mirror of
https://github.com/qemu/qemu.git
synced 2025-09-26 16:12:25 +00:00
819d59ae38
While running the kvm-unit-tests on Intel platforms with "split lock
disable" feature, every test triggers a kernel warning of
x86/split lock detection: #AC: qemu-system-x86_64/373232 took a split_lock trap at address: 0x1e3
Hack KVM by exiting to QEMU on split lock #AC, we get
KVM: exception 17 exit (error code 0x0)
EAX=00000001 EBX=00000000 ECX=00000014 EDX=0001fb80
ESI=00000000 EDI=000000a8 EBP=00000000 ESP=00006f10
EIP=000001e3 EFL=00010002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0900 00009000 0000ffff 00009300 DPL=0 DS16 [-WA]
CS =c000 000c0000 0000ffff 00009b00 DPL=0 CS16 [-RA]
SS =0000 00000000 0000ffff 00009300 DPL=0 DS16 [-WA]
DS =c000 000c0000 0000ffff 00009300 DPL=0 DS16 [-WA]
FS =0950 00009500 0000ffff 00009300 DPL=0 DS16 [-WA]
GS =06f2 00006f20 0000ffff 00009300 DPL=0 DS16 [-WA]
LDT=0000 00000000 0000ffff 00008200 DPL=0 LDT
TR =0000 00000000 0000ffff 00008b00 DPL=0 TSS32-busy
GDT= 000c02b4 00000027
IDT= 00000000 000003ff
CR0=00000011 CR2=00000000 CR3=00000000 CR4=00000000
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000000
Code=89 16 08 00 65 66 0f 01 16 06 00 66 b8 01 00 00 00 0f 22 c0 <65> 66 ff 2e 00 00 b8 10 00 00 00 8e d0 8e d8 8e c0 8e e0 8e e8 66 b8 08 00 66 ba 10 05 66
And it matches with what disassembled from multiboo_dma.bin:
#objdump -b binary -m i386 -D pc-bios/multiboot_dma.bin
1d1: 08 00 or %al,(%eax)
1d3: 65 66 0f 01 16 lgdtw %gs:(%esi)
1d8: 06 push %es
1d9: 00 66 b8 add %ah,-0x48(%esi)
1dc: 01 00 add %eax,(%eax)
1de: 00 00 add %al,(%eax)
1e0: 0f 22 c0 mov %eax,%cr0
> 1e3: 65 66 ff 2e ljmpw *%gs:(%esi)
1e7: 00 00 add %al,(%eax)
1e9: b8 10 00 00 00 mov $0x10,%eax
1ee: 8e d0 mov %eax,%ss
1f0: 8e d8 mov %eax,%ds
1f2: 8e c0 mov %eax,%es
1f4: 8e e0 mov %eax,%fs
1f6: 8e e8 mov %eax,%gs
1f8: 66 b8 08 00 mov $0x8,%ax
1fc: 66 ba 10 05 mov $0x510,%dx
We can see that the instruction at 0x1e3 is a far jmp through the GDT.
However, the GDT is not 8 byte aligned, the base is 0xc02b4.
Intel processors follow the LOCK semantics to set the accessed flag of the
segment descriptor when loading a segment descriptor. If the the segment
descriptor crosses two cache line, it causes split lock.
