NetBSD Problem Report #47677
From www@NetBSD.org Thu Mar 21 12:42:43 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id 1241C63E6F8
for <gnats-bugs@gnats.NetBSD.org>; Thu, 21 Mar 2013 12:42:43 +0000 (UTC)
Message-Id: <20130321124241.DBC2E63E6F8@www.NetBSD.org>
Date: Thu, 21 Mar 2013 12:42:41 +0000 (UTC)
From: aktado@users.sourceforge.jp
Reply-To: aktado@users.sourceforge.jp
To: gnats-bugs@NetBSD.org
Subject: x86_errata() should be avoided if NetBSD runs as a KVM guest.
X-Send-Pr-Version: www-1.0
>Number: 47677
>Category: port-amd64
>Synopsis: x86_errata() should be avoided if NetBSD runs as a KVM guest.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-amd64-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Mar 21 12:45:00 +0000 2013
>Closed-Date: Fri Feb 10 11:00:15 +0000 2017
>Last-Modified: Fri Feb 10 11:00:15 +0000 2017
>Originator: Aktado
>Release: 6.0.1
>Organization:
>Environment:
uname -a:
NetBSD www.aktado.net 6.0.1 NetBSD 6.0.1 (GENERIC) #0: Sun Mar 10 21:58:53 JST 2013 aktado@www.aktado.net:/usr/src/sys/arch/amd64/conf/GENERIC amd64
CPUID leaves 0x0 and 0x1:
eax in eax ebx ecx edx
00000000 00000005 68747541 444d4163 69746e65
00000001 00100f23 00000800 80802001 078bfbff
>Description:
An atempt to boot as a KVM guest on AMD processor causes the following message:
fatal protection fault in supervisor mode
related issue:
http://mail-index.netbsd.org/current-users/2012/02/17/msg019162.html
dmesg:
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007, 2008, 2009, 2010, 2011, 2012
The NetBSD Foundation, Inc. All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
NetBSD 6.0.1 (GENERIC)
total memory = 2047 MB
avail memory = 1973 MB
mainbus0 (root)
cpu0 at mainbus0 apid 0: AMD Phenom(tm) 9550 Quad-Core Processor, id 0x100f23
fatal protection fault in supervisor mode
trap type 4 code 0 rip ffffffff80252c3b cs 8 rflags 10246 cr2 0 cpl 8 rsp fffff
fff80fbcc18
kernel: protection fault trap, code=0
Stopped in pid 0.1 (system) at netbsd:rdmsr_locked+0xb: rdmsr
db{0}> trace
rdmsr_locked() at netbsd:rdmsr_locked+0xb
x86_errata() at netbsd:x86_errata+0xd2
cpu_attach() at netbsd:cpu_attach+0x304
config_attach_loc() at netbsd:config_attach_loc+0x1bb
mpacpi_config_cpu() at netbsd:mpacpi_config_cpu+0x7a
acpi_madt_walk() at netbsd:acpi_madt_walk+0x40
mpacpi_scan_apics() at netbsd:mpacpi_scan_apics+0x67
mainbus_attach() at netbsd:mainbus_attach+0x17c
config_attach_loc() at netbsd:config_attach_loc+0x1bb
cpu_configure() at netbsd:cpu_configure+0x26
main() at netbsd:main+0x2a6
db{0}>
>How-To-Repeat:
Boot netbsd as a qemu-kvm guest on a CPU whose VendorID is AMD.
The version of qemu-kvm is unknown...
>Fix:
I think x86_errata should be avoided if NetBSD running on virtual
machine because accesses to MSR may be restricted.
Some documents notice that the bit 31 of %ecx of CPUID leaf 0x1
indicates the presense of hypervisor, e.g.
http://lwn.net/Articles/301888/
http://msdn.microsoft.com/library/ff538624%28v=vs.85%29.aspx
How about the following patch?
-- 8< --
Index: sys/arch/x86/include/specialreg.h
===================================================================
RCS file: /cvs/cvsroot/src/sys/arch/x86/include/specialreg.h,v
retrieving revision 1.55.2.3
diff -U 4 -r1.55.2.3 specialreg.h
--- sys/arch/x86/include/specialreg.h 7 May 2012 16:37:19 -0000 1.55.2.3
+++ sys/arch/x86/include/specialreg.h
@@ -287,9 +287,9 @@
#define CPUID2_XSAVE 0x04000000 /* XSAVE instructions */
#define CPUID2_OSXSAVE 0x08000000 /* XGETBV/XSETBV instructions */
#define CPUID2_AVX 0x10000000 /* AVX instructions */
#define CPUID2_F16C 0x20000000 /* half precision conversion */
-#define CPUID2_RAZ 0x80000000 /* RAZ. Indicates guest state. */
+#define CPUID2_HV 0x80000000 /* Indicates existence of hypervisor. */
#define CPUID2_FLAGS1 "\20\1SSE3\2PCLMULQDQ\3DTES64\4MONITOR\5DS-CPL\6VMX\7SMX" \
"\10EST\11TM2\12SSSE3\13CID\14B11\15B12\16CX16" \
"\17xTPR\20PDCM\21B16\22PCID\23DCA\24SSE41\25SSE42" \
Index: sys/arch/x86/x86/errata.c
===================================================================
RCS file: /cvs/cvsroot/src/sys/arch/x86/x86/errata.h,v
retrieving revision 1.19.14.1
diff -U 4 -r1.19.14.1 errata.c
--- sys/arch/x86/x86/errata.c 9 Apr 2012 18:02:25 -0000 1.19.14.1
+++ sys/arch/x86/x86/errata.c
@@ -328,8 +328,11 @@
cpurev_t rev;
int i, j, upgrade;
static int again;
+ if (cpu_feature[1] & CPUID2_HV)
+ return;
+
if (cpu_vendor != CPUVENDOR_AMD)
return;
ci = curcpu();
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/47677 CVS commit: src/sys/arch/x86/x86
Date: Thu, 21 Mar 2013 09:22:38 -0400
Module Name: src
Committed By: christos
Date: Thu Mar 21 13:22:37 UTC 2013
Modified Files:
src/sys/arch/x86/x86: errata.c
Log Message:
PR/47677 Aktado: x86_errata() should be avoided if NetBSD runs as a KVM guest.
XXX: pullup to 6
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/sys/arch/x86/x86/errata.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Fri, 10 Feb 2017 11:00:15 +0000
State-Changed-Why:
fixed by christos
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.