745717 – SEP flag is not exposed to guest, but is defined on CPU model config

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 745717 - SEP flag is not exposed to guest, but is defined on CPU model config

Summary: SEP flag is not exposed to guest, but is defined on CPU model config

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Eduardo Habkost
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	833129
TreeView+	depends on / blocked

Reported:	2011-10-13 07:48 UTC by Chao Yang
Modified:	2013-02-28 17:00 UTC (History)
CC List:	8 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.320.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-02-21 07:31:22 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2013:0527	0	normal	SHIPPED_LIVE	qemu-kvm bug fix and enhancement update	2013-02-20 21:51:08 UTC

Description Chao Yang 2011-10-13 07:48:58 UTC

Description of problem:
As summary described.

Version-Release number of selected component (if applicable):
# rpm -q qemu-kvm x86info
qemu-kvm-0.12.1.2-2.196.el6.x86_64
x86info-1.26_20101115-1.33.el6.x86_64
# uname -r
2.6.32-206.el6.x86_64
Guest kernel:
2.6.32-206.el6.i686

How reproducible:
100%

Steps to Reproduce:
1. boot a VM on an AMD host(bulldozer) with -cpu Opteron_G3,check -smp 8,cores=2,sockets=2,threads=2
2. check cpu flags in guest by x86info -a
  
Actual results:
some flags are not exposed, like sep

Expected results:


Additional info:
output of x86info on bulldozer host:
eax in: 0x00000001, eax = 00600f10 ebx = 07080800 ecx = 1e98220b edx = 178bfbff
eax in: 0x80000001, eax = 00600f10 ebx = 10000000 ecx = 01c9bfff edx = 2fd3fbff

Feature flags:
 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflsh mmx fxsr sse sse2 ht sse3 [1:ecx:1] mwait ssse3 cmpxchg16b sse4_1 [1:ecx:20] popcnt [1:ecx:25] [1:ecx:26] [1:ecx:27] [1:ecx:28]
Extended feature flags:
 fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 nx mmxext mmx fxsr ffxsr page1gb rdtscp lm lahf/sahf CmpLegacy svm ExtApicSpace LockMovCr0 abm sse4a misalignsse 3dnowPref osvw ibs [80000001:ecx:11] skinit wdt [80000001:ecx:15] [80000001:ecx:16] [80000001:ecx:19] [80000001:ecx:22] [80000001:ecx:23] [80000001:ecx:24]

output of x86info in guest:
eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80a02001 edx = 178bf3fd
eax in: 0x80000001, eax = 00000f61 ebx = 00000000 ecx = 000000e3 edx = 2193fbfd

Feature flags:
 fpu de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflsh mmx fxsr sse sse2 ht sse3 cmpxchg16b [1:ecx:21] popcnt [1:ecx:31]
Extended feature flags:
 fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 nx mmx fxsr lm lahf/sahf CmpLegacy abm sse4a misalignsse

output of -cpu ?dump
# /usr/libexec/qemu-kvm -cpu ?dump
x86       Opteron_G3  AMD Opteron 23xx (Gen 3 Class Opteron)          
  family 15 model 6 stepping 1 level 5 xlevel 0x80000008 vendor "AuthenticAMD"
  feature_edx 078bfbfd (sse2 sse fxsr mmx clflush pse36 pat cmov mca pge mtrr sep apic cx8 mce pae msr tsc pse de fpu)
  feature_ecx 00a02009 (popcnt x2apic cx16 monitor pni|sse3)
  extfeature_edx 2993fbfd (lm|i64 rdtscp fxsr mmx nx|xd pse36 pat cmov mca pge mtrr syscall apic cx8 mce pae msr tsc pse de fpu)
  extfeature_ecx 000000e5 (misalignsse sse4a abm svm lahf_lm)

----> 
feature_edx: 078bfbfd ^ 178bf3fd -> 10000e00(10000000 for ht)
feature_ecx: 80a02001 ^ 00a02009 -> 80000008(80000000 for hypervisor)
extfeature_edx: 2193fbfd ^ 2993fbfd -> 08000000
extfeature_ecx: 000000e3 ^ 000000e5 -> 00000006(00000002 for cmp_legacy)

