"Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

"Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Hans van Kranenburg-2
I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
BIOS update on them:

https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3

Version: 2018.05.21(2 Jul 2018)

The release notes contain a whole story about "This revision of the
System ROM includes the latest revision of the Intel microcode which, in
combination with operating system and hypervisor updates, provides
mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."

In the BIOS cpu settings, hyperthreading is disabled. This server
contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz

From xen info: (4.11, built from stable-4.11 commit 733450b39b)

-# xen info
host                   : rho
release                : 4.17.0-0.bpo.3-amd64
version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
machine                : x86_64
nr_cpus                : 12
max_cpu_id             : 31
nr_nodes               : 2
cores_per_socket       : 6
threads_per_core       : 1

Still, xl dmesg shows me:

(XEN) ***************************************************
(XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
(XEN) enabled.  Please assess your configuration and choose an
(XEN) explicit 'smt=<bool>' setting.  See XSA-273.
(XEN) ***************************************************

What's wrong here?

Hans

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Hans van Kranenburg-2
On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:

> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
> BIOS update on them:
>
> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>
> Version: 2018.05.21(2 Jul 2018)
>
> The release notes contain a whole story about "This revision of the
> System ROM includes the latest revision of the Intel microcode which, in
> combination with operating system and hypervisor updates, provides
> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>
> In the BIOS cpu settings, hyperthreading is disabled. This server
> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>
> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>
> -# xen info
> host                   : rho
> release                : 4.17.0-0.bpo.3-amd64
> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
> machine                : x86_64
> nr_cpus                : 12
> max_cpu_id             : 31
> nr_nodes               : 2
> cores_per_socket       : 6
> threads_per_core       : 1
>
> Still, xl dmesg shows me:
>
> (XEN) ***************************************************
> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
> (XEN) enabled.  Please assess your configuration and choose an
> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
> (XEN) ***************************************************
>
> What's wrong here?

Additionally:

-# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 44
model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
stepping : 2
microcode : 0x1f
cpu MHz : 3066.788
cache size : 12288 KB
physical id : 0
siblings : 4
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
bogomips : 6133.57
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:

(identical for all cpus listed)

Thanks,
Hans

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Adi Kriegisch
In reply to this post by Hans van Kranenburg-2
Hi!

> Still, xl dmesg shows me:
>
> (XEN) ***************************************************
> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
> (XEN) enabled.  Please assess your configuration and choose an
> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
> (XEN) ***************************************************
>
> What's wrong here?
As stated in XSA-273[1] you need to decide whether you want to leave
hyperthreading enabled or not. This decision should be based on the
evaluation of the risk (quote of XSA-273):
  | RISK ASSESSMENT OF SMT/HYPER-THREADING
  | ======================================
  |
  | 1) If hyper-threading is unavailable, or already disabled in the BIOS, no
  |    further action is necessary.
  |
  | 2) If you are using exclusively PV or HVM Shadow guests, hyper-threading has
  |    no impact on security, and is safe to remain enabled.
  |
  | 3) If an HVM guest kernel is trusted (i.e. under host admin control), and has
  |    been updated to include the OS vendor mitigations, then it is probably safe
  |    to be scheduled with hyper-threading active.
  |
  | 4) If an HVM guest kernel is untrusted (i.e. not under host admin control), it
  |    is probably not safe to be scheduled with hyper-threading active.

The hypervisor requires you to make an informed decision... :-)

-- Adi

[1] https://xenbits.xen.org/xsa/advisory-273.html


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Juergen Gross-3
On 31/08/18 10:40, Adi Kriegisch wrote:

> Hi!
>
>> Still, xl dmesg shows me:
>>
>> (XEN) ***************************************************
>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>> (XEN) enabled.  Please assess your configuration and choose an
>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>> (XEN) ***************************************************
>>
>> What's wrong here?
> As stated in XSA-273[1] you need to decide whether you want to leave
> hyperthreading enabled or not. This decision should be based on the
> evaluation of the risk (quote of XSA-273):

I think his point was that he disabled hyperthreading in the BIOS. And
the data he posted supported that claim.


