Originator:     Aktado
>Release:        6.0.1
>Organization:
>Environment:
uname -a:
NetBSD www.aktado.net 6.0.1 NetBSD 6.0.1 (GENERIC) #0: Sun Mar 10 21:58:53 JST 
2013  aktado%www.aktado.net@localhost:/usr/src/sys/arch/amd64/conf/GENERIC amd64

CPUID leaves 0x0 and 0x1:
 eax in    eax      ebx      ecx      edx
00000000 00000005 68747541 444d4163 69746e65
00000001 00100f23 00000800 80802001 078bfbff

>Description:
An atempt to boot as a KVM guest on AMD processor causes the following message:
    
    fatal protection fault in supervisor mode
    

related issue:
http://mail-index.netbsd.org/current-users/2012/02/17/msg019162.html


dmesg:
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
    2006, 2007, 2008, 2009, 2010, 2011, 2012
    The NetBSD Foundation,  Inc.  All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
    The Regents of the University of California.  All rights reserved.

NetBSD 6.0.1 (GENERIC)
total memory = 2047 MB
avail memory = 1973 MB
mainbus0 (root)
cpu0 at mainbus0 apid 0: AMD Phenom(tm) 9550 Quad-Core Processor,  id 0x100f23
fatal protection fault in supervisor mode
trap type 4 code 0 rip ffffffff80252c3b cs 8 rflags 10246 cr2  0 cpl 8 rsp fffff
fff80fbcc18
kernel: protection fault trap, code=0
Stopped in pid 0.1 (system) at  netbsd:rdmsr_locked+0xb:       rdmsr
db{0}> trace
rdmsr_locked() at netbsd:rdmsr_locked+0xb
x86_errata() at netbsd:x86_errata+0xd2
cpu_attach() at netbsd:cpu_attach+0x304
config_attach_loc() at netbsd:config_attach_loc+0x1bb
mpacpi_config_cpu() at netbsd:mpacpi_config_cpu+0x7a
acpi_madt_walk() at netbsd:acpi_madt_walk+0x40
mpacpi_scan_apics() at netbsd:mpacpi_scan_apics+0x67
mainbus_attach() at netbsd:mainbus_attach+0x17c
config_attach_loc() at netbsd:config_attach_loc+0x1bb
cpu_configure() at netbsd:cpu_configure+0x26
main() at netbsd:main+0x2a6
db{0}>

>How-To-Repeat:
Boot netbsd as a qemu-kvm guest on a CPU whose VendorID is AMD.
The version of qemu-kvm is unknown...

>Fix:
I think x86_errata should be avoided if NetBSD running on virtual 
machine because accesses to MSR may be restricted.

Some documents notice that the bit 31 of %ecx of CPUID leaf 0x1 
indicates the presense of hypervisor, e.g.
  http://lwn.net/Articles/301888/
  http://msdn.microsoft.com/library/ff538624%28v=vs.85%29.aspx

How about the following patch?
-- 8< --
Index: sys/arch/x86/include/specialreg.h
===================================================================
RCS file: /cvs/cvsroot/src/sys/arch/x86/include/specialreg.h,v
retrieving revision 1.55.2.3
diff -U 4 -r1.55.2.3 specialreg.h
--- sys/arch/x86/include/specialreg.h   7 May 2012 16:37:19 -0000       1.55.2.3
+++ sys/arch/x86/include/specialreg.h
@@ -287,9 +287,9 @@
 #define        CPUID2_XSAVE    0x04000000      /* XSAVE instructions */
 #define        CPUID2_OSXSAVE  0x08000000      /* XGETBV/XSETBV instructions */
 #define        CPUID2_AVX      0x10000000      /* AVX instructions */
 #define        CPUID2_F16C     0x20000000      /* half precision conversion */
-#define        CPUID2_RAZ      0x80000000      /* RAZ. Indicates guest state. 
*/
+#define        CPUID2_HV       0x80000000      /* Indicates existence of 
hypervisor. */

 #define CPUID2_FLAGS1  
"\20\1SSE3\2PCLMULQDQ\3DTES64\4MONITOR\5DS-CPL\6VMX\7SMX" \
                        "\10EST\11TM2\12SSSE3\13CID\14B11\15B12\16CX16" \
                        "\17xTPR\20PDCM\21B16\22PCID\23DCA\24SSE41\25SSE42" \

Index: sys/arch/x86/x86/errata.c
===================================================================
RCS file: /cvs/cvsroot/src/sys/arch/x86/x86/errata.h,v
retrieving revision 1.19.14.1
diff -U 4 -r1.19.14.1 errata.c
--- sys/arch/x86/x86/errata.c   9 Apr 2012 18:02:25 -0000       1.19.14.1
+++ sys/arch/x86/x86/errata.c
@@ -328,8 +328,11 @@
        cpurev_t rev;
        int i, j, upgrade;
        static int again;

+       if (cpu_feature[1] & CPUID2_HV)
+               return;
+
        if (cpu_vendor != CPUVENDOR_AMD)
                return;

        ci = curcpu();

Prev by Date: kern/47676: Off-by-one error in reported CD capacity means last sector cannot be read
Next by Date: PR/47677 CVS commit: src/sys/arch/x86/x86
Previous by Thread: kern/47676: Off-by-one error in reported CD capacity means last sector cannot be read
Next by Thread: PR/47677 CVS commit: src/sys/arch/x86/x86
Indexes:

Home | Main Index | Thread Index | Old Index