Comment 2 Suqin Huang 2011-10-13 08:19:54 UTC

#define X86_FEATURE_SEP         (0*32+11) /* SYSENTER/SYSEXIT */

the cpuid of SEP is located in 0x00000001 EDX[11]

guest : eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80a02001 edx = 178bf3fd

host : eax in: 0x00000001, eax = 00600f10 ebx = 07080800 ecx = 1e98220b edx = 178bfbff

Comment 3 Chao Yang 2011-10-13 08:39:12 UTC

Tested on same host with G2 and G1 by: -cpu Opteron_G2/G1,check -smp
8,cores=2,sockets=2,threads=2:

---> for G2:
output of x86info in guest:
eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80202001 edx = 178bf3fd
eax in: 0x80000001, eax = 00000f61 ebx = 00000000 ecx = 00000003 edx = 2193fbfd
Feature flags:
 fpu de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflsh mmx
fxsr sse sse2 ht sse3 cmpxchg16b [1:ecx:21] [1:ecx:31]
Extended feature flags:
 fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 nx mmx
fxsr lm lahf/sahf CmpLegacy

feature_edx: 178bf3fd ^ 078bfbfd -> 10000e00(10000000 for ht)
feature_ecx: 80202001 ^ 00202001 -> 80000000(80000000 for hypervisor), this one
is good.
extfeature_edx: 2193fbfd ^ 2993fbfd -> 08000000
extfeature_ecx: 00000003 ^ 00000005 -> 00000006(00000002 for cmp_legacy)

---> for G1:
output of x86info in guest:
eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80200001 edx = 178bf3fd
eax in: 0x80000001, eax = 00000f61 ebx = 00000000 ecx = 00000002 edx = 2193fbfd
Feature flags:
 fpu de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflsh mmx
fxsr sse sse2 ht sse3 [1:ecx:21] [1:ecx:31]
Extended feature flags:
 fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 nx mmx
fxsr lm CmpLegacy


feature_edx: 178bf3fd ^ 078bfbfd -> 10000e00(10000000 for ht)
feature_ecx: 80200001 ^ 00200001 -> 80000000(80000000 for hypervisor), this one
is good.
extfeature_edx: 2193fbfd ^ 2193fbfd -> 00000000 , this one is good.
extfeature_ecx: 00000002 ^ 00000000 -> 00000002(00000002 for cmp_legacy), this
one is good.

Comment 12 FuXiangChun 2012-11-05 03:26:09 UTC

verify this issue with qemu-kvm-0.12.1.2-2.331.el6.x86_64 and kernel 2.6.32-337.el6.x86_64

SEP flag is still not exposed to guest.

check result inside guest
1. not find it from cpuinfo
2. register bit is 0 (location, Function01,EDX[11])
eax in: 0x00000001, eax = 00000f61 ebx = 01020800 ecx = 80a02001 edx = 178bf3fd

so, this bug is not fixed.

additional:
Bug 821741 will re-enable this flag.

Comment 13 Eduardo Habkost 2012-11-05 11:08:09 UTC

The bug is fixed in the other side of the equation. Not exposing the flag while it is in the CPU model config (or in the CPU model definition in the C code) is wrong, because it risks breaking migration.

This bug just changes the CPU model to _not_ include the SEP flag anymore (so migration keeps working even after SEP support is enabled in the host kernel.

So verification of this bug consists of:
- Checking if all CPU models in target-i386/cpuid.c lack the SEP flag
- Making sure the SEP flag doesn't change when migrating from a host without SEP to a host with SEP.