Juergen

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Hans van Kranenburg-2
Hey, :)

On 08/31/2018 11:16 AM, Juergen Gross wrote:

> On 31/08/18 10:40, Adi Kriegisch wrote:
>> Hi!
>>
>>> Still, xl dmesg shows me:
>>>
>>> (XEN) ***************************************************
>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>> (XEN) enabled.  Please assess your configuration and choose an
>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>> (XEN) ***************************************************
>>>
>>> What's wrong here?
>> As stated in XSA-273[1] you need to decide whether you want to leave
>> hyperthreading enabled or not. This decision should be based on the
>> evaluation of the risk (quote of XSA-273):
>
> I think his point was that he disabled hyperthreading in the BIOS. And
> the data he posted supported that claim.

Exactly.

I got an updated Xen, an updated Linux kernel and installed latest BIOS,
and disabled hyperthreading.

If I'm "just a regular user", the resulting message from Xen that I get
as a result is confusing indeed.

Hans


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Hans van Kranenburg-2
In reply to this post by Hans van Kranenburg-2
On 08/31/2018 02:12 AM, Hans van Kranenburg wrote:

> On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:
>> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
>> BIOS update on them:
>>
>> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>>
>> Version: 2018.05.21(2 Jul 2018)
>>
>> The release notes contain a whole story about "This revision of the
>> System ROM includes the latest revision of the Intel microcode which, in
>> combination with operating system and hypervisor updates, provides
>> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
>> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>>
>> In the BIOS cpu settings, hyperthreading is disabled. This server
>> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>
>> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>>
>> -# xen info
>> host                   : rho
>> release                : 4.17.0-0.bpo.3-amd64
>> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
>> machine                : x86_64
>> nr_cpus                : 12
>> max_cpu_id             : 31
>> nr_nodes               : 2
>> cores_per_socket       : 6
>> threads_per_core       : 1

From server startup serial console:

---- >8 ----
                            108 GB Installed



ProLiant System BIOS - P68 (05/21/2018)

Copyright 1982, 2018 Hewlett-Packard Development Company, L.P.




2 Processor(s) detected, 12 total cores enabled, Hyperthreading is disabled
Proc 1: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
Proc 2: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
QPI Speed: 6.4 GT/s
HP Power Profile Mode: Custom
Power Regulator Mode: Static High Performance

Advanced Memory Protection Mode: Advanced ECC Support
Redundant ROM Detected - This system contains a valid backup system ROM.
Inlet Ambient Temperature: 20C/68F

---- >8 ----

"Hyperthreading is disabled"

>> Still, xl dmesg shows me:
>>
>> (XEN) ***************************************************
>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>> (XEN) enabled.  Please assess your configuration and choose an
>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>> (XEN) ***************************************************
>>
>> What's wrong here?
>
> Additionally:

So, interestingly, this information (from dom0) lists ht again in flags:

> -# cat /proc/cpuinfo
> processor : 0
> vendor_id : GenuineIntel
> cpu family : 6
> model : 44
> model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
> stepping : 2
> microcode : 0x1f
> cpu MHz : 3066.788
> cache size : 12288 KB
> physical id : 0
> siblings : 4
> core id : 0
> cpu cores : 1
> apicid : 0
> initial apicid : 0
> fpu : yes
> fpu_exception : yes
> cpuid level : 11
> wp : yes
> flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
> mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
> nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
> popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
> bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
> bogomips : 6133.57
> clflush size : 64
> cache_alignment : 64
> address sizes : 40 bits physical, 48 bits virtual
> power management:
>
> (identical for all cpus listed)

Another view on the thing, from dmidecode:

Handle 0x0400, DMI type 4, 42 bytes
Processor Information
        Socket Designation: Proc 1
        Type: Central Processor
        Family: Xeon
        Manufacturer: Intel
        ID: C2 06 02 00 FF FB EB BF
        Signature: Type 0, Family 6, Model 44, Stepping 2
        Flags:
                FPU (Floating-point unit on-chip)
                VME (Virtual mode extension)
                DE (Debugging extension)
                PSE (Page size extension)
                TSC (Time stamp counter)
                MSR (Model specific registers)
                PAE (Physical address extension)
                MCE (Machine check exception)
                CX8 (CMPXCHG8 instruction supported)
                APIC (On-chip APIC hardware supported)
                SEP (Fast system call)
                MTRR (Memory type range registers)
                PGE (Page global enable)
                MCA (Machine check architecture)
                CMOV (Conditional move instruction supported)
                PAT (Page attribute table)
                PSE-36 (36-bit page size extension)
                CLFSH (CLFLUSH instruction supported)
                DS (Debug store)
                ACPI (ACPI supported)
                MMX (MMX technology supported)
                FXSR (FXSAVE and FXSTOR instructions supported)
                SSE (Streaming SIMD extensions)
                SSE2 (Streaming SIMD extensions 2)
                SS (Self-snoop)
                HTT (Multi-threading)
                TM (Thermal monitor supported)
                PBE (Pending break enabled)
        Version: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
        Voltage: 1.4 V
        External Clock: 133 MHz
        Max Speed: 4800 MHz
        Current Speed: 3067 MHz
        Status: Populated, Enabled
        Upgrade: Socket LGA1366
        L1 Cache Handle: 0x0710
        L2 Cache Handle: 0x0720
        L3 Cache Handle: 0x0730
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Part Number: Not Specified
        Core Count: 6
        Core Enabled: 6
        Thread Count: 12
        Characteristics:
                64-bit capable

This also lists hyperthreading and 6 cores with 12 threads per physical
cpu...

The code which decides about printing the message or not does:

if ( opt_smt == -1 && cpu_has_bug_l1tf && !pv_shim &&
     boot_cpu_data.x86_num_siblings > 1 )
    warning_add(
        "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading\n"
        "enabled.  Please assess your configuration and choose an\n"
        "explicit 'smt=<bool>' setting.  See XSA-273.\n");

(from commit 2a47c75509, author in Cc)

Apparently in here, boot_cpu_data.x86_num_siblings > 1 still matches
when hyperthreading is actually disabled in bios configuration?

Is there a better way to detect configuration (enabled/disabled) vs.
just the fact that the hardware has the feature and could enable it?
Something like the same source as where xl info gets the
threads_per_core from, which does show up as 1?

Thanks,
Hans

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Andrew Cooper
On 02/09/18 21:22, Hans van Kranenburg wrote:

> On 08/31/2018 02:12 AM, Hans van Kranenburg wrote:
>> On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:
>>> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
>>> BIOS update on them:
>>>
>>> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>>>
>>> Version: 2018.05.21(2 Jul 2018)
>>>
>>> The release notes contain a whole story about "This revision of the
>>> System ROM includes the latest revision of the Intel microcode which, in
>>> combination with operating system and hypervisor updates, provides
>>> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
>>> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>>>
>>> In the BIOS cpu settings, hyperthreading is disabled. This server
>>> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>
>>> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>>>
>>> -# xen info
>>> host                   : rho
>>> release                : 4.17.0-0.bpo.3-amd64
>>> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
>>> machine                : x86_64
>>> nr_cpus                : 12
>>> max_cpu_id             : 31
>>> nr_nodes               : 2
>>> cores_per_socket       : 6
>>> threads_per_core       : 1
> From server startup serial console:
>
> ---- >8 ----
>                             108 GB Installed
>
>
>
> ProLiant System BIOS - P68 (05/21/2018)
>
> Copyright 1982, 2018 Hewlett-Packard Development Company, L.P.
>
>
>
>
> 2 Processor(s) detected, 12 total cores enabled, Hyperthreading is disabled
> Proc 1: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
> Proc 2: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
> QPI Speed: 6.4 GT/s
> HP Power Profile Mode: Custom
> Power Regulator Mode: Static High Performance
>
> Advanced Memory Protection Mode: Advanced ECC Support
> Redundant ROM Detected - This system contains a valid backup system ROM.
> Inlet Ambient Temperature: 20C/68F
>
> ---- >8 ----
>
> "Hyperthreading is disabled"
>
>>> Still, xl dmesg shows me:
>>>
>>> (XEN) ***************************************************
>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>> (XEN) enabled.  Please assess your configuration and choose an
>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>> (XEN) ***************************************************
>>>
>>> What's wrong here?
>> Additionally:
> So, interestingly, this information (from dom0) lists ht again in flags:
>
>> -# cat /proc/cpuinfo
>> processor : 0
>> vendor_id : GenuineIntel
>> cpu family : 6
>> model : 44
>> model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
>> stepping : 2
>> microcode : 0x1f
>> cpu MHz : 3066.788
>> cache size : 12288 KB
>> physical id : 0
>> siblings : 4
>> core id : 0
>> cpu cores : 1
>> apicid : 0
>> initial apicid : 0
>> fpu : yes
>> fpu_exception : yes
>> cpuid level : 11
>> wp : yes
>> flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
>> mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
>> nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
>> popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
>> bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
>> bogomips : 6133.57
>> clflush size : 64
>> cache_alignment : 64
>> address sizes : 40 bits physical, 48 bits virtual
>> power management:
>>
>> (identical for all cpus listed)
> Another view on the thing, from dmidecode:
>
> Handle 0x0400, DMI type 4, 42 bytes
> Processor Information
> Socket Designation: Proc 1
> Type: Central Processor
> Family: Xeon
> Manufacturer: Intel
> ID: C2 06 02 00 FF FB EB BF
> Signature: Type 0, Family 6, Model 44, Stepping 2
> Flags:
> FPU (Floating-point unit on-chip)
> VME (Virtual mode extension)
> DE (Debugging extension)
> PSE (Page size extension)
> TSC (Time stamp counter)
> MSR (Model specific registers)
> PAE (Physical address extension)
> MCE (Machine check exception)
> CX8 (CMPXCHG8 instruction supported)
> APIC (On-chip APIC hardware supported)
> SEP (Fast system call)
> MTRR (Memory type range registers)
> PGE (Page global enable)
> MCA (Machine check architecture)
> CMOV (Conditional move instruction supported)
> PAT (Page attribute table)
> PSE-36 (36-bit page size extension)
> CLFSH (CLFLUSH instruction supported)
> DS (Debug store)
> ACPI (ACPI supported)
> MMX (MMX technology supported)
> FXSR (FXSAVE and FXSTOR instructions supported)
> SSE (Streaming SIMD extensions)
> SSE2 (Streaming SIMD extensions 2)
> SS (Self-snoop)
> HTT (Multi-threading)
> TM (Thermal monitor supported)
> PBE (Pending break enabled)
> Version: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
> Voltage: 1.4 V
> External Clock: 133 MHz
> Max Speed: 4800 MHz
> Current Speed: 3067 MHz
> Status: Populated, Enabled
> Upgrade: Socket LGA1366
> L1 Cache Handle: 0x0710
> L2 Cache Handle: 0x0720
> L3 Cache Handle: 0x0730
> Serial Number: Not Specified
> Asset Tag: Not Specified
> Part Number: Not Specified
> Core Count: 6
> Core Enabled: 6
> Thread Count: 12
> Characteristics:
> 64-bit capable
>
> This also lists hyperthreading and 6 cores with 12 threads per physical
> cpu...
>
> The code which decides about printing the message or not does:
>
> if ( opt_smt == -1 && cpu_has_bug_l1tf && !pv_shim &&
>      boot_cpu_data.x86_num_siblings > 1 )
>     warning_add(
>         "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading\n"
>         "enabled.  Please assess your configuration and choose an\n"
>         "explicit 'smt=<bool>' setting.  See XSA-273.\n");
>
> (from commit 2a47c75509, author in Cc)
>
> Apparently in here, boot_cpu_data.x86_num_siblings > 1 still matches
> when hyperthreading is actually disabled in bios configuration?
>
> Is there a better way to detect configuration (enabled/disabled) vs.
> just the fact that the hardware has the feature and could enable it?
> Something like the same source as where xl info gets the
> threads_per_core from, which does show up as 1?

The HT flag in CPUID is of no use in this case.  It is actually
HyperThreadingTechnology which is a bit signalling that other topology
related information in the CPUID leaves has changed from the legacy
enumeration mechanisms.  Most hardware in the last 10 years sets the HTT
bit, even on non-HT capable hardware.

