* Re: [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type
[not found] ` <20190312085502.8203-13-david@gibson.dropbear.id.au>
@ 2019-06-28 11:27 ` Philippe Mathieu-Daudé
2019-06-28 11:49 ` Laurent Vivier
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-06-28 11:27 UTC (permalink / raw)
To: David Gibson, peter.maydell
Cc: lvivier, qemu-devel, groug, qemu-ppc, clg, Suraj Jitindar Singh
Hi,
On 3/12/19 9:54 AM, David Gibson wrote:
> From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>
> There are currently 3 mitigations the availability of which is controlled
> by the spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these
> mitigations by default for the pseries-4.0 machine type.
>
> By now machine firmware should have been upgraded to allow these
> settings.
>
> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Message-Id: <20190301044609.9626-3-sjitindarsingh@gmail.com>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
> ---
> hw/ppc/spapr.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
> index 37fd7a1411..946bbcf9ee 100644
> --- a/hw/ppc/spapr.c
> +++ b/hw/ppc/spapr.c
> @@ -4307,9 +4307,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
> smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
> smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
> smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
> - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
> - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
> - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_WORKAROUND;
> smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
> smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
> @@ -4389,6 +4389,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc)
> mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
> smc->update_dt_enabled = false;
> smc->dr_phb_enabled = false;
> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
> }
While trying auto-bisection for LP#1834613 [*] I found this commit break
clean bisection.
./configure --enable-debug
$ qemu-system-ppc64 \
-kernel vmlinuz-vanilla \
-nographic -serial null
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-cfpc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-sbbc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ibs=workaround
Opcode 13 10 10 00 (4c400420) leaked temporaries
More verbose log:
$ qemu-system-ppc64 \
-kernel vmlinuz-vanilla \
-nographic -append "console=hvc0" \
-d guest_errors,in_asm
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-cfpc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-sbbc=workaround
qemu-system-ppc64: warning: TCG doesn't support requested feature,
cap-ibs=workaround
SLOF **********************************************************************
QEMU Starting
Build Date = Jan 14 2019 18:00:39
FW Version = git-a5b428e1c1eae703
Press "s" to enter Open Firmware.
[...]
--------------
IN: __switch_to
0xc00000000001aac0: 60000000 nop
0xc00000000001aac4: 7f44d378 mr r4, r26
0xc00000000001aac8: 7f23cb78 mr r3, r25
0xc00000000001aacc: 4bff3235 bl 0xdd00
----------------
IN: _switch
0xc00000000000dd00: 7c0802a6 mflr r0
0xc00000000000dd04: f8010010 std r0, 0x10(r1)
0xc00000000000dd08: f821fe31 stdu r1, -0x1d0(r1)
0xc00000000000dd0c: f9c100e0 std r14, 0xe0(r1)
0xc00000000000dd10: f9e100e8 std r15, 0xe8(r1)
0xc00000000000dd14: fa0100f0 std r16, 0xf0(r1)
0xc00000000000dd18: fa2100f8 std r17, 0xf8(r1)
0xc00000000000dd1c: fa410100 std r18, 0x100(r1)
0xc00000000000dd20: fa610108 std r19, 0x108(r1)
0xc00000000000dd24: fa810110 std r20, 0x110(r1)
0xc00000000000dd28: faa10118 std r21, 0x118(r1)
0xc00000000000dd2c: fac10120 std r22, 0x120(r1)
0xc00000000000dd30: fae10128 std r23, 0x128(r1)
0xc00000000000dd34: fb010130 std r24, 0x130(r1)
0xc00000000000dd38: fb210138 std r25, 0x138(r1)
0xc00000000000dd3c: fb410140 std r26, 0x140(r1)
0xc00000000000dd40: fb610148 std r27, 0x148(r1)
0xc00000000000dd44: fb810150 std r28, 0x150(r1)
0xc00000000000dd48: fba10158 std r29, 0x158(r1)
0xc00000000000dd4c: fbc10160 std r30, 0x160(r1)
0xc00000000000dd50: fbe10168 std r31, 0x168(r1)
0xc00000000000dd54: f8010170 std r0, 0x170(r1)
0xc00000000000dd58: 7ee00026 mfcr r23
0xc00000000000dd5c: fae101a0 std r23, 0x1a0(r1)
0xc00000000000dd60: f8230000 std r1, 0(r3)
0xc00000000000dd64: 4bffdb3d bl 0xb8a0
----------------
IN: ret_from_kernel_thread
0xc00000000000b8a0: 7d2802a6 mflr r9
0xc00000000000b8a4: 48000005 bl 0xb8a8
----------------
IN: ret_from_kernel_thread
0xc00000000000b8a8: 48000005 bl 0xb8ac
----------------
IN: ret_from_kernel_thread
0xc00000000000b8ac: 48000005 bl 0xb8b0
----------------
IN: ret_from_kernel_thread
0xc00000000000b8b0: 48000005 bl 0xb8b4
----------------
IN: ret_from_kernel_thread
0xc00000000000b8b4: 48000005 bl 0xb8b8
----------------
IN: ret_from_kernel_thread
0xc00000000000b8b8: 48000005 bl 0xb8bc
----------------
IN: ret_from_kernel_thread
0xc00000000000b8bc: 48000005 bl 0xb8c0
----------------
IN: ret_from_kernel_thread
0xc00000000000b8c0: 48000005 bl 0xb8c4
----------------
IN: ret_from_kernel_thread
0xc00000000000b8c4: 48000005 bl 0xb8c8
----------------
IN: ret_from_kernel_thread
