Bug 832486

Summary: KVM: make GET_SUPPORTED_CPUID whitelist-based
Product: Red Hat Enterprise Linux 6 Reporter: Eduardo Habkost <ehabkost>
Component: kernelAssignee: Eduardo Habkost <ehabkost>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.5CC: juzhang, michen, shuang, tburke, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-2.6.32-288.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 06:23:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 691638, 833129    

Description Eduardo Habkost 2012-06-15 14:16:48 UTC 
Description of problem:
KVM GET_SUPPORTED_CPUID is blacklist-based, meaning that unknown CPUID nodes return the host CPUID data directly, without any filtering. For an example where this have caused problems, see Bug 808346.

We need to backport the following upstream commit:

commit 24c82e576b7860a4f02a21103e9df39e11e97006
Author: Avi Kivity <avi>
Date:   Wed May 18 05:56:07 2011 -0400

    KVM: Sanitize cpuid
    
    Instead of blacklisting known-unsupported cpuid leaves, whitelist known-
    supported leaves.  This is more conservative and prevents us from reporting
    features we don't support.  Also whitelist a few more leaves while at it.
    
    Signed-off-by: Avi Kivity <avi>
    Acked-by: Joerg Roedel <joerg.roedel>
    Signed-off-by: Marcelo Tosatti <mtosatti>
Comment 2 RHEL Program Management 2012-07-10 06:40:38 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 3 Suqin Huang 2012-07-11 05:00:45 UTC 
Hi Eduardo,
How can I check the unknown CPUID nodes is filtered with new patch.

the cpuid leaf info is the same w/o this patch.

without:

eax in: 0x00000000, eax = 0000000d ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000206a1 ebx = 03040800 ecx = 9eb82203 edx = 178bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 0c000121 ebx = 01c0003f ecx = 0000003f edx = 00000001
eax in: 0x00000005, eax = 00000000 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x00000006, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000008, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000a, eax = 07300802 ebx = 00000000 ecx = 00000000 edx = 00000603
eax in: 0x0000000b, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000c, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000d, eax = 00000007 ebx = 00000340 ecx = 00000340 edx = 00000000

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000206a1 ebx = 00000000 ecx = 00000001 edx = 20100800
eax in: 0x80000002, eax = 65746e49 ebx = 6558206c ecx = 45206e6f edx = 78323133
eax in: 0x80000003, eax = 53282078 ebx = 79646e61 ecx = 69724220 edx = 29656764
eax in: 0x80000004, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000

with:

eax in: 0x00000000, eax = 0000000d ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000206a1 ebx = 03040800 ecx = 9eb82203 edx = 178bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 0c000121 ebx = 01c0003f ecx = 0000003f edx = 00000001
eax in: 0x00000005, eax = 00000000 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x00000006, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000008, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000a, eax = 07300802 ebx = 00000000 ecx = 00000000 edx = 00000603
eax in: 0x0000000b, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000c, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000d, eax = 00000007 ebx = 00000340 ecx = 00000340 edx = 00000000

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000206a1 ebx = 00000000 ecx = 00000001 edx = 20100800
eax in: 0x80000002, eax = 65746e49 ebx = 6558206c ecx = 45206e6f edx = 78323133
eax in: 0x80000003, eax = 53282078 ebx = 79646e61 ecx = 69724220 edx = 29656764
eax in: 0x80000004, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000
Comment 4 Eduardo Habkost 2012-07-11 10:43:48 UTC 
(In reply to comment #3)
> Hi Eduardo,
> How can I check the unknown CPUID nodes is filtered with new patch.
> 
> the cpuid leaf info is the same w/o this patch.

Actually, this is exactly what should happen: no guest-visible changes should result at all, if running the current qemu-kvm version.

This bug is about changing the code to be future-proof, so QEMU code can reliably check if any new CPUID leaf is really available if we add support to new CPUID leaves, to avoid bugs similar to what happened at bug 808346. But all CPUID leaves affected by this patch are not exposed directly to the guest by the current QEMU code.

So, you have two possible approaches for verifying the bug:

1) Simply checking if there are no resulting guest-visible CPUID changes, running x86info in the guest like you did (preferably testing multiple CPU models).

2) If you are willing to write some code, you could write a small C program that calls the GET_SUPPORTED_CPUID KVM ioctl(), and check if the differences match what's expected according to the table in the patch description.
Comment 6 Jarod Wilson 2012-07-23 17:38:04 UTC 
Patch(es) available on kernel-2.6.32-288.el6
Comment 9 FuXiangChun 2012-12-31 05:24:22 UTC 
verify this issue with guest kernel 2.6.32-348.el6.x86_64 and kernel 2.6.32-348.el6.x86_64, and qemu-kvm-0.12.1.2-2.344.el6.x86_64
compare result of x86info.
 
kernel 2.6.32-348.el6.x86_64
-cpu SandyBridge
eax in: 0x00000000, eax = 0000000d ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000206a1 ebx = 01000800 ecx = 9fb82203 edx = 078bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 00000121 ebx = 01c0003f ecx = 0000003f edx = 00000001
eax in: 0x00000005, eax = 00000000 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x00000006, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000008, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000a, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000b, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000c, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000d, eax = 00000007 ebx = 00000340 ecx = 00000340 edx = 00000000