Comment 14 FuXiangChun 2012-11-06 15:20:07 UTC

verify this issue with qemu-kvm-0.12.1.2-2.331.el6.x86_64 

verify to steps:
 1. check source code in target-i386/cpuid.c 
 result: SEP flag is defined in this. does it work as design? 

  static const char *feature_name[] = {
    "fpu", "vme", "de", "pse",
    "tsc", "msr", "pae", "mce",
    "cx8", "apic", NULL, "sep",
    "mtrr", "pge", "mca", "cmov",
    "pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
    NULL, "ds" /* Intel dts */, "acpi", "mmx",
    "fxsr", "sse", "sse2", "ss",
    "ht" /* Intel htt */, "tm", "ia64", "pbe",
};
  
2.do migration from without SEP to a host with SEP
 one host kernel 2.6.32-310.el6.x86_64(not support sep flag), another host kernel 2.6.32-337.el6.x86_64(support sep flag)
cli
/usr/libexec/qemu-kvm -M rhel6.3.0 -cpu Opteron_G3 -enable-kvm -m 2G -smp 8,sockets=2,cores=2,threads=2,maxcpus=10 -usb -device usb-tablet,id=input0 -name openvsiwtch -uuid 9ed5a909-5c33-4bc0-960c-29ecfc61a502 -drive file=/root/openvswitch/mnt/rhel-6.4-2.qcow2,if=none,id=drive-scsi0-0-0,if=none,media=disk,cache=none,format=qcow2,werror=stop,aio=native -device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 -device scsi-hd,ver=mike,bus=scsi0.0,drive=drive-scsi0-0-0,id=scsi1 -spice port=5912,disable-ticketing -vga qxl -monitor stdio 

2. do migration
migration is successful, and host and guest work well.

Comment 15 Eduardo Habkost 2012-11-06 15:41:45 UTC

(In reply to comment #14)
> verify this issue with qemu-kvm-0.12.1.2-2.331.el6.x86_64 
> 
> verify to steps:
>  1. check source code in target-i386/cpuid.c 
>  result: SEP flag is defined in this. does it work as design? 
> 
>   static const char *feature_name[] = {
>     "fpu", "vme", "de", "pse",
>     "tsc", "msr", "pae", "mce",
>     "cx8", "apic", NULL, "sep",
>     "mtrr", "pge", "mca", "cmov",
>     "pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
>     NULL, "ds" /* Intel dts */, "acpi", "mmx",
>     "fxsr", "sse", "sse2", "ss",
>     "ht" /* Intel htt */, "tm", "ia64", "pbe",
> };

Its name is defined, but CPUID_SEP should not be present on the models on the builtin_x86_defs array.


>   
> 2.do migration from without SEP to a host with SEP
>  one host kernel 2.6.32-310.el6.x86_64(not support sep flag), another host
> kernel 2.6.32-337.el6.x86_64(support sep flag)
> cli
> /usr/libexec/qemu-kvm -M rhel6.3.0 -cpu Opteron_G3 -enable-kvm -m 2G -smp
> 8,sockets=2,cores=2,threads=2,maxcpus=10 -usb -device usb-tablet,id=input0
> -name openvsiwtch -uuid 9ed5a909-5c33-4bc0-960c-29ecfc61a502 -drive
> file=/root/openvswitch/mnt/rhel-6.4-2.qcow2,if=none,id=drive-scsi0-0-0,
> if=none,media=disk,cache=none,format=qcow2,werror=stop,aio=native -device
> virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 -device
> scsi-hd,ver=mike,bus=scsi0.0,drive=drive-scsi0-0-0,id=scsi1 -spice
> port=5912,disable-ticketing -vga qxl -monitor stdio 
> 
> 2. do migration
> migration is successful, and host and guest work well.

Thanks. It looks good. Please also check if the SEP flag is _not_ present on x86info before and after migration.

Comment 16 FuXiangChun 2012-11-07 03:37:07 UTC

eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80a02001 edx = 178bf3fd

eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80a02001 edx = 178bf3fd(In reply to comment #15)
> (In reply to comment #14)
> > verify this issue with qemu-kvm-0.12.1.2-2.331.el6.x86_64 
> > 
> > verify to steps:
> >  1. check source code in target-i386/cpuid.c 
> >  result: SEP flag is defined in this. does it work as design? 
> > 
> >   static const char *feature_name[] = {
> >     "fpu", "vme", "de", "pse",
> >     "tsc", "msr", "pae", "mce",
> >     "cx8", "apic", NULL, "sep",
> >     "mtrr", "pge", "mca", "cmov",
> >     "pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
> >     NULL, "ds" /* Intel dts */, "acpi", "mmx",
> >     "fxsr", "sse", "sse2", "ss",
> >     "ht" /* Intel htt */, "tm", "ia64", "pbe",
> > };
> 
> Its name is defined, but CPUID_SEP should not be present on the models on
> the builtin_x86_defs array.