0xc00000000000b8c8: 48000005 bl 0xb8cc
----------------
IN: ret_from_kernel_thread
0xc00000000000b8cc: 48000005 bl 0xb8d0
----------------
IN: ret_from_kernel_thread
0xc00000000000b8d0: 48000005 bl 0xb8d4
----------------
IN: ret_from_kernel_thread
0xc00000000000b8d4: 48000005 bl 0xb8d8
----------------
IN: ret_from_kernel_thread
0xc00000000000b8d8: 48000005 bl 0xb8dc
----------------
IN: ret_from_kernel_thread
0xc00000000000b8dc: 48000005 bl 0xb8e0
----------------
IN: ret_from_kernel_thread
0xc00000000000b8e0: 48000005 bl 0xb8e4
----------------
IN: ret_from_kernel_thread
0xc00000000000b8e4: 48000005 bl 0xb8e8
----------------
IN: ret_from_kernel_thread
0xc00000000000b8e8: 48000005 bl 0xb8ec
----------------
IN: ret_from_kernel_thread
0xc00000000000b8ec: 48000005 bl 0xb8f0
----------------
IN: ret_from_kernel_thread
0xc00000000000b8f0: 48000005 bl 0xb8f4
----------------
IN: ret_from_kernel_thread
0xc00000000000b8f4: 48000005 bl 0xb8f8
----------------
IN: ret_from_kernel_thread
0xc00000000000b8f8: 48000005 bl 0xb8fc
----------------
IN: ret_from_kernel_thread
0xc00000000000b8fc: 48000005 bl 0xb900
----------------
IN: ret_from_kernel_thread
0xc00000000000b900: 48000005 bl 0xb904
----------------
IN: ret_from_kernel_thread
0xc00000000000b904: 48000005 bl 0xb908
----------------
IN: ret_from_kernel_thread
0xc00000000000b908: 48000005 bl 0xb90c
----------------
IN: ret_from_kernel_thread
0xc00000000000b90c: 48000005 bl 0xb910
----------------
IN: ret_from_kernel_thread
0xc00000000000b910: 48000005 bl 0xb914
----------------
IN: ret_from_kernel_thread
0xc00000000000b914: 48000005 bl 0xb918
----------------
IN: ret_from_kernel_thread
0xc00000000000b918: 48000005 bl 0xb91c
----------------
IN: ret_from_kernel_thread
0xc00000000000b91c: 48000005 bl 0xb920
----------------
IN: ret_from_kernel_thread
0xc00000000000b920: 48000005 bl 0xb924
----------------
IN: ret_from_kernel_thread
0xc00000000000b924: 48000005 bl 0xb928
----------------
IN: ret_from_kernel_thread
0xc00000000000b928: 48000005 bl 0xb92c
----------------
IN: ret_from_kernel_thread
0xc00000000000b92c: 48000005 bl 0xb930
----------------
IN: ret_from_kernel_thread
0xc00000000000b930: 48000005 bl 0xb934
----------------
IN: ret_from_kernel_thread
0xc00000000000b934: 48000005 bl 0xb938
----------------
IN: ret_from_kernel_thread
0xc00000000000b938: 48000005 bl 0xb93c
----------------
IN: ret_from_kernel_thread
0xc00000000000b93c: 48000005 bl 0xb940
----------------
IN: ret_from_kernel_thread
0xc00000000000b940: 48000005 bl 0xb944
----------------
IN: ret_from_kernel_thread
0xc00000000000b944: 48000005 bl 0xb948
----------------
IN: ret_from_kernel_thread
0xc00000000000b948: 48000005 bl 0xb94c
----------------
IN: ret_from_kernel_thread
0xc00000000000b94c: 48000005 bl 0xb950
----------------
IN: ret_from_kernel_thread
0xc00000000000b950: 48000005 bl 0xb954
----------------
IN: ret_from_kernel_thread
0xc00000000000b954: 48000005 bl 0xb958
----------------
IN: ret_from_kernel_thread
0xc00000000000b958: 48000005 bl 0xb95c
----------------
IN: ret_from_kernel_thread
0xc00000000000b95c: 48000005 bl 0xb960
----------------
IN: ret_from_kernel_thread
0xc00000000000b960: 48000005 bl 0xb964
----------------
IN: ret_from_kernel_thread
0xc00000000000b964: 48000005 bl 0xb968
----------------
IN: ret_from_kernel_thread
0xc00000000000b968: 48000005 bl 0xb96c
----------------
IN: ret_from_kernel_thread
0xc00000000000b96c: 48000005 bl 0xb970
----------------
IN: ret_from_kernel_thread
0xc00000000000b970: 48000005 bl 0xb974
----------------
IN: ret_from_kernel_thread
0xc00000000000b974: 48000005 bl 0xb978
----------------
IN: ret_from_kernel_thread
0xc00000000000b978: 48000005 bl 0xb97c
----------------
IN: ret_from_kernel_thread
0xc00000000000b97c: 48000005 bl 0xb980
----------------
IN: ret_from_kernel_thread
0xc00000000000b980: 48000005 bl 0xb984
----------------
IN: ret_from_kernel_thread
0xc00000000000b984: 48000005 bl 0xb988
----------------
IN: ret_from_kernel_thread
0xc00000000000b988: 48000005 bl 0xb98c
----------------
IN: ret_from_kernel_thread
0xc00000000000b98c: 48000005 bl 0xb990
----------------
IN: ret_from_kernel_thread
0xc00000000000b990: 48000005 bl 0xb994
----------------
IN: ret_from_kernel_thread
0xc00000000000b994: 48000005 bl 0xb998
----------------
IN: ret_from_kernel_thread
0xc00000000000b998: 48000005 bl 0xb99c
----------------
IN: ret_from_kernel_thread
0xc00000000000b99c: 48000005 bl 0xb9a0
----------------
IN: ret_from_kernel_thread
0xc00000000000b9a0: 48000005 bl 0xb9a4
----------------
IN: ret_from_kernel_thread
0xc00000000000b9a4: 4800001c b 0xb9c0
Opcode 13 10 10 00 (4c400420) leaked temporaries
----------------
IN: ret_from_kernel_thread
0xc00000000000b9c0: 7d2803a6 mtlr r9
0xc00000000000b9c4: 39207fff li r9, 0x7fff
0xc00000000000b9c8: 7d2903a6 mtctr r9
0xc00000000000b9cc: 4c400420 bdzfctr lt
----------------
IN: __start
0xc000000000004700: 7db243a6 mtspr 0x112, r13
0xc000000000004704: 7db142a6 mfspr r13, 0x111
0xc000000000004708: f92d0080 std r9, 0x80(r13)
0xc00000000000470c: 7d20e2a6 mfspr r9, 0x380
0xc000000000004710: 7c421378 mr r2, r2
[...]