Do you have the full Xen boot log (`xl dmesg` once dom0 has booted) ?

Xen's boot_cpu_data.x86_num_siblings ought to be correct, but I'd agree
in this case it appears to be in direct contradiction to what the
firmware claims.

~Andrew

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Hans van Kranenburg-2
On 09/03/2018 12:14 AM, Andrew Cooper wrote:

> On 02/09/18 21:22, Hans van Kranenburg wrote:
>> On 08/31/2018 02:12 AM, Hans van Kranenburg wrote:
>>> On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:
>>>> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
>>>> BIOS update on them:
>>>>
>>>> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>>>>
>>>> Version: 2018.05.21(2 Jul 2018)
>>>>
>>>> The release notes contain a whole story about "This revision of the
>>>> System ROM includes the latest revision of the Intel microcode which, in
>>>> combination with operating system and hypervisor updates, provides
>>>> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
>>>> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>>>>
>>>> In the BIOS cpu settings, hyperthreading is disabled. This server
>>>> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>
>>>> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>>>>
>>>> -# xen info
>>>> host                   : rho
>>>> release                : 4.17.0-0.bpo.3-amd64
>>>> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
>>>> machine                : x86_64
>>>> nr_cpus                : 12
>>>> max_cpu_id             : 31
>>>> nr_nodes               : 2
>>>> cores_per_socket       : 6
>>>> threads_per_core       : 1
>> From server startup serial console:
>>
>> ---- >8 ----
>>                             108 GB Installed
>>
>>
>>
>> ProLiant System BIOS - P68 (05/21/2018)
>>
>> Copyright 1982, 2018 Hewlett-Packard Development Company, L.P.
>>
>>
>>
>>
>> 2 Processor(s) detected, 12 total cores enabled, Hyperthreading is disabled
>> Proc 1: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>> Proc 2: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>> QPI Speed: 6.4 GT/s
>> HP Power Profile Mode: Custom
>> Power Regulator Mode: Static High Performance
>>
>> Advanced Memory Protection Mode: Advanced ECC Support
>> Redundant ROM Detected - This system contains a valid backup system ROM.
>> Inlet Ambient Temperature: 20C/68F
>>
>> ---- >8 ----
>>
>> "Hyperthreading is disabled"
>>
>>>> Still, xl dmesg shows me:
>>>>
>>>> (XEN) ***************************************************
>>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>>> (XEN) enabled.  Please assess your configuration and choose an
>>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>>> (XEN) ***************************************************
>>>>
>>>> What's wrong here?
>>> Additionally:
>> So, interestingly, this information (from dom0) lists ht again in flags:
>>
>>> -# cat /proc/cpuinfo
>>> processor : 0
>>> vendor_id : GenuineIntel
>>> cpu family : 6
>>> model : 44
>>> model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
>>> stepping : 2
>>> microcode : 0x1f
>>> cpu MHz : 3066.788
>>> cache size : 12288 KB
>>> physical id : 0
>>> siblings : 4
>>> core id : 0
>>> cpu cores : 1
>>> apicid : 0
>>> initial apicid : 0
>>> fpu : yes
>>> fpu_exception : yes
>>> cpuid level : 11
>>> wp : yes
>>> flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
>>> mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
>>> nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
