svn commit: r322833 - head/sys/x86/x86

[Konstantin Belousov]

Author: kib
Date: Thu Aug 24 10:57:34 2017
New Revision: 322833
URL: https://svnweb.freebsd.org/changeset/base/322833

Log:
  Stop masking FSGSBASE and SMEP features under monitors.
  
  Not enabling FSGSBASE in %cr4 does not prevent reporting of the
  feature by the CPUID instruction (blame Int*l).  As result, kernels
  which were run under monitors pretended that usermode cannot modify
  TLS base without the syscall, while libc noted right combination of
  capable CPU and the new kernel version, trying to use the WRFSBASE
  instruction.
  
  Really old hypervisors that cannot handle enablement of these features
  in %cr4 would require the manual configuration, by setting the loader
  tunable hw.cpu_stdext_disable=0x81
  
  Reported by:	lwhsu, mjoras
  Sponsored by:	The FreeBSD Foundation
  MFC after:	18 days

Modified:
  head/sys/x86/x86/identcpu.c

Modified: head/sys/x86/x86/identcpu.c
==============================================================================
--- head/sys/x86/x86/identcpu.c	Thu Aug 24 10:49:53 2017	(r322832)
+++ head/sys/x86/x86/identcpu.c	Thu Aug 24 10:57:34 2017	(r322833)
@@ -1423,18 +1423,15 @@ finishidentcpu(void)
 		cpu_stdext_feature = regs[1];
 
 		/*
-		 * Some hypervisors fail to filter out unsupported
-		 * extended features.  For now, disable the
+		 * Some hypervisors failed to filter out unsupported
+		 * extended features.  Allow to disable the
 		 * extensions, activation of which requires setting a
 		 * bit in CR4, and which VM monitors do not support.
 		 */
-		if (cpu_feature2 & CPUID2_HV) {
-			cpu_stdext_disable = CPUID_STDEXT_FSGSBASE |
-			    CPUID_STDEXT_SMEP;
-		} else
-			cpu_stdext_disable = 0;
+		cpu_stdext_disable = 0;
 		TUNABLE_INT_FETCH("hw.cpu_stdext_disable", &cpu_stdext_disable);
 		cpu_stdext_feature &= ~cpu_stdext_disable;
+
 		cpu_stdext_feature2 = regs[2];
 	}