From nobody Fri Apr 4 03:40:08 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=intel.com ARC-Seal: i=1; a=rsa-sha256; t=1740636396; cv=none; d=zohomail.com; s=zohoarc; b=jC4TI0som7jwFZr3sz68v3b7mGmFHxl5PkiZnbQd+ljneUAmGqkThaeLKATih91ttTxvsOjVv42fQx2suHoc6zZHDdhKjYVL0wMu0GfmgcTgYUES63itXQTj9GaWC0yCLZzvtudrhUJ4sP9e1IF/GqxiMOIxnPBrhIHZhb9G3Fo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1740636396; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=o3dicuqSmJp1+m40g3/iw0GAitNwzXXqCI3IjtWoP/g=; b=CSRBW9+HuCnjv4MoUMww+Y8Trpa9mfCftWqdlaq36Yorn5rxD/c0ddqgKd69Bqeczy1oUGI0wS2qZphN+vP8+L57udi0lxuBesq704azMQazwVWTczlvIgqly7FzzIP20iFjlNpCJyOp/xQiCo/wOpOLAsYxlIjZ66Z7Mc+tffk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=@intel.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1740636396763502.0125874244645; Wed, 26 Feb 2025 22:06:36 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tnX1p-00036b-IR; Thu, 27 Feb 2025 01:05:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tnX1n-00036G-Ek for qemu-devel@nongnu.org; Thu, 27 Feb 2025 01:05:47 -0500 Received: from mgamail.intel.com ([192.198.163.9]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tnX1l-0001rg-Da for qemu-devel@nongnu.org; Thu, 27 Feb 2025 01:05:47 -0500 Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmvoesa103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2025 22:05:44 -0800 Received: from liuzhao-optiplex-7080.sh.intel.com ([10.239.160.39]) by orviesa004.jf.intel.com with ESMTP; 26 Feb 2025 22:05:41 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1740636345; x=1772172345; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EVIsxSSZriTw2kvygEI0oP9xW0eaFvK4V4qMxUUiO5I=; b=a9bsiASfqdMg8mLfsadDrOLDBDraXdyFse9ZNTNmXr3Q/bqsstepnQW0 kIC5DNHSkLWumpSlkfh0xzpI6+4ogzqWVFaUIDG2P5SqNZFYefJTr51yD KOc7ha4u/FW6J94ZXFcL5dUZdX39RnIgWK+DZhLwWm2LwZf/df3I5pLxd HrYC/9pios7hWXkqfVqPtGb7sKQLlwhbaIIgtAexvWJPGBIwMByGL/i1j IIYVYJccMZKxUq/VtJ3povs3XZnIU0vPMIlheFz+7lbJyO1tf3lVL0bF8 mdQDCRhMrME+bzmhEY+d3I0xgUVy33dVJw8dh2mc6eKxIV7zJulg9DDJL g==; X-CSE-ConnectionGUID: wNexKweqRxWDgbAwOafuNg== X-CSE-MsgGUID: tlgRV1byTy2ixqI3VjgzDA== X-IronPort-AV: E=McAfee;i="6700,10204,11357"; a="52148188" X-IronPort-AV: E=Sophos;i="6.13,319,1732608000"; d="scan'208";a="52148188" X-CSE-ConnectionGUID: YsGzfQyyQY+8+GxibU1LLg== X-CSE-MsgGUID: S/1P4d4oQ26HXDRZsN+3cw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,319,1732608000"; d="scan'208";a="121938294" From: Zhao Liu To: Paolo Bonzini , Igor Mammedov , =?UTF-8?q?Daniel=20P=20=2E=20Berrang=C3=A9?= , Chuang Xu , Xiaoyao Li , Isaku Yamahata , Babu Moger Cc: qemu-devel@nongnu.org, Zhao Liu , Qian Wen Subject: [PATCH 3/4] i386/cpu: Fix overflow of cache topology fields in CPUID.04H Date: Thu, 27 Feb 2025 14:25:22 +0800 Message-Id: <20250227062523.124601-4-zhao1.liu@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250227062523.124601-1-zhao1.liu@intel.com> References: <20250227062523.124601-1-zhao1.liu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=192.198.163.9; envelope-from=zhao1.liu@intel.com; helo=mgamail.intel.com X-Spam_score_int: -47 X-Spam_score: -4.8 X-Spam_bar: ---- X-Spam_report: (-4.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.44, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @intel.com) X-ZM-MESSAGEID: 1740636398764019100 Content-Type: text/plain; charset="utf-8" From: Qian Wen According to SDM, CPUID.0x4:EAX[31:26] indicates the Maximum number of addressable IDs for processor cores in the physical package. If we launch over 64 cores VM, the 6-bit field will overflow, and the wrong core_id number will be reported. Since the HW reports 0x3f when the intel processor has over 64 cores, limit the max value written to EAX[31:26] to 63, so max num_cores should be 64. For EAX[14:25], though at present Q35 supports up to 4096 CPUs, to prevent potential overflow issues from further increasing the number of CPUs in the future, check and honor the maximum value for EAX[14:25] as well. In addition, for host-cache-info case, also apply the same checks and fixes. Signed-off-by: Qian Wen Signed-off-by: Zhao Liu Reviewed-by: Xiaoyao Li --- Changes since original v4 [*]: * Rebase on addressable ID fixup. * Drop R/b tags since the code base changes. * Teak bits 25-14 as well and add the comment. * Fix overflow for host-cache-info case. [*]: original v4: https://lore.kernel.org/qemu-devel/20230829042405.932523-= 3-qian.wen@intel.com/ --- target/i386/cpu.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index ae6c8bfd8b5e..d75175b0850a 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -280,11 +280,17 @@ static void encode_cache_cpuid4(CPUCacheInfo *cache, assert(cache->size =3D=3D cache->line_size * cache->associativity * cache->partitions * cache->sets); =20 + /* + * The following fields have bit-width limitations, so consider the + * maximum values to avoid overflow: + * Bits 25-14: maximum 4095. + * Bits 31-26: maximum 63. + */ *eax =3D CACHE_TYPE(cache->type) | CACHE_LEVEL(cache->level) | (cache->self_init ? CACHE_SELF_INIT_LEVEL : 0) | - (max_core_ids_in_package(topo_info) << 26) | - (max_thread_ids_for_cache(topo_info, cache->share_level) << 14); + (MIN(max_core_ids_in_package(topo_info), 63) << 26) | + (MIN(max_thread_ids_for_cache(topo_info, cache->share_level), 4= 095) << 14); =20 assert(cache->line_size > 0); assert(cache->partitions > 0); @@ -6743,13 +6749,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index= , uint32_t count, int host_vcpus_per_cache =3D 1 + ((*eax & 0x3FFC000) >> 14= ); =20 *eax &=3D ~0xFC000000; - *eax |=3D max_core_ids_in_package(topo_info) << 26; + *eax |=3D MIN(max_core_ids_in_package(topo_info), 63) << 2= 6; if (host_vcpus_per_cache > threads_per_pkg) { *eax &=3D ~0x3FFC000; =20 /* Share the cache at package level. */ - *eax |=3D max_thread_ids_for_cache(topo_info, - CPU_TOPOLOGY_LEVEL_SOCKET) << 14; + *eax |=3D MIN(max_thread_ids_for_cache(topo_info, + CPU_TOPOLOGY_LEVEL_SOCKET), 4095) << 14; } } } else if (cpu->vendor_cpuid_only && IS_AMD_CPU(env)) { --=20 2.34.1