Yes,CPUID_SEP don't present on the Opteron_G3 models. 
> 
> 
> >   
> > 2.do migration from without SEP to a host with SEP
> >  one host kernel 2.6.32-310.el6.x86_64(not support sep flag), another host
> > kernel 2.6.32-337.el6.x86_64(support sep flag)
> > cli
> > /usr/libexec/qemu-kvm -M rhel6.3.0 -cpu Opteron_G3 -enable-kvm -m 2G -smp
> > 8,sockets=2,cores=2,threads=2,maxcpus=10 -usb -device usb-tablet,id=input0
> > -name openvsiwtch -uuid 9ed5a909-5c33-4bc0-960c-29ecfc61a502 -drive
> > file=/root/openvswitch/mnt/rhel-6.4-2.qcow2,if=none,id=drive-scsi0-0-0,
> > if=none,media=disk,cache=none,format=qcow2,werror=stop,aio=native -device
> > virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 -device
> > scsi-hd,ver=mike,bus=scsi0.0,drive=drive-scsi0-0-0,id=scsi1 -spice
> > port=5912,disable-ticketing -vga qxl -monitor stdio 
> > 
> > 2. do migration
> > migration is successful, and host and guest work well.
> 
> Thanks. It looks good. Please also check if the SEP flag is _not_ present on
> x86info before and after migration.

Will get the same result before and after migration inside guest 
1.x86info -a -f 
eax in: 0x00000001, eax = 00000f61 ebx = 00040800 ecx = 80a02001 edx = 178bf3fd

Extended feature flags:
 fpu de pse tsc msr pae mce cx8 apic sep .....

2. not find SEP flag in /proc/cpuinfo

Summary.
1.register bit is 0 (location, Function01,EDX[11]) and not find SEP flag /proc/cpuinfo inside guest. 

2. can find SEP flag in Extended feature flags via x86info tool(I think x86info tool maybe inaccurate)

Comment 17 Eduardo Habkost 2012-11-07 10:21:40 UTC

(In reply to comment #16)
> eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80a02001 edx =
> 178bf3fd
> 
> eax in: 0x00000001, eax = 00000f61 ebx = 07040800 ecx = 80a02001 edx =
> 178bf3fd(In reply to comment #15)
> > (In reply to comment #14)
> > > verify this issue with qemu-kvm-0.12.1.2-2.331.el6.x86_64 
> > > 
> > > verify to steps:
> > >  1. check source code in target-i386/cpuid.c 
> > >  result: SEP flag is defined in this. does it work as design? 
> > > 
> > >   static const char *feature_name[] = {
> > >     "fpu", "vme", "de", "pse",
> > >     "tsc", "msr", "pae", "mce",
> > >     "cx8", "apic", NULL, "sep",
> > >     "mtrr", "pge", "mca", "cmov",
> > >     "pat", "pse36", "pn" /* Intel psn */, "clflush" /* Intel clfsh */,
> > >     NULL, "ds" /* Intel dts */, "acpi", "mmx",
> > >     "fxsr", "sse", "sse2", "ss",
> > >     "ht" /* Intel htt */, "tm", "ia64", "pbe",
> > > };
> > 
> > Its name is defined, but CPUID_SEP should not be present on the models on
> > the builtin_x86_defs array.
> 
> Yes,CPUID_SEP don't present on the Opteron_G3 models. 

Good.


