[Qemu-devel] [PATCH for-2.9 v3 0/3] Use non-blacklisted family/model/stepping for Haswell CPU model

[Qemu-devel] [PATCH for-2.9 v3 0/3] Use non-blacklisted family/model/stepping for Haswell CPU model

[Eduardo Habkost]

I plan to merge this bug fix into 2.9.

Changes v2 -> v3:
* Rebase to latest master
* Don't touch max_x86_cpu_initfn() to reduce risk post
  hard freeze

Changes v1 -> v2:
* Coding style fixes
* Make series simpler:
  * Don't use trick: char vendor[static (CPUID_VENDOR_SZ + 1)]
    because it confuses checkpatch.pl
  * Removed patch "Add explicit array size to x86_cpu_vendor_words2str()"
* Rebased on top of my x86-next branch:
  https://github.com/ehabkost/qemu x86-next

Git branch for testing:
  https://github.com/ehabkost/qemu-hacks work/x86-rtm-blacklist

Diff from v1:

  diff --git a/target/i386/cpu.h b/target/i386/cpu.h
  index cd94726e43..647435a1d9 100644
  --- a/target/i386/cpu.h
  +++ b/target/i386/cpu.h
  @@ -1431,7 +1431,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
   void cpu_clear_apic_feature(CPUX86State *env);
   void host_cpuid(uint32_t function, uint32_t count,
                   uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx);
  -void host_vendor_fms(char vendor[static (CPUID_VENDOR_SZ + 1)], int *family, int *model, int *stepping);
  +void host_vendor_fms(char *vendor, int *family, int *model, int *stepping);

   /* helper.c */
   int x86_cpu_handle_mmu_fault(CPUState *cpu, vaddr addr,
  diff --git a/target/i386/cpu.c b/target/i386/cpu.c
  index 25c6c5e115..eab1ad7935 100644
  --- a/target/i386/cpu.c
  +++ b/target/i386/cpu.c
  @@ -682,7 +682,7 @@ void host_cpuid(uint32_t function, uint32_t count,
           *edx = vec[3];
   }

  -void host_vendor_fms(char vendor[static (CPUID_VENDOR_SZ + 1)], int *family, int *model, int *stepping)
  +void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
   {
       uint32_t eax, ebx, ecx, edx;

  @@ -1570,7 +1570,8 @@ static void host_x86_cpu_class_init(ObjectClass *oc, void *data)
       xcc->kvm_required = true;
       xcc->ordering = 9;

  -    host_vendor_fms(host_cpudef.vendor, &host_cpudef.family, &host_cpudef.model, &host_cpudef.stepping);
  +    host_vendor_fms(host_cpudef.vendor, &host_cpudef.family,
  +                    &host_cpudef.model, &host_cpudef.stepping);

       cpu_x86_fill_model_id(host_cpudef.model_id);

---

A recent glibc commit[1] added a blacklist to ensure it won't use
TSX on hosts that are known to have a broken TSX implementation.

Our existing Haswell CPU model has a blacklisted
family/model/stepping combination, so it has to be updated to
make sure guests will really use TSX. This is done by patch 5/5.

However, to do this safely we need to ensure the host CPU is not
a blacklisted one, so we won't mislead guests by exposing
known-to-be-good FMS values on a known-to-be-broken host. This is
done by patch 3/5.

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f2064f5aa15c0ceb6359

---
Cc: dgilbert@redhat.com
Cc: fweimer@redhat.com
Cc: carlos@redhat.com
Cc: triegel@redhat.com
Cc: berrange@redhat.com
Cc: jdenemar@redhat.com
Cc: pbonzini@redhat.com

Eduardo Habkost (3):
  i386: host_vendor_fms() helper function
  i386/kvm: Blacklist TSX on known broken hosts
  i386: Change stepping of Haswell to non-blacklisted value

 include/hw/i386/pc.h |  5 +++++
 target/i386/cpu.h    |  1 +
 target/i386/cpu.c    | 21 ++++++++++++++++++++-
 target/i386/kvm.c    | 17 +++++++++++++++++
 4 files changed, 43 insertions(+), 1 deletion(-)

-- 
2.11.0.259.g40922b1

[Qemu-devel] [PATCH for-2.9 v3 1/3] i386: host_vendor_fms() helper function

[Eduardo Habkost]

Helper function for code that needs to check the host CPU
vendor/family/model/stepping values.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
Changes v2 -> v3:
* Don't touch max_x86_cpu_initfn() to reduce risk post
  hard freeze

