svn commit: r322833 - head/sys/x86/x86
Konstantin Belousov
kib at FreeBSD.org
Thu Aug 24 10:57:35 UTC 2017
Author: kib
Date: Thu Aug 24 10:57:34 2017
New Revision: 322833
URL: https://svnweb.freebsd.org/changeset/base/322833
Log:
Stop masking FSGSBASE and SMEP features under monitors.
Not enabling FSGSBASE in %cr4 does not prevent reporting of the
feature by the CPUID instruction (blame Int*l). As result, kernels
which were run under monitors pretended that usermode cannot modify
TLS base without the syscall, while libc noted right combination of
capable CPU and the new kernel version, trying to use the WRFSBASE
instruction.
Really old hypervisors that cannot handle enablement of these features
in %cr4 would require the manual configuration, by setting the loader
tunable hw.cpu_stdext_disable=0x81
Reported by: lwhsu, mjoras
Sponsored by: The FreeBSD Foundation
MFC after: 18 days
Modified:
head/sys/x86/x86/identcpu.c
Modified: head/sys/x86/x86/identcpu.c
==============================================================================
--- head/sys/x86/x86/identcpu.c Thu Aug 24 10:49:53 2017 (r322832)
+++ head/sys/x86/x86/identcpu.c Thu Aug 24 10:57:34 2017 (r322833)
@@ -1423,18 +1423,15 @@ finishidentcpu(void)
cpu_stdext_feature = regs[1];
/*
- * Some hypervisors fail to filter out unsupported
- * extended features. For now, disable the
+ * Some hypervisors failed to filter out unsupported
+ * extended features. Allow to disable the
* extensions, activation of which requires setting a
* bit in CR4, and which VM monitors do not support.
*/
- if (cpu_feature2 & CPUID2_HV) {
- cpu_stdext_disable = CPUID_STDEXT_FSGSBASE |
- CPUID_STDEXT_SMEP;
- } else
- cpu_stdext_disable = 0;
+ cpu_stdext_disable = 0;
TUNABLE_INT_FETCH("hw.cpu_stdext_disable", &cpu_stdext_disable);
cpu_stdext_feature &= ~cpu_stdext_disable;
+
cpu_stdext_feature2 = regs[2];
}
More information about the svn-src-all
mailing list