>>> popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
>>> bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
>>> bogomips : 6133.57
>>> clflush size : 64
>>> cache_alignment : 64
>>> address sizes : 40 bits physical, 48 bits virtual
>>> power management:
>>>
>>> (identical for all cpus listed)
>> Another view on the thing, from dmidecode:
>>
>> Handle 0x0400, DMI type 4, 42 bytes
>> Processor Information
>> Socket Designation: Proc 1
>> Type: Central Processor
>> Family: Xeon
>> Manufacturer: Intel
>> ID: C2 06 02 00 FF FB EB BF
>> Signature: Type 0, Family 6, Model 44, Stepping 2
>> Flags:
>> FPU (Floating-point unit on-chip)
>> VME (Virtual mode extension)
>> DE (Debugging extension)
>> PSE (Page size extension)
>> TSC (Time stamp counter)
>> MSR (Model specific registers)
>> PAE (Physical address extension)
>> MCE (Machine check exception)
>> CX8 (CMPXCHG8 instruction supported)
>> APIC (On-chip APIC hardware supported)
>> SEP (Fast system call)
>> MTRR (Memory type range registers)
>> PGE (Page global enable)
>> MCA (Machine check architecture)
>> CMOV (Conditional move instruction supported)
>> PAT (Page attribute table)
>> PSE-36 (36-bit page size extension)
>> CLFSH (CLFLUSH instruction supported)
>> DS (Debug store)
>> ACPI (ACPI supported)
>> MMX (MMX technology supported)
>> FXSR (FXSAVE and FXSTOR instructions supported)
>> SSE (Streaming SIMD extensions)
>> SSE2 (Streaming SIMD extensions 2)
>> SS (Self-snoop)
>> HTT (Multi-threading)
>> TM (Thermal monitor supported)
>> PBE (Pending break enabled)
>> Version: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>> Voltage: 1.4 V
>> External Clock: 133 MHz
>> Max Speed: 4800 MHz
>> Current Speed: 3067 MHz
>> Status: Populated, Enabled
>> Upgrade: Socket LGA1366
>> L1 Cache Handle: 0x0710
>> L2 Cache Handle: 0x0720
>> L3 Cache Handle: 0x0730
>> Serial Number: Not Specified
>> Asset Tag: Not Specified
>> Part Number: Not Specified
>> Core Count: 6
>> Core Enabled: 6
>> Thread Count: 12
>> Characteristics:
>> 64-bit capable
>>
>> This also lists hyperthreading and 6 cores with 12 threads per physical
>> cpu...
>>
>> The code which decides about printing the message or not does:
>>
>> if ( opt_smt == -1 && cpu_has_bug_l1tf && !pv_shim &&
>>      boot_cpu_data.x86_num_siblings > 1 )
>>     warning_add(
>>         "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading\n"
>>         "enabled.  Please assess your configuration and choose an\n"
>>         "explicit 'smt=<bool>' setting.  See XSA-273.\n");
>>
>> (from commit 2a47c75509, author in Cc)
>>
>> Apparently in here, boot_cpu_data.x86_num_siblings > 1 still matches
>> when hyperthreading is actually disabled in bios configuration?
>>
>> Is there a better way to detect configuration (enabled/disabled) vs.
>> just the fact that the hardware has the feature and could enable it?
>> Something like the same source as where xl info gets the
>> threads_per_core from, which does show up as 1?
>
> The HT flag in CPUID is of no use in this case.  It is actually
> HyperThreadingTechnology which is a bit signalling that other topology
> related information in the CPUID leaves has changed from the legacy
> enumeration mechanisms.  Most hardware in the last 10 years sets the HTT
> bit, even on non-HT capable hardware.
>
> Do you have the full Xen boot log (`xl dmesg` once dom0 has booted) ?
>
> Xen's boot_cpu_data.x86_num_siblings ought to be correct, but I'd agree
> in this case it appears to be in direct contradiction to what the
> firmware claims.