Fix it by aligning the GDT on 8 bytes, so that segment descriptor cannot
span two cache lines.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Link: https://lore.kernel.org/r/20250808035027.2194673-1-xiaoyao.li@intel.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| descriptors | ||
| keymaps | ||
| optionrom | ||
| s390-ccw | ||
| vof | ||
| bamboo.dtb | ||
| bamboo.dts | ||
| bios-256k.bin | ||
| bios-microvm.bin | ||
| bios.bin | ||
| canyonlands.dtb | ||
| canyonlands.dts | ||
| edk2-aarch64-code.fd.bz2 | ||
| edk2-arm-code.fd.bz2 | ||
| edk2-arm-vars.fd.bz2 | ||
| edk2-i386-code.fd.bz2 | ||
| edk2-i386-secure-code.fd.bz2 | ||
| edk2-i386-vars.fd.bz2 | ||
| edk2-licenses.txt | ||
| edk2-loongarch64-code.fd.bz2 | ||
| edk2-loongarch64-vars.fd.bz2 | ||
| edk2-riscv-code.fd.bz2 | ||
| edk2-riscv-vars.fd.bz2 | ||
| edk2-x86_64-code.fd.bz2 | ||
| edk2-x86_64-microvm.fd.bz2 | ||
| edk2-x86_64-secure-code.fd.bz2 | ||
| efi-e1000.rom | ||
| efi-e1000e.rom | ||
| efi-eepro100.rom | ||
| efi-ne2k_pci.rom | ||
| efi-pcnet.rom | ||
| efi-rtl8139.rom | ||
| efi-virtio.rom | ||
| efi-vmxnet3.rom | ||
| hppa-firmware64.img | ||
| hppa-firmware.img | ||
| kvmvapic.bin | ||
| linuxboot_dma.bin | ||
| linuxboot.bin | ||
| meson.build | ||
| multiboot_dma.bin | ||
| multiboot.bin | ||
| npcm7xx_bootrom.bin | ||
| npcm8xx_bootrom.bin | ||
| openbios-ppc | ||
| openbios-sparc32 | ||
| openbios-sparc64 | ||
| opensbi-riscv32-generic-fw_dynamic.bin | ||
| opensbi-riscv64-generic-fw_dynamic.bin | ||
| palcode-clipper | ||
| petalogix-ml605.dtb | ||
| petalogix-ml605.dts | ||
| petalogix-s3adsp1800.dtb | ||
| petalogix-s3adsp1800.dts | ||
| pnv-pnor.bin | ||
| pvh.bin | ||
| pxe-e1000.rom | ||
| pxe-eepro100.rom | ||
| pxe-ne2k_pci.rom | ||
| pxe-pcnet.rom | ||
| pxe-rtl8139.rom | ||
| pxe-virtio.rom | ||
| qboot.rom | ||
| qemu_logo.svg | ||
| qemu_vga.ndrv | ||
| qemu-nsis.bmp | ||
| qemu-nsis.ico | ||
| QEMU,cgthree.bin | ||
| QEMU,tcx.bin | ||
| qemu.rsrc | ||
| README | ||
| s390-ccw.img | ||
| skiboot.lid | ||
| slof.bin | ||
| u-boot-sam460-20100605.bin | ||
| u-boot.e500 | ||
| vgabios-ati.bin | ||
| vgabios-bochs-display.bin | ||
| vgabios-cirrus.bin | ||
| vgabios-qxl.bin | ||
| vgabios-ramfb.bin | ||
| vgabios-stdvga.bin | ||
| vgabios-virtio.bin | ||
| vgabios-vmware.bin | ||
| vgabios.bin | ||
| vof-nvram.bin | ||
| vof.bin | ||
- SeaBIOS (bios.bin) is the successor of pc bios.
See http://www.seabios.org/ for more information.
- The VGA BIOS and the Cirrus VGA BIOS come from the LGPL VGA bios
project (http://www.nongnu.org/vgabios/).
- OpenBIOS (http://www.openbios.org/) is a free (GPL v2) portable
firmware implementation. The goal is to implement a 100% IEEE
1275-1994 (referred to as Open Firmware) compliant firmware.
The included images for PowerPC (for 32 and 64 bit PPC CPUs),
Sparc32 (including QEMU,tcx.bin and QEMU,cgthree.bin) and Sparc64 are built
from OpenBIOS SVN revision 1280.
- SLOF (Slimline Open Firmware) is a free IEEE 1275 Open Firmware
implementation for certain IBM POWER hardware. The sources are at
https://gitlab.com/slof/slof, and the image currently in qemu is
built from git tag qemu-slof-20241106.
- VOF (Virtual Open Firmware) is a minimalistic firmware to work with
-machine pseries,x-vof=on. When enabled, the firmware acts as a slim shim and
QEMU implements parts of the IEEE 1275 Open Firmware interface.