> > 
> > 
> > >   
> > > 2.do migration from without SEP to a host with SEP
> > >  one host kernel 2.6.32-310.el6.x86_64(not support sep flag), another host
> > > kernel 2.6.32-337.el6.x86_64(support sep flag)
> > > cli
> > > /usr/libexec/qemu-kvm -M rhel6.3.0 -cpu Opteron_G3 -enable-kvm -m 2G -smp
> > > 8,sockets=2,cores=2,threads=2,maxcpus=10 -usb -device usb-tablet,id=input0
> > > -name openvsiwtch -uuid 9ed5a909-5c33-4bc0-960c-29ecfc61a502 -drive
> > > file=/root/openvswitch/mnt/rhel-6.4-2.qcow2,if=none,id=drive-scsi0-0-0,
> > > if=none,media=disk,cache=none,format=qcow2,werror=stop,aio=native -device
> > > virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 -device
> > > scsi-hd,ver=mike,bus=scsi0.0,drive=drive-scsi0-0-0,id=scsi1 -spice
> > > port=5912,disable-ticketing -vga qxl -monitor stdio 
> > > 
> > > 2. do migration
> > > migration is successful, and host and guest work well.
> > 
> > Thanks. It looks good. Please also check if the SEP flag is _not_ present on
> > x86info before and after migration.
> 
> Will get the same result before and after migration inside guest 
> 1.x86info -a -f 
> eax in: 0x00000001, eax = 00000f61 ebx = 00040800 ecx = 80a02001 edx =
> 178bf3fd

That's good. SEP is really disabled, then.

> 
> Extended feature flags:
>  fpu de pse tsc msr pae mce cx8 apic sep .....
> 
> 2. not find SEP flag in /proc/cpuinfo
> 
> Summary.
> 1.register bit is 0 (location, Function01,EDX[11]) and not find SEP flag
> /proc/cpuinfo inside guest. 

True. That's the expected result.

> 
> 2. can find SEP flag in Extended feature flags via x86info tool(I think
> x86info tool maybe inaccurate)

That's really weird. I had to check the x86info source code to understand it. It is on the "extended feature flags" section, that's for CPUID leaf 0x80000001. The actual flag on 0x80000001.EDX[11] is "SysCallSysRet" (and it was supposed to be enabled), but x86info displays it as "sep". So it's a x86info bug.

Comment 18 FuXiangChun 2012-11-08 01:38:57 UTC

According to comment 12 ~comment 17, I think this bug is fixed.

Comment 19 FuXiangChun 2012-11-08 06:58:46 UTC

Eduardo,
   Just tested Opteron_G5 on Seoul host, I found CPUID_SEP flag is defined on Opteron_G5 model in target-i386/cpuid.c, and it can be exposed to guest. I'am not sure if SEP flag should be defined and exposed to guest for G5? Since Bug 821741( will re-enable this flag) is still new status.

Comment 20 Eduardo Habkost 2012-11-08 10:45:39 UTC

(In reply to comment #19)
> Eduardo,
>    Just tested Opteron_G5 on Seoul host, I found CPUID_SEP flag is defined
> on Opteron_G5 model in target-i386/cpuid.c, and it can be exposed to guest.
> I'am not sure if SEP flag should be defined and exposed to guest for G5?
> Since Bug 821741( will re-enable this flag) is still new status.

Good catch, thanks for spotting it! I was going to say this is a real bug. But: as bug 821463 is now fixed in the kernel (so SEP can be enabled) and there's no Opteron_G5 on RHEL-6.3, there are no RHEL-6.3<->RHEL-6.4 compatibility issues to be taken care of, on Opteron_G5, so we can safely enable SEP on Opteron_G5 since the beginning.

So, please also check if the SEP flag is enabled on guest when using Opteron_G5 (before and after migration), but only using the rhel6.4.0 machine-type.

Comment 21 FuXiangChun 2012-11-12 03:07:13 UTC

Boot rhel6.4 guest with Opteron_G5 and rhel6.4.0 machine-type, then do migration.

result:
The SEP flag is always enabled on guest(before and after migration).

Comment 23 errata-xmlrpc 2013-02-21 07:31:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0527.html

Note You need to log in before you can comment on or make changes to this bug.