Skip to content

Commit f751d8e

Browse files
bonzinibonzini
committed
KVM: x86: work around QEMU issue with synthetic CPUID leaves
Synthesizing AMD leaves up to 0x80000021 caused problems with QEMU, which assumes the *host* CPUID[0x80000000].EAX is higher or equal to what KVM_GET_SUPPORTED_CPUID reports. This causes QEMU to issue bogus host CPUIDs when preparing the input to KVM_SET_CPUID2. It can even get into an infinite loop, which is only terminated by an abort(): cpuid_data is full, no space for cpuid(eax:0x8000001d,ecx:0x3e) To work around this, only synthesize those leaves if 0x8000001d exists on the host. The synthetic 0x80000021 leaf is mostly useful on Zen2, which satisfies the condition. Fixes: f144c49 ("KVM: x86: synthesize CPUID leaf 0x80000021h if useful") Reported-by: Maxim Levitsky <mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent 643d95a commit f751d8e

File tree

1 file changed

+14
-5
lines changed

1 file changed

+14
-5
lines changed

arch/x86/kvm/cpuid.c

Lines changed: 14 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1085,12 +1085,21 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
10851085
case 0x80000000:
10861086
entry->eax = min(entry->eax, 0x80000021);
10871087
/*
1088-
* Serializing LFENCE is reported in a multitude of ways,
1089-
* and NullSegClearsBase is not reported in CPUID on Zen2;
1090-
* help userspace by providing the CPUID leaf ourselves.
1088+
* Serializing LFENCE is reported in a multitude of ways, and
1089+
* NullSegClearsBase is not reported in CPUID on Zen2; help
1090+
* userspace by providing the CPUID leaf ourselves.
1091+
*
1092+
* However, only do it if the host has CPUID leaf 0x8000001d.
1093+
* QEMU thinks that it can query the host blindly for that
1094+
* CPUID leaf if KVM reports that it supports 0x8000001d or
1095+
* above. The processor merrily returns values from the
1096+
* highest Intel leaf which QEMU tries to use as the guest's
1097+
* 0x8000001d. Even worse, this can result in an infinite
1098+
* loop if said highest leaf has no subleaves indexed by ECX.
10911099
*/
1092-
if (static_cpu_has(X86_FEATURE_LFENCE_RDTSC)
1093-
|| !static_cpu_has_bug(X86_BUG_NULL_SEG))
1100+
if (entry->eax >= 0x8000001d &&
1101+
(static_cpu_has(X86_FEATURE_LFENCE_RDTSC)
1102+
|| !static_cpu_has_bug(X86_BUG_NULL_SEG)))
10941103
entry->eax = max(entry->eax, 0x80000021);
10951104
break;
10961105
case 0x80000001:

0 commit comments

Comments
 (0)