From owner-svn-src-all@freebsd.org Thu Aug 24 10:57:35 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ADD5ADDCAD9; Thu, 24 Aug 2017 10:57:35 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7AAF773C22; Thu, 24 Aug 2017 10:57:35 +0000 (UTC) (envelope-from kib@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v7OAvYr2032492; Thu, 24 Aug 2017 10:57:34 GMT (envelope-from kib@FreeBSD.org) Received: (from kib@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v7OAvYgU032491; Thu, 24 Aug 2017 10:57:34 GMT (envelope-from kib@FreeBSD.org) Message-Id: <201708241057.v7OAvYgU032491@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kib set sender to kib@FreeBSD.org using -f From: Konstantin Belousov Date: Thu, 24 Aug 2017 10:57:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r322833 - head/sys/x86/x86 X-SVN-Group: head X-SVN-Commit-Author: kib X-SVN-Commit-Paths: head/sys/x86/x86 X-SVN-Commit-Revision: 322833 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2017 10:57:35 -0000 Author: kib Date: Thu Aug 24 10:57:34 2017 New Revision: 322833 URL: https://svnweb.freebsd.org/changeset/base/322833 Log: Stop masking FSGSBASE and SMEP features under monitors. Not enabling FSGSBASE in %cr4 does not prevent reporting of the feature by the CPUID instruction (blame Int*l). As result, kernels which were run under monitors pretended that usermode cannot modify TLS base without the syscall, while libc noted right combination of capable CPU and the new kernel version, trying to use the WRFSBASE instruction. Really old hypervisors that cannot handle enablement of these features in %cr4 would require the manual configuration, by setting the loader tunable hw.cpu_stdext_disable=0x81 Reported by: lwhsu, mjoras Sponsored by: The FreeBSD Foundation MFC after: 18 days Modified: head/sys/x86/x86/identcpu.c Modified: head/sys/x86/x86/identcpu.c ============================================================================== --- head/sys/x86/x86/identcpu.c Thu Aug 24 10:49:53 2017 (r322832) +++ head/sys/x86/x86/identcpu.c Thu Aug 24 10:57:34 2017 (r322833) @@ -1423,18 +1423,15 @@ finishidentcpu(void) cpu_stdext_feature = regs[1]; /* - * Some hypervisors fail to filter out unsupported - * extended features. For now, disable the + * Some hypervisors failed to filter out unsupported + * extended features. Allow to disable the * extensions, activation of which requires setting a * bit in CR4, and which VM monitors do not support. */ - if (cpu_feature2 & CPUID2_HV) { - cpu_stdext_disable = CPUID_STDEXT_FSGSBASE | - CPUID_STDEXT_SMEP; - } else - cpu_stdext_disable = 0; + cpu_stdext_disable = 0; TUNABLE_INT_FETCH("hw.cpu_stdext_disable", &cpu_stdext_disable); cpu_stdext_feature &= ~cpu_stdext_disable; + cpu_stdext_feature2 = regs[2]; }