NetBSD Problem Report #47677

From www@NetBSD.org  Thu Mar 21 12:42:43 2013
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id 1241C63E6F8
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 21 Mar 2013 12:42:43 +0000 (UTC)
Message-Id: <20130321124241.DBC2E63E6F8@www.NetBSD.org>
Date: Thu, 21 Mar 2013 12:42:41 +0000 (UTC)
From: aktado@users.sourceforge.jp
Reply-To: aktado@users.sourceforge.jp
To: gnats-bugs@NetBSD.org
Subject: x86_errata() should be avoided if NetBSD runs as a KVM guest.
X-Send-Pr-Version: www-1.0

>Number:         47677
>Category:       port-amd64
>Synopsis:       x86_errata() should be avoided if NetBSD runs as a KVM guest.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-amd64-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 21 12:45:00 +0000 2013
>Closed-Date:    Fri Feb 10 11:00:15 +0000 2017
>Last-Modified:  Fri Feb 10 11:00:15 +0000 2017
>Originator:     Aktado
>Release:        6.0.1
>Organization:
>Environment:
uname -a:
NetBSD www.aktado.net 6.0.1 NetBSD 6.0.1 (GENERIC) #0: Sun Mar 10 21:58:53 JST 2013  aktado@www.aktado.net:/usr/src/sys/arch/amd64/conf/GENERIC amd64

CPUID leaves 0x0 and 0x1:
 eax in    eax      ebx      ecx      edx
00000000 00000005 68747541 444d4163 69746e65
00000001 00100f23 00000800 80802001 078bfbff

>Description:
An atempt to boot as a KVM guest on AMD processor causes the following message:

    fatal protection fault in supervisor mode


related issue:
http://mail-index.netbsd.org/current-users/2012/02/17/msg019162.html


dmesg:
Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
    2006, 2007, 2008, 2009, 2010, 2011, 2012
    The NetBSD Foundation,  Inc.  All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
    The Regents of the University of California.  All rights reserved.

NetBSD 6.0.1 (GENERIC)
total memory = 2047 MB
avail memory = 1973 MB
mainbus0 (root)
cpu0 at mainbus0 apid 0: AMD Phenom(tm) 9550 Quad-Core Processor,  id 0x100f23
fatal protection fault in supervisor mode
trap type 4 code 0 rip ffffffff80252c3b cs 8 rflags 10246 cr2  0 cpl 8 rsp fffff
fff80fbcc18
kernel: protection fault trap, code=0
Stopped in pid 0.1 (system) at  netbsd:rdmsr_locked+0xb:       rdmsr
db{0}> trace
rdmsr_locked() at netbsd:rdmsr_locked+0xb
x86_errata() at netbsd:x86_errata+0xd2
cpu_attach() at netbsd:cpu_attach+0x304
config_attach_loc() at netbsd:config_attach_loc+0x1bb
mpacpi_config_cpu() at netbsd:mpacpi_config_cpu+0x7a
acpi_madt_walk() at netbsd:acpi_madt_walk+0x40
mpacpi_scan_apics() at netbsd:mpacpi_scan_apics+0x67
mainbus_attach() at netbsd:mainbus_attach+0x17c
config_attach_loc() at netbsd:config_attach_loc+0x1bb
cpu_configure() at netbsd:cpu_configure+0x26
main() at netbsd:main+0x2a6
db{0}>

>How-To-Repeat:
Boot netbsd as a qemu-kvm guest on a CPU whose VendorID is AMD.
The version of qemu-kvm is unknown...

>Fix:
I think x86_errata should be avoided if NetBSD running on virtual 
machine because accesses to MSR may be restricted.

Some documents notice that the bit 31 of %ecx of CPUID leaf 0x1 
indicates the presense of hypervisor, e.g.
  http://lwn.net/Articles/301888/
  http://msdn.microsoft.com/library/ff538624%28v=vs.85%29.aspx

How about the following patch?
-- 8< --
Index: sys/arch/x86/include/specialreg.h
===================================================================
RCS file: /cvs/cvsroot/src/sys/arch/x86/include/specialreg.h,v
retrieving revision 1.55.2.3
diff -U 4 -r1.55.2.3 specialreg.h
--- sys/arch/x86/include/specialreg.h	7 May 2012 16:37:19 -0000	1.55.2.3
+++ sys/arch/x86/include/specialreg.h
@@ -287,9 +287,9 @@
 #define	CPUID2_XSAVE	0x04000000	/* XSAVE instructions */
 #define	CPUID2_OSXSAVE	0x08000000	/* XGETBV/XSETBV instructions */
 #define	CPUID2_AVX	0x10000000	/* AVX instructions */
 #define	CPUID2_F16C	0x20000000	/* half precision conversion */
-#define	CPUID2_RAZ	0x80000000	/* RAZ. Indicates guest state. */
+#define	CPUID2_HV	0x80000000	/* Indicates existence of hypervisor. */

 #define CPUID2_FLAGS1	"\20\1SSE3\2PCLMULQDQ\3DTES64\4MONITOR\5DS-CPL\6VMX\7SMX" \
 			"\10EST\11TM2\12SSSE3\13CID\14B11\15B12\16CX16" \
 			"\17xTPR\20PDCM\21B16\22PCID\23DCA\24SSE41\25SSE42" \

Index: sys/arch/x86/x86/errata.c
===================================================================
RCS file: /cvs/cvsroot/src/sys/arch/x86/x86/errata.h,v
retrieving revision 1.19.14.1
diff -U 4 -r1.19.14.1 errata.c
--- sys/arch/x86/x86/errata.c	9 Apr 2012 18:02:25 -0000	1.19.14.1
+++ sys/arch/x86/x86/errata.c
@@ -328,8 +328,11 @@
 	cpurev_t rev;
 	int i, j, upgrade;
 	static int again;

+	if (cpu_feature[1] & CPUID2_HV)
+		return;
+
 	if (cpu_vendor != CPUVENDOR_AMD)
 		return;

 	ci = curcpu();


>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/47677 CVS commit: src/sys/arch/x86/x86
Date: Thu, 21 Mar 2013 09:22:38 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Thu Mar 21 13:22:37 UTC 2013

 Modified Files:
 	src/sys/arch/x86/x86: errata.c

 Log Message:
 PR/47677 Aktado: x86_errata() should be avoided if NetBSD runs as a KVM guest.
 XXX: pullup to 6


 To generate a diff of this commit:
 cvs rdiff -u -r1.20 -r1.21 src/sys/arch/x86/x86/errata.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Fri, 10 Feb 2017 11:00:15 +0000
State-Changed-Why:
fixed by christos


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.