svn commit: r328166 - in head/sys: amd64/amd64 x86/include x86/x86
Dexuan-BSD Cui
dexuan.bsd at gmail.com
Sat Jan 27 08:56:51 UTC 2018
Hi,
Today I found the KPTI patch broke FreeBSD VM running on Hyper-V: the VM
can't boot due to:
vmbus0: cannot find free IDT vector
This is the related snippet:
dev/hyperv/vmbus/vmbus.c: vmbus_intr_setup() -> lapic_ipi_alloc() fails:
/*
* All Hyper-V ISR required resources are setup, now let's find a
* free IDT vector for Hyper-V ISR and set it up.
*/
sc->vmbus_idtvec = lapic_ipi_alloc(pti ? IDTVEC(vmbus_isr_pti) :
IDTVEC(vmbus_isr));
if (sc->vmbus_idtvec < 0) {
device_printf(sc->vmbus_dev, "cannot find free IDT
vector\n");
return ENXIO;
}
Luckily for now I can work around this boot failure by adding vm.pmap.pti=0
into /boot/loader.conf.
Any suggestion?
Thanks!
-- Dexuan
On Fri, Jan 19, 2018 at 7:42 AM, Ed Maste <emaste at freebsd.org> wrote:
> Author: emaste
> Date: Fri Jan 19 15:42:34 2018
> New Revision: 328166
> URL: https://svnweb.freebsd.org/changeset/base/328166
>
> Log:
> Enable KPTI by default on amd64 for non-AMD CPUs
>
> Kernel Page Table Isolation (KPTI) was introduced in r328083 as a
> mitigation for the 'Meltdown' vulnerability. AMD CPUs are not affected,
> per https://www.amd.com/en/corporate/speculative-execution:
>
> We believe AMD processors are not susceptible due to our use of
> privilege level protections within paging architecture and no
> mitigation is required.
>
> Thus default KPTI to off for AMD CPUs, and to on for others. This may
> be refined later as we obtain more specific information on the sets of
> CPUs that are and are not affected.
>
> Submitted by: Mitchell Horne
> Reviewed by: cem
> Relnotes: Yes
> Security: CVE-2017-5754
> Sponsored by: The FreeBSD Foundation
> Differential Revision: https://reviews.freebsd.org/D13971
>
> Modified:
> head/sys/amd64/amd64/machdep.c
> head/sys/x86/include/x86_var.h
> head/sys/x86/x86/identcpu.c
>
> Modified: head/sys/amd64/amd64/machdep.c
> ============================================================
> ==================
> --- head/sys/amd64/amd64/machdep.c Fri Jan 19 15:32:27 2018
> (r328165)
> +++ head/sys/amd64/amd64/machdep.c Fri Jan 19 15:42:34 2018
> (r328166)
> @@ -1621,6 +1621,7 @@ hammer_time(u_int64_t modulep, u_int64_t physfree)
> mtx_init(&dt_lock, "descriptor tables", NULL, MTX_DEF);
>
> /* exceptions */
> + pti = pti_get_default();
> TUNABLE_INT_FETCH("vm.pmap.pti", &pti);
>
> for (x = 0; x < NIDT; x++)
>
> Modified: head/sys/x86/include/x86_var.h
> ============================================================
> ==================
> --- head/sys/x86/include/x86_var.h Fri Jan 19 15:32:27 2018
> (r328165)
> +++ head/sys/x86/include/x86_var.h Fri Jan 19 15:42:34 2018
> (r328166)
> @@ -136,6 +136,7 @@ void nmi_call_kdb_smp(u_int type, struct
> trapframe *fr
> void nmi_handle_intr(u_int type, struct trapframe *frame);
> void pagecopy(void *from, void *to);
> void printcpuinfo(void);
> +int pti_get_default(void);
> int user_dbreg_trap(void);
> int minidumpsys(struct dumperinfo *);
> struct pcb *get_pcb_td(struct thread *td);
>
> Modified: head/sys/x86/x86/identcpu.c
> ============================================================
> ==================
> --- head/sys/x86/x86/identcpu.c Fri Jan 19 15:32:27 2018 (r328165)
> +++ head/sys/x86/x86/identcpu.c Fri Jan 19 15:42:34 2018 (r328166)
> @@ -1608,6 +1608,16 @@ finishidentcpu(void)
> #endif
> }
>
> +int
> +pti_get_default(void)
> +{
> +
> + if (strcmp(cpu_vendor, AMD_VENDOR_ID) == 0)
> + return (0);
> +
> + return (1);
> +}
> +
> static u_int
> find_cpu_vendor_id(void)
> {
>
>
More information about the svn-src-all
mailing list