Changes v1 -> v2:
* Coding style fix (split long lines)
---
 target/i386/cpu.h |  1 +
 target/i386/cpu.c | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index ac2ad6d443..385dcc8fea 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1436,6 +1436,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
 void cpu_clear_apic_feature(CPUX86State *env);
 void host_cpuid(uint32_t function, uint32_t count,
                 uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx);
+void host_vendor_fms(char *vendor, int *family, int *model, int *stepping);
 
 /* helper.c */
 int x86_cpu_handle_mmu_fault(CPUState *cpu, vaddr addr,
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fba92125ab..30ba1bd06b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -688,6 +688,25 @@ void host_cpuid(uint32_t function, uint32_t count,
         *edx = vec[3];
 }
 
+void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
+{
+    uint32_t eax, ebx, ecx, edx;
+
+    host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
+    x86_cpu_vendor_words2str(vendor, ebx, edx, ecx);
+
+    host_cpuid(0x1, 0, &eax, &ebx, &ecx, &edx);
+    if (family) {
+        *family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF);
+    }
+    if (model) {
+        *model = ((eax >> 4) & 0x0F) | ((eax & 0xF0000) >> 12);
+    }
+    if (stepping) {
+        *stepping = eax & 0x0F;
+    }
+}
+
 /* CPU class name definitions: */
 
 #define X86_CPU_TYPE_SUFFIX "-" TYPE_X86_CPU
-- 
2.11.0.259.g40922b1

[Qemu-devel] [PATCH for-2.9 v3 2/3] i386/kvm: Blacklist TSX on known broken hosts

[Eduardo Habkost]

Some Intel CPUs are known to have a broken TSX implementation. A
microcode update from Intel disabled TSX on those CPUs, but
GET_SUPPORTED_CPUID might be reporting it as supported if the
hosts were not updated yet.

Manually fixup the GET_SUPPORTED_CPUID data to ensure we will
never enable TSX when running on those hosts.

Reference:
* glibc commit 2702856bf45c82cf8e69f2064f5aa15c0ceb6359:
  https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f2064f5aa15c0ceb6359

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 target/i386/kvm.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 887a81268f..472399fb2c 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -266,6 +266,19 @@ static int get_para_features(KVMState *s)
     return features;
 }
 
+static bool host_tsx_blacklisted(void)
+{
+    int family, model, stepping;\
+    char vendor[CPUID_VENDOR_SZ + 1];
+
+    host_vendor_fms(vendor, &family, &model, &stepping);
+
+    /* Check if we are running on a Haswell host known to have broken TSX */
+    return !strcmp(vendor, CPUID_VENDOR_INTEL) &&
+           (family == 6) &&
+           ((model == 63 && stepping < 4) ||
+            model == 60 || model == 69 || model == 70);
+}
 
 /* Returns the value for a specific register on the cpuid entry
  */
@@ -349,6 +362,10 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
         }
     } else if (function == 6 && reg == R_EAX) {
         ret |= CPUID_6_EAX_ARAT; /* safe to allow because of emulated APIC */
+    } else if (function == 7 && index == 0 && reg == R_EBX) {
+        if (host_tsx_blacklisted()) {
+            ret &= ~(CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_HLE);
+        }
     } else if (function == 0x80000001 && reg == R_EDX) {
         /* On Intel, kvm returns cpuid according to the Intel spec,
          * so add missing bits according to the AMD spec:
-- 
2.11.0.259.g40922b1

[Qemu-devel] [PATCH for-2.9 v3 3/3] i386: Change stepping of Haswell to non-blacklisted value

[Eduardo Habkost]

glibc blacklists TSX on Haswell CPUs with model==60 and
stepping < 4. To make the Haswell CPU model more useful, make
those guests actually use TSX by changing CPU stepping to 4.

References:
* glibc commit 2702856bf45c82cf8e69f2064f5aa15c0ceb6359
  https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f2064f5aa15c0ceb6359

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 include/hw/i386/pc.h | 5 +++++
 target/i386/cpu.c    | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index ab303c7fee..f278b3ae89 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -389,6 +389,11 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
         .driver   = TYPE_X86_CPU,\
         .property = "vmware-cpuid-freq",\
         .value    = "off",\
+    },\
+    {\
+        .driver   = "Haswell-" TYPE_X86_CPU,\
+        .property = "stepping",\
+        .value    = "1",\
     },
 
 #define PC_COMPAT_2_7 \
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 30ba1bd06b..7aa762245a 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1196,7 +1196,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
         .vendor = CPUID_VENDOR_INTEL,
         .family = 6,
         .model = 60,
-        .stepping = 1,
+        .stepping = 4,
         .features[FEAT_1_EDX] =
             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
-- 
2.11.0.259.g40922b1

Re: [Qemu-devel] [PATCH for-2.9 v3 0/3] Use non-blacklisted family/model/stepping for Haswell CPU model

[Eduardo Habkost]

On Thu, Mar 09, 2017 at 03:12:09PM -0300, Eduardo Habkost wrote:
> I plan to merge this bug fix into 2.9.