(XEN) parameter "placeholder" unknown!
(XEN) Xen version 4.11.1-pre (Debian
4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
(XEN) Bootloader: GRUB 2.02~beta3-5
(XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0
(XEN) Xen image load base address: 0
(XEN) Video information:
(XEN)  VGA is text mode 80x25, font 8x16
(XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
(XEN)  EDID info not retrieved because no DDC retrieval method detected
(XEN) Disc information:
(XEN)  Found 1 MBR signatures
(XEN)  Found 1 EDD information structures
(XEN) Xen-e820 RAM map:
(XEN)  0000000000000000 - 000000000009f400 (usable)
(XEN)  000000000009f400 - 00000000000a0000 (reserved)
(XEN)  00000000000f0000 - 0000000000100000 (reserved)
(XEN)  0000000000100000 - 00000000d762f000 (usable)
(XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
(XEN)  00000000d763c000 - 00000000d763d000 (usable)
(XEN)  00000000d763d000 - 00000000dc000000 (reserved)
(XEN)  00000000fec00000 - 00000000fee10000 (reserved)
(XEN)  00000000ff800000 - 0000000100000000 (reserved)
(XEN)  0000000100000000 - 0000001b27fff000 (usable)
(XEN) New Xen image base address: 0xd7000000
(XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
(XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
(XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
(XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
(XEN) ACPI: FACS D762F100, 0040
(XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
(XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
(XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
(XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
(XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
(XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
(XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
(XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
(XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
(XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
(XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
(XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
(XEN) System RAM: 110581MB (113235768kB)
(XEN) Domain heap initialised DMA width 32 bits
(XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
(XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
(XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
(XEN) Failed to get Error Log Address Range.
(XEN) Speculative mitigation facilities:
(XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
(XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
(XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
Other: IBPB L1D_FLUSH
(XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
address 10000000000
(XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
MSR_SPEC_CTRL RSB EAGER_FPU
(XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
(XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Platform timer is 14.318MHz HPET
(XEN) Detected 3066.791 MHz processor.
(XEN) Initing memory sharing.
(XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
#47, #53
(XEN) I/O virtualisation disabled
(XEN) Enabled directed EOI with ioapic_ack_old on!
(XEN) ENABLING IO-APIC IRQs
(XEN)  -> Using old ACK method
(XEN) Allocated console ring of 32 KiB.
(XEN) VMX: Supported advanced features:
(XEN)  - APIC MMIO access virtualisation
(XEN)  - APIC TPR shadow
(XEN)  - Extended Page Tables (EPT)
(XEN)  - Virtual-Processor Identifiers (VPID)
(XEN)  - Virtual NMI
(XEN)  - MSR direct-access bitmap
(XEN)  - Unrestricted Guest
(XEN) HVM: ASIDs enabled.
(XEN) HVM: VMX enabled
(XEN) HVM: Hardware Assisted Paging (HAP) detected
(XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
(XEN) Brought up 12 CPUs
(XEN) Dom0 has maximum 816 PIRQs
(XEN)  Xen  kernel: 64-bit, lsb, compat32
(XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
(XEN) PHYSICAL MEMORY ARRANGEMENT:
(XEN)  Dom0 alloc.:   0000001adc000000->0000001ae0000000 (1025804 pages
to be allocated)
(XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
(XEN) VIRTUAL MEMORY ARRANGEMENT:
(XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
(XEN)  Init. ramdisk: 0000000000000000->0000000000000000
(XEN)  Phys-Mach map: 0000008000000000->0000008000800000
(XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
(XEN)  Xenstore ring: 0000000000000000->0000000000000000
(XEN)  Console ring:  0000000000000000->0000000000000000
(XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
(XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
(XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
(XEN)  ENTRY ADDRESS: ffffffff82433180
(XEN) Dom0 has maximum 4 VCPUs
(XEN) Initial low memory virq threshold set at 0x4000 pages.
(XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
(XEN)
.........................................................................done.
(XEN) Std. Loglevel: Errors and warnings
(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
(XEN) ***************************************************
(XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
(XEN) enabled.  Please assess your configuration and choose an
(XEN) explicit 'smt=<bool>' setting.  See XSA-273.
(XEN) ***************************************************
(XEN) 3... 2... 1...
(XEN) Xen is relinquishing VGA console.
(XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
input to Xen)
(XEN) Freed 476kB init memory