----------------
IN: __start
0xc000000000008efc: 894d097b lbz r10, 0x97b(r13)
0xc000000000008f00: 39600001 li r11, 1
0xc000000000008f04: 614a0001 ori r10, r10, 1
0xc000000000008f08: 996d097a stb r11, 0x97a(r13)
0xc000000000008f0c: 994d097b stb r10, 0x97b(r13)
0xc000000000008f10: 38610070 addi r3, r1, 0x70
0xc000000000008f14: 48019585 bl 0x22498
----------------
IN: program_check_exception
0xc000000000022498: 7c0802a6 mflr r0
0xc00000000002249c: fbc1fff0 std r30, -0x10(r1)
0xc0000000000224a0: fbe1fff8 std r31, -8(r1)
0xc0000000000224a4: 7c7f1b78 mr r31, r3
0xc0000000000224a8: f8010010 std r0, 0x10(r1)
0xc0000000000224ac: f821ff91 stdu r1, -0x70(r1)
0xc0000000000224b0: e9230108 ld r9, 0x108(r3)
0xc0000000000224b4: 793e0020 clrldi r30, r9, 0x20
0xc0000000000224b8: 77ca0010 andis. r10, r30, 0x10
0xc0000000000224bc: 418200a4 beq 0x22560
----------------
IN: program_check_exception
0xc000000000022560: 77ca0002 andis. r10, r30, 2
0xc000000000022564: 418200f4 beq 0x22658
----------------
IN: program_check_exception
0xc000000000022658: 77ca0020 andis. r10, r30, 0x20
0xc00000000002265c: 4182004c beq 0x226a8
----------------
IN: program_check_exception
0xc0000000000226a8: e93f0108 ld r9, 0x108(r31)
0xc0000000000226ac: 71294000 andi. r9, r9, 0x4000
0xc0000000000226b0: 41820074 beq 0x22724
----------------
IN: program_check_exception
0xc000000000022724: 77c90004 andis. r9, r30, 4
0xc000000000022728: e8df0100 ld r6, 0x100(r31)
0xc00000000002272c: 38a00005 li r5, 5
0xc000000000022730: 4082ff40 bne 0x22670
----------------
IN: program_check_exception
0xc000000000022734: 38a00001 li r5, 1
0xc000000000022738: 4bffff38 b 0x22670
----------------
IN: program_check_exception
0xc000000000022670: 7fe4fb78 mr r4, r31
0xc000000000022674: 38600004 li r3, 4
0xc000000000022678: 4bfffed0 b 0x22548
----------------
IN: program_check_exception
0xc000000000022548: 38210070 addi r1, r1, 0x70
0xc00000000002254c: e8010010 ld r0, 0x10(r1)
0xc000000000022550: ebc1fff0 ld r30, -0x10(r1)
0xc000000000022554: ebe1fff8 ld r31, -8(r1)
0xc000000000022558: 7c0803a6 mtlr r0
0xc00000000002255c: 4bfffe4c b 0x223a8
----------------
IN: _exception
0xc0000000000223a8: 38e00000 li r7, 0
0xc0000000000223ac: 4bffffd4 b 0x22380
----------------
IN: _exception_pkey
0xc000000000022380: e9240108 ld r9, 0x108(r4)
0xc000000000022384: 71294000 andi. r9, r9, 0x4000
0xc000000000022388: 40820014 bne 0x2239c
----------------
IN: _exception_pkey
0xc00000000002238c: 7c651b78 mr r5, r3
0xc000000000022390: 3c62ffd4 addis r3, r2, -0x2c
0xc000000000022394: 3863467e addi r3, r3, 0x467e
0xc000000000022398: 4bfffc6c b 0x22004
----------------
IN: die
0xc000000000022004: 7c0802a6 mflr r0
0xc000000000022008: 48732b19 bl 0x754b20
----------------
IN: die
0xc00000000002200c: f821ffc1 stdu r1, -0x40(r1)
0xc000000000022010: 7c7c1b78 mr r28, r3
0xc000000000022014: 7c9f2378 mr r31, r4
0xc000000000022018: 7cbe2b78 mr r30, r5
0xc00000000002201c: e9240140 ld r9, 0x140(r4)
0xc000000000022020: 792906e4 rldicr r9, r9, 0, 0x3b
0xc000000000022024: 2fa90100 cmpdi cr7, r9, 0x100
0xc000000000022028: 409e0058 bne cr7, 0x22080
----------------
IN: die
0xc000000000022080: 3d220003 addis r9, r2, 3
0xc000000000022084: e9291d38 ld r9, 0x1d38(r9)
0xc000000000022088: 2fa90000 cmpdi cr7, r9, 0
0xc00000000002208c: 419effa0 beq cr7, 0x2202c
----------------
IN: die
0xc00000000002202c: 7fe3fb78 mr r3, r31
0xc000000000022030: 4bfff74d bl 0x2177c
----------------
IN: oops_begin
0xc00000000002177c: 7c0802a6 mflr r0
0xc000000000021780: fbe1fff8 std r31, -8(r1)
0xc000000000021784: f8010010 std r0, 0x10(r1)
0xc000000000021788: f821ffd1 stdu r1, -0x30(r1)
0xc00000000002178c: 480a42bd bl 0xc5a48
[...]
----------------
IN: console_flush_on_panic
0xc000000000121d98: 38210020 addi r1, r1, 0x20
0xc000000000121d9c: 39200000 li r9, 0
0xc000000000121da0: 3d42000c addis r10, r2, 0xc
0xc000000000121da4: e8010010 ld r0, 0x10(r1)
0xc000000000121da8: 912a282c stw r9, 0x282c(r10)
0xc000000000121dac: 7c0803a6 mtlr r0
0xc000000000121db0: 4bffe5d0 b 0x120380
----------------
IN: panic_flush_kmsg_end
0xc000000000022348: 60000000 nop
0xc00000000002234c: 38210020 addi r1, r1, 0x20
0xc000000000022350: e8010010 ld r0, 0x10(r1)
0xc000000000022354: 7c0803a6 mtlr r0
0xc000000000022358: 4e800020 blr
----------------
IN: pseries_panic
0xc000000000096e9c: 60000000 nop
0xc000000000096ea0: e8610020 ld r3, 0x20(r1)
0xc000000000096ea4: 4bf97025 bl 0x2dec8
----------------
IN: rtas_os_term
0xc00000000002dec8: 7c0802a6 mflr r0
0xc00000000002decc: 48726c59 bl 0x754b24
[...]
