[Qemu-devel] [PULL 0/3] x86: Haswell TSX blacklist fix for 2.9

[Qemu-devel] [PULL 0/3] x86: Haswell TSX blacklist fix for 2.9

[Eduardo Habkost]

The following changes since commit dd4d2578215cd380f40a38028a9904e15b135ef3:

  Merge remote-tracking branch 'remotes/kraxel/tags/pull-fixes-20170309-1' into staging (2017-03-09 13:16:05 +0000)

are available in the git repository at:

  git://github.com/ehabkost/qemu.git tags/x86-pull-request

for you to fetch changes up to ec56a4a7b07e2943f49da273a31e3195083b1f2e:

  i386: Change stepping of Haswell to non-blacklisted value (2017-03-10 15:01:09 -0300)

----------------------------------------------------------------
x86: Haswell TSX blacklist fix for 2.9

----------------------------------------------------------------

Eduardo Habkost (3):
  i386: host_vendor_fms() helper function
  i386/kvm: Blacklist TSX on known broken hosts
  i386: Change stepping of Haswell to non-blacklisted value

 include/hw/i386/pc.h |  5 +++++
 target/i386/cpu.h    |  1 +
 target/i386/cpu.c    | 21 ++++++++++++++++++++-
 target/i386/kvm.c    | 17 +++++++++++++++++
 4 files changed, 43 insertions(+), 1 deletion(-)

-- 
2.11.0.259.g40922b1

[Qemu-devel] [PULL 1/3] i386: host_vendor_fms() helper function

[Eduardo Habkost]

Helper function for code that needs to check the host CPU
vendor/family/model/stepping values.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20170309181212.18864-2-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 target/i386/cpu.h |  1 +
 target/i386/cpu.c | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index ac2ad6d443..385dcc8fea 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1436,6 +1436,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
 void cpu_clear_apic_feature(CPUX86State *env);
 void host_cpuid(uint32_t function, uint32_t count,
                 uint32_t *eax, uint32_t *ebx, uint32_t *ecx, uint32_t *edx);
+void host_vendor_fms(char *vendor, int *family, int *model, int *stepping);
 
 /* helper.c */
 int x86_cpu_handle_mmu_fault(CPUState *cpu, vaddr addr,
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index fba92125ab..30ba1bd06b 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -688,6 +688,25 @@ void host_cpuid(uint32_t function, uint32_t count,
         *edx = vec[3];
 }
 
+void host_vendor_fms(char *vendor, int *family, int *model, int *stepping)
+{
+    uint32_t eax, ebx, ecx, edx;
+
+    host_cpuid(0x0, 0, &eax, &ebx, &ecx, &edx);
+    x86_cpu_vendor_words2str(vendor, ebx, edx, ecx);
+
+    host_cpuid(0x1, 0, &eax, &ebx, &ecx, &edx);
+    if (family) {
+        *family = ((eax >> 8) & 0x0F) + ((eax >> 20) & 0xFF);
+    }
+    if (model) {
+        *model = ((eax >> 4) & 0x0F) | ((eax & 0xF0000) >> 12);
+    }
+    if (stepping) {
+        *stepping = eax & 0x0F;
+    }
+}
+
 /* CPU class name definitions: */
 
 #define X86_CPU_TYPE_SUFFIX "-" TYPE_X86_CPU
-- 
2.11.0.259.g40922b1

[Qemu-devel] [PULL 2/3] i386/kvm: Blacklist TSX on known broken hosts

[Eduardo Habkost]

Some Intel CPUs are known to have a broken TSX implementation. A
microcode update from Intel disabled TSX on those CPUs, but
GET_SUPPORTED_CPUID might be reporting it as supported if the
hosts were not updated yet.

Manually fixup the GET_SUPPORTED_CPUID data to ensure we will
never enable TSX when running on those hosts.