- The PXE roms come from the iPXE project. Built with BANNER_TIME 0.
Sources available at http://ipxe.org. Vendor:Device ID -> ROM mapping:
8086:100e -> pxe-e1000.rom
8086:1209 -> pxe-eepro100.rom
1050:0940 -> pxe-ne2k_pci.rom
1022:2000 -> pxe-pcnet.rom
10ec:8139 -> pxe-rtl8139.rom
1af4:1000 -> pxe-virtio.rom
- The sources for the Alpha palcode image is available from:
https://github.com/rth7680/qemu-palcode.git
- The u-boot binary for e500 comes from the upstream denx u-boot project where
it was compiled using the qemu-ppce500 target.
A git mirror is available at: https://gitlab.com/qemu-project/u-boot.git
The hash used to compile the current version is: 2072e72
- Skiboot (https://github.com/open-power/skiboot/) is an OPAL
(OpenPower Abstraction Layer) firmware for OpenPOWER systems. It can
run an hypervisor OS or simply a host OS on the "baremetal"
platform, also known as the PowerNV (Non-Virtualized) platform.
- pnv-pnor.bin is a non-volatile RAM image used by PowerNV, which stores
NVRAM BIOS settings among other things. This image was created with the
following command (the ffspart tool can be found in the skiboot source tree):
ffspart -s 0x1000 -c 34 -i pnv-pnor.in -p pnv-pnor.bin
Where pnv-pnor.in contains the two lines (no leading whitespace):
NVRAM,0x01000,0x00020000,,,/dev/zero
VERSION,0x21000,0x00001000,,,/dev/zero
skiboot is then booted once to format the NVRAM partition.
- QemuMacDrivers (https://github.com/ozbenh/QemuMacDrivers) is a project to
provide virtualised drivers for PPC MacOS guests.
- The "edk2-*.fd.bz2" images are platform firmware binaries and matching UEFI
variable store templates built from the TianoCore community's EFI Development
Kit II project
<https://github.com/tianocore/tianocore.github.io/wiki/EDK-II>. The images
were built at git tag "edk2-stable202302". The firmware binaries bundle parts
of the OpenSSL project, at git tag "OpenSSL_1_1_1s" (the OpenSSL tag is a
function of the edk2 tag). Parts of the Berkeley SoftFloat library are
bundled as well, at Release 3e plus a subsequent typo fix (commit
b64af41c3276f97f0e181920400ee056b9c88037), as an OpenSSL dependency on 32-bit
ARM. Licensing information is given in "edk2-licenses.txt". The image files
are described by the JSON documents in the "pc-bios/descriptors" directory,
which conform to the "docs/interop/firmware.json" schema.
- OpenSBI (https://github.com/riscv/opensbi) aims to provide an open-source
reference implementation of the RISC-V Supervisor Binary Interface (SBI)
specifications for platform-specific firmwares executing in M-mode. For all
supported platforms, OpenSBI provides several runtime firmware examples.
These example firmwares can be used to replace the legacy riscv-pk bootloader
and enable the use of well-known bootloaders such as U-Boot.
OpenSBI is distributed under the terms of the BSD 2-clause license
("Simplified BSD License" or "FreeBSD License", SPDX: BSD-2-Clause). OpenSBI
source code also contains code reused from other projects described here:
https://github.com/riscv/opensbi/blob/master/ThirdPartyNotices.md.
- npcm{7xx,8xx}_bootrom.bin is a simplified, free (Apache 2.0) boot ROM for
Nuvoton NPCM7xx/8xx BMC devices. It currently implements the bare minimum to
load, parse, initialize and run boot images stored in SPI flash, but may grow
more features over time as needed. The source code is available at:
https://github.com/google/vbootrom
- hppa-firmware.img (32-bit) and hppa-firmware64.img (64-bit) are firmware
files for the HP-PARISC (hppa) architecture.
They are built form the SeaBIOS-hppa sources, which is a fork of SeaBIOS
adapted for hppa.
SeaBIOS-hppa is available at https://github.com/hdeller/seabios-hppa