Guest crashed
Am I supposed to use different command line options to run this image?
Thanks,
Phil.
[*] https://bugs.launchpad.net/bugs/1834613
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type
2019-06-28 11:27 ` [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type Philippe Mathieu-Daudé
@ 2019-06-28 11:49 ` Laurent Vivier
2019-06-28 11:54 ` Laurent Vivier
2019-06-28 14:14 ` Laurent Vivier
2 siblings, 0 replies; 7+ messages in thread
From: Laurent Vivier @ 2019-06-28 11:49 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, David Gibson, peter.maydell
Cc: clg, qemu-ppc, qemu-devel, Suraj Jitindar Singh, groug
On 28/06/2019 13:27, Philippe Mathieu-Daudé wrote:
> Hi,
...
> [*] https://bugs.launchpad.net/bugs/1834613
>
I think the problem is related to:
8b3b2d75c7c0 target/ppc: introduce get_cpu_vsr{l,h}() and set_cpu_vsr{l,h}() helpers for VSR register access
fixed by (at least):
2a1224359008 target/ppc: Fix lxvw4x, lxvh8x and lxvb16x
77bd8937c03d target/ppc: Fix xvabs[sd]p, xvnabs[sd]p, xvneg[sd]p, xvcpsgn[sd]p
d47a751adab7 target/ppc: Fix xxbrq, xxbrw
3e5365b7aa6c target/ppc: Fix QEMU crash with stxsdx
and on AVX2 host to:
571fbe6ccd7a target/ppc: Use vector variable shifts for VSL, VSR, VSRA
fixed by:
899f08ad1d12 tcg: Fix typos in helper_gvec_sar{8,32,64}v
Thank you,
Laurent
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type
2019-06-28 11:27 ` [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type Philippe Mathieu-Daudé
2019-06-28 11:49 ` Laurent Vivier
@ 2019-06-28 11:54 ` Laurent Vivier
2019-06-28 12:25 ` Philippe Mathieu-Daudé
2019-06-28 14:14 ` Laurent Vivier
2 siblings, 1 reply; 7+ messages in thread
From: Laurent Vivier @ 2019-06-28 11:54 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, David Gibson, peter.maydell
Cc: clg, qemu-ppc, qemu-devel, Suraj Jitindar Singh, groug
On 28/06/2019 13:27, Philippe Mathieu-Daudé wrote:
> Hi,
>
> On 3/12/19 9:54 AM, David Gibson wrote:
>> From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>
>> There are currently 3 mitigations the availability of which is controlled
>> by the spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these
>> mitigations by default for the pseries-4.0 machine type.
>>
>> By now machine firmware should have been upgraded to allow these
>> settings.
>>
>> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>> Message-Id: <20190301044609.9626-3-sjitindarsingh@gmail.com>
>> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>> ---
>> hw/ppc/spapr.c | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>> index 37fd7a1411..946bbcf9ee 100644
>> --- a/hw/ppc/spapr.c
>> +++ b/hw/ppc/spapr.c
>> @@ -4307,9 +4307,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
>> smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
>> smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
>> smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
>> - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>> - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>> - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_WORKAROUND;
>> smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
>> smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
>> @@ -4389,6 +4389,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc)
>> mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
>> smc->update_dt_enabled = false;
>> smc->dr_phb_enabled = false;
>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
>> }
>
What happens if you start directly qemu with:
... -M cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken ...
or with
... -M pseries-3.1.0 ...
Thanks,
Laurent
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type
2019-06-28 11:54 ` Laurent Vivier
@ 2019-06-28 12:25 ` Philippe Mathieu-Daudé
0 siblings, 0 replies; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-06-28 12:25 UTC (permalink / raw)
To: Laurent Vivier, David Gibson, peter.maydell
Cc: clg, qemu-ppc, qemu-devel, Suraj Jitindar Singh, groug
On 6/28/19 1:54 PM, Laurent Vivier wrote:
> On 28/06/2019 13:27, Philippe Mathieu-Daudé wrote:
>> Hi,
>>
>> On 3/12/19 9:54 AM, David Gibson wrote:
>>> From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>>
>>> There are currently 3 mitigations the availability of which is controlled
>>> by the spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these
>>> mitigations by default for the pseries-4.0 machine type.
>>>
>>> By now machine firmware should have been upgraded to allow these
>>> settings.
>>>
>>> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>> Message-Id: <20190301044609.9626-3-sjitindarsingh@gmail.com>
>>> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>>> ---
>>> hw/ppc/spapr.c | 9 ++++++---
>>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>>> index 37fd7a1411..946bbcf9ee 100644
>>> --- a/hw/ppc/spapr.c
>>> +++ b/hw/ppc/spapr.c
>>> @@ -4307,9 +4307,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
>>> smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
>>> smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
>>> smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
>>> - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>>> - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>>> - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
>>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
>>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_WORKAROUND;
>>> smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
>>> smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
>>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
>>> @@ -4389,6 +4389,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc)
>>> mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
>>> smc->update_dt_enabled = false;
>>> smc->dr_phb_enabled = false;
>>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
>>> }
>>
>
> What happens if you start directly qemu with:
>
> ... -M cap-cfpc=broken,cap-sbbc=broken,cap-ibs=broken ...
>
> or with
>
> ... -M pseries-3.1.0 ...
Thanks Laurent! Both work.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type
2019-06-28 11:27 ` [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type Philippe Mathieu-Daudé
2019-06-28 11:49 ` Laurent Vivier
2019-06-28 11:54 ` Laurent Vivier
@ 2019-06-28 14:14 ` Laurent Vivier
2019-06-28 14:28 ` Philippe Mathieu-Daudé
2 siblings, 1 reply; 7+ messages in thread
From: Laurent Vivier @ 2019-06-28 14:14 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, David Gibson, peter.maydell
Cc: clg, qemu-ppc, qemu-devel, Suraj Jitindar Singh, groug
On 28/06/2019 13:27, Philippe Mathieu-Daudé wrote:
> Hi,
>
> On 3/12/19 9:54 AM, David Gibson wrote:
>> From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>
>> There are currently 3 mitigations the availability of which is controlled
>> by the spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these
>> mitigations by default for the pseries-4.0 machine type.
