From: Zhao Liu <zhao1.liu@intel.com>
To: "Paolo Bonzini" <pbonzini@redhat.com>,
"Daniel P . Berrangé" <berrange@redhat.com>,
"Igor Mammedov" <imammedo@redhat.com>
Cc: Ewan Hai <ewanhai-oc@zhaoxin.com>,
Xiaoyao Li <xiaoyao.li@intel.com>, Tao Su <tao1.su@intel.com>,
Yi Lai <yi1.lai@intel.com>, Dapeng Mi <dapeng1.mi@intel.com>,
qemu-devel@nongnu.org, Zhao Liu <zhao1.liu@intel.com>,
Qian Wen <qian.wen@intel.com>,
qemu-stable@nongnu.org
Subject: [PATCH v2 5/7] i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16]
Date: Mon, 14 Jul 2025 16:08:57 +0800 [thread overview]
Message-ID: <20250714080859.1960104-6-zhao1.liu@intel.com> (raw)
In-Reply-To: <20250714080859.1960104-1-zhao1.liu@intel.com>
From: Qian Wen <qian.wen@intel.com>
The legacy topology enumerated by CPUID.1.EBX[23:16] is defined in SDM
Vol2:
Bits 23-16: Maximum number of addressable IDs for logical processors in
this physical package.
When threads_per_socket > 255, it will 1) overwrite bits[31:24] which is
apic_id, 2) bits [23:16] get truncated.
Specifically, if launching the VM with -smp 256, the value written to
EBX[23:16] is 0 because of data overflow. If the guest only supports
legacy topology, without V2 Extended Topology enumerated by CPUID.0x1f
or Extended Topology enumerated by CPUID.0x0b to support over 255 CPUs,
the return of the kernel invoking cpu_smt_allowed() is false and APs
(application processors) will fail to bring up. Then only CPU 0 is online,
and others are offline.
For example, launch VM via:
qemu-system-x86_64 -M q35,accel=kvm,kernel-irqchip=split \
-cpu qemu64,cpuid-0xb=off -smp 256 -m 32G \
-drive file=guest.img,if=none,id=virtio-disk0,format=raw \
-device virtio-blk-pci,drive=virtio-disk0,bootindex=1 --nographic
The guest shows:
CPU(s): 256
On-line CPU(s) list: 0
Off-line CPU(s) list: 1-255
To avoid this issue caused by overflow, limit the max value written to
EBX[23:16] to 255 as the HW does.
Cc: qemu-stable@nongnu.org
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Qian Wen <qian.wen@intel.com>
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
---
Changes Since New v1 [**]:
* Rebase.
Changes Since Original v4 [*]:
* Rebase on addressable ID fixup.
* Drop R/b tags since the code base changes.
[*] original v4: https://lore.kernel.org/qemu-devel/20230829042405.932523-2-qian.wen@intel.com/
[**]: new v1: https://lore.kernel.org/qemu-devel/20250227062523.124601-3-zhao1.liu@intel.com/
---
target/i386/cpu.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 7fcb6c144d94..67a371e23b22 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -7869,6 +7869,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
}
*edx = env->features[FEAT_1_EDX];
if (threads_per_pkg > 1) {
+ uint32_t num;
+
/*
* For CPUID.01H.EBX[Bits 23-16], AMD requires logical processor
* count, but Intel needs maximum number of addressable IDs for
@@ -7876,10 +7878,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count,
*/
if (cpu->vendor_cpuid_only_v2 &&
(IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env))) {
- *ebx |= 1 << apicid_pkg_offset(topo_info) << 16;
+ num = 1 << apicid_pkg_offset(topo_info);
} else {
- *ebx |= threads_per_pkg << 16;
+ num = threads_per_pkg;
}
+
+ /* Fixup overflow: max value for bits 23-16 is 255. */
+ *ebx |= MIN(num, 255) << 16;
}
break;
case 2: { /* cache info: needed for Pentium Pro compatibility */
--
2.34.1
next prev parent reply other threads:[~2025-07-14 8:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-14 8:08 [PATCH v2 0/7] i386/cpu: Clean Up Reserved CPUID Leaves & Topology Overflow Fix Zhao Liu
2025-07-14 8:08 ` [PATCH v2 1/7] i386/cpu: Mark EBX/ECX/EDX in CPUID 0x80000000 leaf as reserved for Intel Zhao Liu
2025-07-14 8:15 ` Xiaoyao Li
2025-07-14 8:08 ` [PATCH v2 2/7] i386/cpu: Mark CPUID 0x80000008 ECX bits[0:7] & [12:15] as reserved for Intel/Zhaoxin Zhao Liu
2025-07-14 8:27 ` Xiaoyao Li
2025-07-14 9:23 ` Zhao Liu
2025-07-14 8:08 ` [PATCH v2 3/7] i386/cpu: Reorder CPUID leaves in cpu_x86_cpuid() Zhao Liu
2025-07-14 8:08 ` [PATCH v2 4/7] i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16] Zhao Liu
2025-07-14 8:29 ` Xiaoyao Li
2025-07-16 15:31 ` Michael Tokarev
2025-07-17 3:06 ` Zhao Liu
2025-07-17 3:25 ` Michael Tokarev
2025-07-17 4:09 ` Zhao Liu
2025-07-14 8:08 ` Zhao Liu [this message]
2025-07-14 8:08 ` [PATCH v2 6/7] i386/cpu: Fix overflow of cache topology fields in CPUID.04H Zhao Liu
2025-07-14 8:08 ` [PATCH v2 7/7] i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] Zhao Liu
2025-07-14 14:51 ` Moger, Babu
2025-07-14 15:41 ` Zhao Liu
2025-07-14 15:25 ` Moger, Babu
2025-07-14 8:25 ` [PATCH v2 0/7] i386/cpu: Clean Up Reserved CPUID Leaves & Topology Overflow Fix Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250714080859.1960104-6-zhao1.liu@intel.com \
--to=zhao1.liu@intel.com \
--cc=berrange@redhat.com \
--cc=dapeng1.mi@intel.com \
--cc=ewanhai-oc@zhaoxin.com \
--cc=imammedo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=qian.wen@intel.com \
--cc=tao1.su@intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yi1.lai@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).