I'm queueing this on my x86-next branch.

> 
> Changes v2 -> v3:
> * Rebase to latest master
> * Don't touch max_x86_cpu_initfn() to reduce risk post
>   hard freeze
> 
> Changes v1 -> v2:
> * Coding style fixes
> * Make series simpler:
>   * Don't use trick: char vendor[static (CPUID_VENDOR_SZ + 1)]
>     because it confuses checkpatch.pl
>   * Removed patch "Add explicit array size to x86_cpu_vendor_words2str()"
> * Rebased on top of my x86-next branch:
>   https://github.com/ehabkost/qemu x86-next
> 
> Git branch for testing:
>   https://github.com/ehabkost/qemu-hacks work/x86-rtm-blacklist
> 
> Diff from v1:
> 
>   diff --git a/target/i386/cpu.h b/target/i386/cpu.h
>   index cd94726e43..647435a1d9 100644
>   --- a/target/i386/cpu.h
>   +++ b/target/i386/cpu.h
>   @@ -1431,7 +1431,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
>    void cpu_clear_apic_feature(CPUX86State *env);
>    void host_cpuid(uint32_t function, uint32_t count,
>                    uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx);
>   -void host_vendor_fms(char vendor[static (CPUID_VENDOR_SZ + 1)], int *family, int *model, int *stepping);
>   +void host_vendor_fms(char *vendor, int *family, int *model, int *stepping);
> 
>    /* helper.c */
>    int x86_cpu_handle_mmu_fault(CPUState *cpu, vaddr addr,
>   diff --git a/target/i386/cpu.c b/target/i386/cpu.c
>   index 25c6c5e115..eab1ad7935 100644
>   --- a/target/i386/cpu.c
>   +++ b/target/i386/cpu.c
>   @@ -682,7 +682,7 @@ void host_cpuid(uint32_t function, uint32_t count,
>            *edx = vec[3];
>    }
> 
>   -void host_vendor_fms(char vendor[static (CPUID_VENDOR_SZ + 1)], int *family, int *model, int *stepping)
>   +void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
>    {
>        uint32_t eax, ebx, ecx, edx;
> 
>   @@ -1570,7 +1570,8 @@ static void host_x86_cpu_class_init(ObjectClass *oc, void *data)
>        xcc->kvm_required = true;
>        xcc->ordering = 9;
> 
>   -    host_vendor_fms(host_cpudef.vendor, &host_cpudef.family, &host_cpudef.model, &host_cpudef.stepping);
>   +    host_vendor_fms(host_cpudef.vendor, &host_cpudef.family,
>   +                    &host_cpudef.model, &host_cpudef.stepping);
> 
>        cpu_x86_fill_model_id(host_cpudef.model_id);
> 
> ---
> 
> A recent glibc commit[1] added a blacklist to ensure it won't use
> TSX on hosts that are known to have a broken TSX implementation.
> 
> Our existing Haswell CPU model has a blacklisted
> family/model/stepping combination, so it has to be updated to
> make sure guests will really use TSX. This is done by patch 5/5.
> 
> However, to do this safely we need to ensure the host CPU is not
> a blacklisted one, so we won't mislead guests by exposing
> known-to-be-good FMS values on a known-to-be-broken host. This is
> done by patch 3/5.
> 
> [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f2064f5aa15c0ceb6359
> 
> ---
> Cc: dgilbert@redhat.com
> Cc: fweimer@redhat.com
> Cc: carlos@redhat.com
> Cc: triegel@redhat.com
> Cc: berrange@redhat.com
> Cc: jdenemar@redhat.com
> Cc: pbonzini@redhat.com
> 
> Eduardo Habkost (3):
>   i386: host_vendor_fms() helper function
>   i386/kvm: Blacklist TSX on known broken hosts
>   i386: Change stepping of Haswell to non-blacklisted value
> 
>  include/hw/i386/pc.h |  5 +++++
>  target/i386/cpu.h    |  1 +
>  target/i386/cpu.c    | 21 ++++++++++++++++++++-
>  target/i386/kvm.c    | 17 +++++++++++++++++
>  4 files changed, 43 insertions(+), 1 deletion(-)
> 
> -- 
> 2.11.0.259.g40922b1
> 
> 

-- 
Eduardo