>>
>> By now machine firmware should have been upgraded to allow these
>> settings.
>>
>> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>> Message-Id: <20190301044609.9626-3-sjitindarsingh@gmail.com>
>> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>> ---
>> hw/ppc/spapr.c | 9 ++++++---
>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>> index 37fd7a1411..946bbcf9ee 100644
>> --- a/hw/ppc/spapr.c
>> +++ b/hw/ppc/spapr.c
>> @@ -4307,9 +4307,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
>> smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
>> smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
>> smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
>> - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>> - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>> - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_WORKAROUND;
>> smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
>> smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
>> @@ -4389,6 +4389,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc)
>> mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
>> smc->update_dt_enabled = false;
>> smc->dr_phb_enabled = false;
>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
>> }
>
> While trying auto-bisection for LP#1834613 [*] I found this commit break
> clean bisection.
>
> ./configure --enable-debug
>
> $ qemu-system-ppc64 \
> -kernel vmlinuz-vanilla \
> -nographic -serial null
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-cfpc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-sbbc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-ibs=workaround
> Opcode 13 10 10 00 (4c400420) leaked temporaries
>
> More verbose log:
>
> $ qemu-system-ppc64 \
> -kernel vmlinuz-vanilla \
> -nographic -append "console=hvc0" \
> -d guest_errors,in_asm
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-cfpc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-sbbc=workaround
> qemu-system-ppc64: warning: TCG doesn't support requested feature,
> cap-ibs=workaround
>
>
> SLOF **********************************************************************
> QEMU Starting
> Build Date = Jan 14 2019 18:00:39
> FW Version = git-a5b428e1c1eae703
> Press "s" to enter Open Firmware.
> [...]
> --------------
> IN: __switch_to
> 0xc00000000001aac0: 60000000 nop
> 0xc00000000001aac4: 7f44d378 mr r4, r26
> 0xc00000000001aac8: 7f23cb78 mr r3, r25
> 0xc00000000001aacc: 4bff3235 bl 0xdd00
The kernel logs are:
[ 0.044473] Oops: Exception in kernel mode, sig: 4 [#1]
[ 0.044899] BE PAGE_SIZE=64K MMU=Radix MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
[ 0.045191] Modules linked in:
[ 0.045504] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.1.0-rc4-00058-g582549e3fbe1-dirty #11
[ 0.045646] NIP: c00000000000be00 LR: c00000000000e168 CTR: 0000000000007fff
[ 0.045747] REGS: c0000000011bb770 TRAP: 0700 Not tainted (5.1.0-rc4-00058-g582549e3fbe1-dirty)
[ 0.045808] MSR: 8000000002089032 <SF,VEC,EE,ME,IR,DR,RI> CR: 24028822 XER: 00000000
[ 0.045971] CFAR: c00000000000bde4 IRQMASK: 1
[ 0.045971] GPR00: c00000000001f390 c0000000011bba00 c0000000011bf800 c0000000010db830
[ 0.045971] GPR04: c00000001e4041b0 0000000000000000 0000000000000000 00000000028a5d7a
[ 0.045971] GPR08: 0000000000000000 0000000000007fff 0000000000000000 fffffffffffffffd
[ 0.045971] GPR12: 0000000024028828 c0000000013b0000 000000001dc5ff00 00000000011d8e18
[ 0.045971] GPR16: 00000000011d89e0 fffffffffffffffd 000000001dc5ff00 0000000000000014
[ 0.045971] GPR20: 000000001daf0000 c0000000010da4e0 000000001eef0000 0000000024028822
[ 0.045971] GPR24: c0000000010db830 c00000001e4041b0 000000001eef0000 c000000000ff5598
[ 0.045971] GPR28: c0000000010db830 c0000000010d9d00 c00000001e402680 c0000000010d9d00
[ 0.046505] NIP [c00000000000be00] flush_count_cache+0x120/0x2420
[ 0.046561] LR [c00000000000e168] ._switch+0x68/0x180
[ 0.046696] Call Trace:
[ 0.046865] [c0000000011bba00] [c0000000011bba90] init_stack+0x3a90/0x4000 (unreliable)
[ 0.046970] [c0000000011bbbe0] [c00000000001f390] .__switch_to+0x280/0x490
[ 0.047031] [c0000000011bbc90] [c000000000b62b5c] .__schedule+0x2bc/0xae0
[ 0.047075] [c0000000011bbd80] [c000000000b633c8] .schedule+0x48/0xb0
[ 0.047140] [c0000000011bbdf0] [c000000000b63918] .schedule_preempt_disabled+0x18/0x30
[ 0.047187] [c0000000011bbe60] [c00000000001065c] .rest_init+0xcc/0xf0
[ 0.047233] [c0000000011bbee0] [c000000000f04584] .start_kernel+0x604/0x648
[ 0.047276] [c0000000011bbf90] [c00000000000b260] start_here_common+0x1c/0x53c
[ 0.047409] Instruction dump:
[ 0.047647] 48000005 48000005 48000005 48000005 48000005 4800001c 60000000 60000000
[ 0.047744] 60000000 60000000 60000000 60000000 <7d2803a6> 39207fff 7d2903a6 4c400420
[ 0.048410] ---[ end trace 523b05d3a02887f6 ]---
[ 0.048523]
This is fixed by:
commit fa200c95f7f99ce14b8af25ea0be478c722d3cec
Author: Greg Kurz <groug@kaod.org>
Date: Fri Mar 22 19:03:46 2019 +0100
target/ppc: Enable "decrement and test CTR" version of bcctr
Even if all ISAs up to v3 indeed mention:
If the "decrement and test CTR" option is specified (BO2=0), the
instruction form is invalid.