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000206a1 ebx = 00000000 ecx = 00000001 edx = 20100800
eax in: 0x80000002, eax = 65746e49 ebx = 6558206c ecx = 45206e6f edx = 78323133
eax in: 0x80000003, eax = 53282078 ebx = 79646e61 ecx = 69724220 edx = 29656764
eax in: 0x80000004, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000



Westmere
eax in: 0x00000000, eax = 0000000b ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000206c1 ebx = 01000800 ecx = 82b82201 edx = 078bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 00000121 ebx = 01c0003f ecx = 0000003f edx = 00000001
eax in: 0x00000005, eax = 00000000 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x00000006, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000008, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000a, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000b, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000206c1 ebx = 00000000 ecx = 00000001 edx = 2191abfd
eax in: 0x80000002, eax = 74736557 ebx = 6572656d ecx = 36354520 edx = 4c2f7878
eax in: 0x80000003, eax = 78783635 ebx = 3635582f ecx = 28207878 edx = 6168654e
eax in: 0x80000004, eax = 2d6d656c ebx = 00002943 ecx = 00000000 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000

Nehalem

eax in: 0x00000000, eax = 00000004 ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000106a3 ebx = 01000800 ecx = 80b82201 edx = 078bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 00000121 ebx = 01c0003f ecx = 0000003f edx = 00000001

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000106a3 ebx = 00000000 ecx = 00000001 edx = 20100800
eax in: 0x80000002, eax = 65746e49 ebx = 6f43206c ecx = 69206572 edx = 78392037
eax in: 0x80000003, eax = 4e282078 ebx = 6c616865 ecx = 43206d65 edx = 7373616c
eax in: 0x80000004, eax = 726f4320 ebx = 37692065 ecx = 00000029 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000


kernel 2.6.32-348.el6.x86_64

Nehalem
eax in: 0x00000000, eax = 00000004 ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000106a3 ebx = 01000800 ecx = 80b82201 edx = 078bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 00000121 ebx = 01c0003f ecx = 0000003f edx = 00000001

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000106a3 ebx = 00000000 ecx = 00000001 edx = 20100800
eax in: 0x80000002, eax = 65746e49 ebx = 6f43206c ecx = 69206572 edx = 78392037
eax in: 0x80000003, eax = 4e282078 ebx = 6c616865 ecx = 43206d65 edx = 7373616c
eax in: 0x80000004, eax = 726f4320 ebx = 37692065 ecx = 00000029 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000

Westmere

eax in: 0x00000000, eax = 0000000b ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000206c1 ebx = 01000800 ecx = 82b82201 edx = 078bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 00000121 ebx = 01c0003f ecx = 0000003f edx = 00000001
eax in: 0x00000005, eax = 00000000 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x00000006, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000008, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000a, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000b, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000206c1 ebx = 00000000 ecx = 00000001 edx = 2191abfd
eax in: 0x80000002, eax = 74736557 ebx = 6572656d ecx = 36354520 edx = 4c2f7878
eax in: 0x80000003, eax = 78783635 ebx = 3635582f ecx = 28207878 edx = 6168654e
eax in: 0x80000004, eax = 2d6d656c ebx = 00002943 ecx = 00000000 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000

SandyBridge
eax in: 0x00000000, eax = 0000000d ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x00000001, eax = 000206a1 ebx = 01000800 ecx = 9fb82203 edx = 078bf3fd
eax in: 0x00000002, eax = 00000001 ebx = 00000000 ecx = 00000000 edx = 002c307d
eax in: 0x00000003, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000004, eax = 00000121 ebx = 01c0003f ecx = 0000003f edx = 00000001
eax in: 0x00000005, eax = 00000000 ebx = 00000000 ecx = 00000003 edx = 00000000
eax in: 0x00000006, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000008, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x00000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000a, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000b, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000c, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x0000000d, eax = 00000007 ebx = 00000340 ecx = 00000340 edx = 00000000

eax in: 0x80000000, eax = 8000000a ebx = 756e6547 ecx = 6c65746e edx = 49656e69
eax in: 0x80000001, eax = 000206a1 ebx = 00000000 ecx = 00000001 edx = 20100800
eax in: 0x80000002, eax = 65746e49 ebx = 6558206c ecx = 45206e6f edx = 78323133
eax in: 0x80000003, eax = 53282078 ebx = 79646e61 ecx = 69724220 edx = 29656764
eax in: 0x80000004, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000005, eax = 01ff01ff ebx = 01ff01ff ecx = 40020140 edx = 40020140
eax in: 0x80000006, eax = 00000000 ebx = 42004200 ecx = 02008140 edx = 00000000
eax in: 0x80000007, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000008, eax = 00003024 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x80000009, eax = 00000000 ebx = 00000000 ecx = 00000000 edx = 00000000
eax in: 0x8000000a, eax = 00000001 ebx = 00000010 ecx = 00000000 edx = 00000000


since their result are the same, according to comment4, this bug should be fixed. if I am wrong please correct me.
Comment 10 juzhang 2013-01-04 05:01:23 UTC 
According to comment9, set this issue as verified.
Comment 12 errata-xmlrpc 2013-02-21 06:23:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0496.html