Reference:
* glibc commit 2702856bf45c82cf8e69f2064f5aa15c0ceb6359:
  https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f2064f5aa15c0ceb6359

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20170309181212.18864-3-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 target/i386/kvm.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/target/i386/kvm.c b/target/i386/kvm.c
index 887a81268f..472399fb2c 100644
--- a/target/i386/kvm.c
+++ b/target/i386/kvm.c
@@ -266,6 +266,19 @@ static int get_para_features(KVMState *s)
     return features;
 }
 
+static bool host_tsx_blacklisted(void)
+{
+    int family, model, stepping;\
+    char vendor[CPUID_VENDOR_SZ + 1];
+
+    host_vendor_fms(vendor, &family, &model, &stepping);
+
+    /* Check if we are running on a Haswell host known to have broken TSX */
+    return !strcmp(vendor, CPUID_VENDOR_INTEL) &&
+           (family == 6) &&
+           ((model == 63 && stepping < 4) ||
+            model == 60 || model == 69 || model == 70);
+}
 
 /* Returns the value for a specific register on the cpuid entry
  */
@@ -349,6 +362,10 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uint32_t function,
         }
     } else if (function == 6 && reg == R_EAX) {
         ret |= CPUID_6_EAX_ARAT; /* safe to allow because of emulated APIC */
+    } else if (function == 7 && index == 0 && reg == R_EBX) {
+        if (host_tsx_blacklisted()) {
+            ret &= ~(CPUID_7_0_EBX_RTM | CPUID_7_0_EBX_HLE);
+        }
     } else if (function == 0x80000001 && reg == R_EDX) {
         /* On Intel, kvm returns cpuid according to the Intel spec,
          * so add missing bits according to the AMD spec:
-- 
2.11.0.259.g40922b1

[Qemu-devel] [PULL 3/3] i386: Change stepping of Haswell to non-blacklisted value

[Eduardo Habkost]

glibc blacklists TSX on Haswell CPUs with model==60 and
stepping < 4. To make the Haswell CPU model more useful, make
those guests actually use TSX by changing CPU stepping to 4.

References:
* glibc commit 2702856bf45c82cf8e69f2064f5aa15c0ceb6359
  https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f2064f5aa15c0ceb6359

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20170309181212.18864-4-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 include/hw/i386/pc.h | 5 +++++
 target/i386/cpu.c    | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h
index ab303c7fee..f278b3ae89 100644
--- a/include/hw/i386/pc.h
+++ b/include/hw/i386/pc.h
@@ -389,6 +389,11 @@ bool e820_get_entry(int, uint32_t, uint64_t *, uint64_t *);
         .driver   = TYPE_X86_CPU,\
         .property = "vmware-cpuid-freq",\
         .value    = "off",\
+    },\
+    {\
+        .driver   = "Haswell-" TYPE_X86_CPU,\
+        .property = "stepping",\
+        .value    = "1",\
     },
 
 #define PC_COMPAT_2_7 \
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 30ba1bd06b..7aa762245a 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -1196,7 +1196,7 @@ static X86CPUDefinition builtin_x86_defs[] = {
         .vendor = CPUID_VENDOR_INTEL,
         .family = 6,
         .model = 60,
-        .stepping = 1,
+        .stepping = 4,
         .features[FEAT_1_EDX] =
             CPUID_VME | CPUID_SSE2 | CPUID_SSE | CPUID_FXSR | CPUID_MMX |
             CPUID_CLFLUSH | CPUID_PSE36 | CPUID_PAT | CPUID_CMOV | CPUID_MCA |
-- 
2.11.0.259.g40922b1

Re: [Qemu-devel] [PULL 0/3] x86: Haswell TSX blacklist fix for 2.9

[Peter Maydell]

On 10 March 2017 at 19:45, Eduardo Habkost <ehabkost@redhat.com> wrote:
> The following changes since commit dd4d2578215cd380f40a38028a9904e15b135ef3:
>
>   Merge remote-tracking branch 'remotes/kraxel/tags/pull-fixes-20170309-1' into staging (2017-03-09 13:16:05 +0000)
>
> are available in the git repository at:
>
>   git://github.com/ehabkost/qemu.git tags/x86-pull-request
>
> for you to fetch changes up to ec56a4a7b07e2943f49da273a31e3195083b1f2e:
>
>   i386: Change stepping of Haswell to non-blacklisted value (2017-03-10 15:01:09 -0300)
>
> ----------------------------------------------------------------
> x86: Haswell TSX blacklist fix for 2.9
>
> ----------------------------------------------------------------

Applied, thanks.

-- PMM