The UMs of all existing 64-bit server class processors say:
If BO[2] = 0, the contents of CTR (before any update) are used as the
target address and for the test of the contents of CTR to resolve the
branch. The contents of the CTR are then decremented and written back
to the CTR.
The linux kernel has spectre v2 mitigation code that relies on a
BO[2] = 0 variant of bcctr, which is now activated by default on
spapr, even with TCG. This causes linux guests to panic with
the default machine type under TCG.
Since any CPU model can provide its own behaviour for invalid forms,
we could possibly introduce a new instruction flag to handle this.
In practice, since the behaviour is shared by all 64-bit server
processors starting with 970 up to POWER9, let's reuse the
PPC_SEGMENT_64B flag. Caveat: this may have to be fixed later if
POWER10 introduces a different behaviour.
The existing behaviour of throwing a program interrupt is kept for
all other CPU models.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <155327782604.1283071.10640596307206921951.stgit@bahia.lan>
Tested-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Thanks,
Laurent
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type
2019-06-28 14:14 ` Laurent Vivier
@ 2019-06-28 14:28 ` Philippe Mathieu-Daudé
2019-06-28 14:48 ` Laurent Vivier
0 siblings, 1 reply; 7+ messages in thread
From: Philippe Mathieu-Daudé @ 2019-06-28 14:28 UTC (permalink / raw)
To: Laurent Vivier, David Gibson, peter.maydell
Cc: clg, qemu-ppc, qemu-devel, Suraj Jitindar Singh, groug
On 6/28/19 4:14 PM, Laurent Vivier wrote:
> On 28/06/2019 13:27, Philippe Mathieu-Daudé wrote:
>> Hi,
>>
>> On 3/12/19 9:54 AM, David Gibson wrote:
>>> From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>>
>>> There are currently 3 mitigations the availability of which is controlled
>>> by the spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these
>>> mitigations by default for the pseries-4.0 machine type.
>>>
>>> By now machine firmware should have been upgraded to allow these
>>> settings.
>>>
>>> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>> Message-Id: <20190301044609.9626-3-sjitindarsingh@gmail.com>
>>> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>>> ---
>>> hw/ppc/spapr.c | 9 ++++++---
>>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>>> index 37fd7a1411..946bbcf9ee 100644
>>> --- a/hw/ppc/spapr.c
>>> +++ b/hw/ppc/spapr.c
>>> @@ -4307,9 +4307,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
>>> smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
>>> smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
>>> smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
>>> - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>>> - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>>> - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
>>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
>>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_WORKAROUND;
>>> smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
>>> smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
>>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
>>> @@ -4389,6 +4389,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc)
>>> mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
>>> smc->update_dt_enabled = false;
>>> smc->dr_phb_enabled = false;
>>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
>>> }
>>
>> While trying auto-bisection for LP#1834613 [*] I found this commit break
>> clean bisection.
>>
>> ./configure --enable-debug
>>
>> $ qemu-system-ppc64 \
>> -kernel vmlinuz-vanilla \
>> -nographic -serial null
>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>> cap-cfpc=workaround
>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>> cap-sbbc=workaround
>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>> cap-ibs=workaround
>> Opcode 13 10 10 00 (4c400420) leaked temporaries
>>
>> More verbose log:
>>
>> $ qemu-system-ppc64 \
>> -kernel vmlinuz-vanilla \
>> -nographic -append "console=hvc0" \
>> -d guest_errors,in_asm
>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>> cap-cfpc=workaround
>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>> cap-sbbc=workaround
>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>> cap-ibs=workaround
>>
>>
>> SLOF **********************************************************************
>> QEMU Starting
>> Build Date = Jan 14 2019 18:00:39
>> FW Version = git-a5b428e1c1eae703
>> Press "s" to enter Open Firmware.
>> [...]
>> --------------
>> IN: __switch_to
>> 0xc00000000001aac0: 60000000 nop
>> 0xc00000000001aac4: 7f44d378 mr r4, r26
>> 0xc00000000001aac8: 7f23cb78 mr r3, r25
>> 0xc00000000001aacc: 4bff3235 bl 0xdd00
>
> The kernel logs are:
>
> [ 0.044473] Oops: Exception in kernel mode, sig: 4 [#1]
> [ 0.044899] BE PAGE_SIZE=64K MMU=Radix MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
> [ 0.045191] Modules linked in:
> [ 0.045504] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.1.0-rc4-00058-g582549e3fbe1-dirty #11
> [ 0.045646] NIP: c00000000000be00 LR: c00000000000e168 CTR: 0000000000007fff
> [ 0.045747] REGS: c0000000011bb770 TRAP: 0700 Not tainted (5.1.0-rc4-00058-g582549e3fbe1-dirty)
> [ 0.045808] MSR: 8000000002089032 <SF,VEC,EE,ME,IR,DR,RI> CR: 24028822 XER: 00000000
> [ 0.045971] CFAR: c00000000000bde4 IRQMASK: 1
> [ 0.045971] GPR00: c00000000001f390 c0000000011bba00 c0000000011bf800 c0000000010db830
> [ 0.045971] GPR04: c00000001e4041b0 0000000000000000 0000000000000000 00000000028a5d7a
> [ 0.045971] GPR08: 0000000000000000 0000000000007fff 0000000000000000 fffffffffffffffd
> [ 0.045971] GPR12: 0000000024028828 c0000000013b0000 000000001dc5ff00 00000000011d8e18
> [ 0.045971] GPR16: 00000000011d89e0 fffffffffffffffd 000000001dc5ff00 0000000000000014
> [ 0.045971] GPR20: 000000001daf0000 c0000000010da4e0 000000001eef0000 0000000024028822
> [ 0.045971] GPR24: c0000000010db830 c00000001e4041b0 000000001eef0000 c000000000ff5598
> [ 0.045971] GPR28: c0000000010db830 c0000000010d9d00 c00000001e402680 c0000000010d9d00
> [ 0.046505] NIP [c00000000000be00] flush_count_cache+0x120/0x2420
> [ 0.046561] LR [c00000000000e168] ._switch+0x68/0x180
> [ 0.046696] Call Trace:
> [ 0.046865] [c0000000011bba00] [c0000000011bba90] init_stack+0x3a90/0x4000 (unreliable)
> [ 0.046970] [c0000000011bbbe0] [c00000000001f390] .__switch_to+0x280/0x490
> [ 0.047031] [c0000000011bbc90] [c000000000b62b5c] .__schedule+0x2bc/0xae0
> [ 0.047075] [c0000000011bbd80] [c000000000b633c8] .schedule+0x48/0xb0
> [ 0.047140] [c0000000011bbdf0] [c000000000b63918] .schedule_preempt_disabled+0x18/0x30
> [ 0.047187] [c0000000011bbe60] [c00000000001065c] .rest_init+0xcc/0xf0
> [ 0.047233] [c0000000011bbee0] [c000000000f04584] .start_kernel+0x604/0x648
> [ 0.047276] [c0000000011bbf90] [c00000000000b260] start_here_common+0x1c/0x53c
> [ 0.047409] Instruction dump:
> [ 0.047647] 48000005 48000005 48000005 48000005 48000005 4800001c 60000000 60000000
> [ 0.047744] 60000000 60000000 60000000 60000000 <7d2803a6> 39207fff 7d2903a6 4c400420
> [ 0.048410] ---[ end trace 523b05d3a02887f6 ]---
> [ 0.048523]
How do you got the klogs?
> This is fixed by:
>
> commit fa200c95f7f99ce14b8af25ea0be478c722d3cec
> Author: Greg Kurz <groug@kaod.org>
> Date: Fri Mar 22 19:03:46 2019 +0100
>
> target/ppc: Enable "decrement and test CTR" version of bcctr
>
> Even if all ISAs up to v3 indeed mention:
>
> If the "decrement and test CTR" option is specified (BO2=0), the
> instruction form is invalid.
>
> The UMs of all existing 64-bit server class processors say:
>
> If BO[2] = 0, the contents of CTR (before any update) are used as the
> target address and for the test of the contents of CTR to resolve the
> branch. The contents of the CTR are then decremented and written back
> to the CTR.
>
> The linux kernel has spectre v2 mitigation code that relies on a
> BO[2] = 0 variant of bcctr, which is now activated by default on
> spapr, even with TCG. This causes linux guests to panic with
> the default machine type under TCG.
>
> Since any CPU model can provide its own behaviour for invalid forms,
> we could possibly introduce a new instruction flag to handle this.
> In practice, since the behaviour is shared by all 64-bit server
> processors starting with 970 up to POWER9, let's reuse the
> PPC_SEGMENT_64B flag. Caveat: this may have to be fixed later if
> POWER10 introduces a different behaviour.
>
> The existing behaviour of throwing a program interrupt is kept for
> all other CPU models.
>
> Signed-off-by: Greg Kurz <groug@kaod.org>
> Message-Id: <155327782604.1283071.10640596307206921951.stgit@bahia.lan>
> Tested-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
So this commit misses:
Fixes: 2782ad4c4102d
This kind of hint is very helpful for post-merge reviews.
Thanks Laurent for your analysis :)
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type
2019-06-28 14:28 ` Philippe Mathieu-Daudé
@ 2019-06-28 14:48 ` Laurent Vivier
0 siblings, 0 replies; 7+ messages in thread
From: Laurent Vivier @ 2019-06-28 14:48 UTC (permalink / raw)
To: Philippe Mathieu-Daudé, David Gibson, peter.maydell
Cc: clg, qemu-ppc, qemu-devel, Suraj Jitindar Singh, groug
On 28/06/2019 16:28, Philippe Mathieu-Daudé wrote:
> On 6/28/19 4:14 PM, Laurent Vivier wrote:
>> On 28/06/2019 13:27, Philippe Mathieu-Daudé wrote:
>>> Hi,
>>>
>>> On 3/12/19 9:54 AM, David Gibson wrote:
>>>> From: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>>>
>>>> There are currently 3 mitigations the availability of which is controlled
>>>> by the spapr-caps mechanism, cap-cfpc, cap-sbbc, and cap-ibs. Enable these
>>>> mitigations by default for the pseries-4.0 machine type.
>>>>
>>>> By now machine firmware should have been upgraded to allow these
>>>> settings.
>>>>
>>>> Signed-off-by: Suraj Jitindar Singh <sjitindarsingh@gmail.com>
>>>> Message-Id: <20190301044609.9626-3-sjitindarsingh@gmail.com>
>>>> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>>>> ---
>>>> hw/ppc/spapr.c | 9 ++++++---
>>>> 1 file changed, 6 insertions(+), 3 deletions(-)
>>>>
>>>> diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
>>>> index 37fd7a1411..946bbcf9ee 100644
>>>> --- a/hw/ppc/spapr.c
>>>> +++ b/hw/ppc/spapr.c
>>>> @@ -4307,9 +4307,9 @@ static void spapr_machine_class_init(ObjectClass *oc, void *data)
>>>> smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_OFF;
>>>> smc->default_caps.caps[SPAPR_CAP_VSX] = SPAPR_CAP_ON;
>>>> smc->default_caps.caps[SPAPR_CAP_DFP] = SPAPR_CAP_ON;
>>>> - smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>>>> - smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>>>> - smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>>>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_WORKAROUND;
>>>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_WORKAROUND;
>>>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_WORKAROUND;
>>>> smc->default_caps.caps[SPAPR_CAP_HPT_MAXPAGESIZE] = 16; /* 64kiB */
>>>> smc->default_caps.caps[SPAPR_CAP_NESTED_KVM_HV] = SPAPR_CAP_OFF;
>>>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_ON;
>>>> @@ -4389,6 +4389,9 @@ static void spapr_machine_3_1_class_options(MachineClass *mc)
>>>> mc->default_cpu_type = POWERPC_CPU_TYPE_NAME("power8_v2.0");
>>>> smc->update_dt_enabled = false;
>>>> smc->dr_phb_enabled = false;
>>>> + smc->default_caps.caps[SPAPR_CAP_CFPC] = SPAPR_CAP_BROKEN;
>>>> + smc->default_caps.caps[SPAPR_CAP_SBBC] = SPAPR_CAP_BROKEN;
>>>> + smc->default_caps.caps[SPAPR_CAP_IBS] = SPAPR_CAP_BROKEN;
>>>> smc->default_caps.caps[SPAPR_CAP_LARGE_DECREMENTER] = SPAPR_CAP_OFF;
>>>> }
>>>
>>> While trying auto-bisection for LP#1834613 [*] I found this commit break
>>> clean bisection.
>>>
>>> ./configure --enable-debug
>>>
>>> $ qemu-system-ppc64 \
>>> -kernel vmlinuz-vanilla \
>>> -nographic -serial null
>>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>>> cap-cfpc=workaround
>>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>>> cap-sbbc=workaround
>>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>>> cap-ibs=workaround
>>> Opcode 13 10 10 00 (4c400420) leaked temporaries
>>>
>>> More verbose log:
>>>
>>> $ qemu-system-ppc64 \
>>> -kernel vmlinuz-vanilla \
>>> -nographic -append "console=hvc0" \
>>> -d guest_errors,in_asm
>>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>>> cap-cfpc=workaround
>>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>>> cap-sbbc=workaround
>>> qemu-system-ppc64: warning: TCG doesn't support requested feature,
>>> cap-ibs=workaround
>>>
>>>
>>> SLOF **********************************************************************
>>> QEMU Starting
>>> Build Date = Jan 14 2019 18:00:39
>>> FW Version = git-a5b428e1c1eae703
>>> Press "s" to enter Open Firmware.
>>> [...]
>>> --------------
>>> IN: __switch_to
>>> 0xc00000000001aac0: 60000000 nop
>>> 0xc00000000001aac4: 7f44d378 mr r4, r26
>>> 0xc00000000001aac8: 7f23cb78 mr r3, r25
>>> 0xc00000000001aacc: 4bff3235 bl 0xdd00
>>
>> The kernel logs are:
>>
>> [ 0.044473] Oops: Exception in kernel mode, sig: 4 [#1]
>> [ 0.044899] BE PAGE_SIZE=64K MMU=Radix MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
>> [ 0.045191] Modules linked in:
>> [ 0.045504] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.1.0-rc4-00058-g582549e3fbe1-dirty #11
>> [ 0.045646] NIP: c00000000000be00 LR: c00000000000e168 CTR: 0000000000007fff
>> [ 0.045747] REGS: c0000000011bb770 TRAP: 0700 Not tainted (5.1.0-rc4-00058-g582549e3fbe1-dirty)
>> [ 0.045808] MSR: 8000000002089032 <SF,VEC,EE,ME,IR,DR,RI> CR: 24028822 XER: 00000000
>> [ 0.045971] CFAR: c00000000000bde4 IRQMASK: 1
>> [ 0.045971] GPR00: c00000000001f390 c0000000011bba00 c0000000011bf800 c0000000010db830
>> [ 0.045971] GPR04: c00000001e4041b0 0000000000000000 0000000000000000 00000000028a5d7a
>> [ 0.045971] GPR08: 0000000000000000 0000000000007fff 0000000000000000 fffffffffffffffd
>> [ 0.045971] GPR12: 0000000024028828 c0000000013b0000 000000001dc5ff00 00000000011d8e18
>> [ 0.045971] GPR16: 00000000011d89e0 fffffffffffffffd 000000001dc5ff00 0000000000000014
>> [ 0.045971] GPR20: 000000001daf0000 c0000000010da4e0 000000001eef0000 0000000024028822
>> [ 0.045971] GPR24: c0000000010db830 c00000001e4041b0 000000001eef0000 c000000000ff5598
>> [ 0.045971] GPR28: c0000000010db830 c0000000010d9d00 c00000001e402680 c0000000010d9d00
>> [ 0.046505] NIP [c00000000000be00] flush_count_cache+0x120/0x2420
>> [ 0.046561] LR [c00000000000e168] ._switch+0x68/0x180
>> [ 0.046696] Call Trace:
>> [ 0.046865] [c0000000011bba00] [c0000000011bba90] init_stack+0x3a90/0x4000 (unreliable)
>> [ 0.046970] [c0000000011bbbe0] [c00000000001f390] .__switch_to+0x280/0x490
>> [ 0.047031] [c0000000011bbc90] [c000000000b62b5c] .__schedule+0x2bc/0xae0
>> [ 0.047075] [c0000000011bbd80] [c000000000b633c8] .schedule+0x48/0xb0
>> [ 0.047140] [c0000000011bbdf0] [c000000000b63918] .schedule_preempt_disabled+0x18/0x30
>> [ 0.047187] [c0000000011bbe60] [c00000000001065c] .rest_init+0xcc/0xf0
>> [ 0.047233] [c0000000011bbee0] [c000000000f04584] .start_kernel+0x604/0x648
>> [ 0.047276] [c0000000011bbf90] [c00000000000b260] start_here_common+0x1c/0x53c
>> [ 0.047409] Instruction dump:
>> [ 0.047647] 48000005 48000005 48000005 48000005 48000005 4800001c 60000000 60000000
>> [ 0.047744] 60000000 60000000 60000000 60000000 <7d2803a6> 39207fff 7d2903a6 4c400420
>> [ 0.048410] ---[ end trace 523b05d3a02887f6 ]---
>> [ 0.048523]
>
> How do you got the klogs?
To have the klogs on the serial output you have to disable vga:
... -vga none -nographic ...
or to set the default console:
... -serial stdout -prom-env "output-device=/vdevice/vty@71000000" ...
Thanks,
Laurent
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-06-28 16:08 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20190312085502.8203-1-david@gibson.dropbear.id.au>
[not found] ` <20190312085502.8203-13-david@gibson.dropbear.id.au>
2019-06-28 11:27 ` [Qemu-devel] [PULL 12/62] target/ppc/spapr: Enable mitigations by default for pseries-4.0 machine type Philippe Mathieu-Daudé
2019-06-28 11:49 ` Laurent Vivier
2019-06-28 11:54 ` Laurent Vivier
2019-06-28 12:25 ` Philippe Mathieu-Daudé
2019-06-28 14:14 ` Laurent Vivier
2019-06-28 14:28 ` Philippe Mathieu-Daudé
2019-06-28 14:48 ` Laurent Vivier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.