I can reboot with another loglevel if needed.

Hans

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Andrew Cooper
On 02/09/18 23:27, Hans van Kranenburg wrote:

> On 09/03/2018 12:14 AM, Andrew Cooper wrote:
>> On 02/09/18 21:22, Hans van Kranenburg wrote:
>>> On 08/31/2018 02:12 AM, Hans van Kranenburg wrote:
>>>> On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:
>>>>> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
>>>>> BIOS update on them:
>>>>>
>>>>> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>>>>>
>>>>> Version: 2018.05.21(2 Jul 2018)
>>>>>
>>>>> The release notes contain a whole story about "This revision of the
>>>>> System ROM includes the latest revision of the Intel microcode which, in
>>>>> combination with operating system and hypervisor updates, provides
>>>>> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
>>>>> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>>>>>
>>>>> In the BIOS cpu settings, hyperthreading is disabled. This server
>>>>> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>>
>>>>> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>>>>>
>>>>> -# xen info
>>>>> host                   : rho
>>>>> release                : 4.17.0-0.bpo.3-amd64
>>>>> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
>>>>> machine                : x86_64
>>>>> nr_cpus                : 12
>>>>> max_cpu_id             : 31
>>>>> nr_nodes               : 2
>>>>> cores_per_socket       : 6
>>>>> threads_per_core       : 1
>>> From server startup serial console:
>>>
>>> ---- >8 ----
>>>                             108 GB Installed
>>>
>>>
>>>
>>> ProLiant System BIOS - P68 (05/21/2018)
>>>
>>> Copyright 1982, 2018 Hewlett-Packard Development Company, L.P.
>>>
>>>
>>>
>>>
>>> 2 Processor(s) detected, 12 total cores enabled, Hyperthreading is disabled
>>> Proc 1: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>> Proc 2: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>> QPI Speed: 6.4 GT/s
>>> HP Power Profile Mode: Custom
>>> Power Regulator Mode: Static High Performance
>>>
>>> Advanced Memory Protection Mode: Advanced ECC Support
>>> Redundant ROM Detected - This system contains a valid backup system ROM.
>>> Inlet Ambient Temperature: 20C/68F
>>>
>>> ---- >8 ----
>>>
>>> "Hyperthreading is disabled"
>>>
>>>>> Still, xl dmesg shows me:
>>>>>
>>>>> (XEN) ***************************************************
>>>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>>>> (XEN) enabled.  Please assess your configuration and choose an
>>>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>>>> (XEN) ***************************************************
>>>>>
>>>>> What's wrong here?
>>>> Additionally:
>>> So, interestingly, this information (from dom0) lists ht again in flags:
>>>
>>>> -# cat /proc/cpuinfo
>>>> processor : 0
>>>> vendor_id : GenuineIntel
>>>> cpu family : 6
>>>> model : 44
>>>> model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
>>>> stepping : 2
>>>> microcode : 0x1f
>>>> cpu MHz : 3066.788
>>>> cache size : 12288 KB
>>>> physical id : 0
>>>> siblings : 4
>>>> core id : 0
>>>> cpu cores : 1
>>>> apicid : 0
>>>> initial apicid : 0
>>>> fpu : yes
>>>> fpu_exception : yes
>>>> cpuid level : 11
>>>> wp : yes
>>>> flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
>>>> mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
>>>> nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
>>>> popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
>>>> bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
>>>> bogomips : 6133.57
>>>> clflush size : 64
>>>> cache_alignment : 64
>>>> address sizes : 40 bits physical, 48 bits virtual
>>>> power management:
>>>>
>>>> (identical for all cpus listed)
>>> Another view on the thing, from dmidecode:
>>>
>>> Handle 0x0400, DMI type 4, 42 bytes
>>> Processor Information
>>> Socket Designation: Proc 1
>>> Type: Central Processor
>>> Family: Xeon
>>> Manufacturer: Intel
>>> ID: C2 06 02 00 FF FB EB BF
>>> Signature: Type 0, Family 6, Model 44, Stepping 2
>>> Flags:
>>> FPU (Floating-point unit on-chip)
>>> VME (Virtual mode extension)
>>> DE (Debugging extension)
>>> PSE (Page size extension)
>>> TSC (Time stamp counter)
>>> MSR (Model specific registers)
>>> PAE (Physical address extension)
>>> MCE (Machine check exception)
>>> CX8 (CMPXCHG8 instruction supported)
>>> APIC (On-chip APIC hardware supported)
>>> SEP (Fast system call)
>>> MTRR (Memory type range registers)
>>> PGE (Page global enable)
>>> MCA (Machine check architecture)
>>> CMOV (Conditional move instruction supported)
>>> PAT (Page attribute table)
>>> PSE-36 (36-bit page size extension)
>>> CLFSH (CLFLUSH instruction supported)
>>> DS (Debug store)
>>> ACPI (ACPI supported)
>>> MMX (MMX technology supported)
>>> FXSR (FXSAVE and FXSTOR instructions supported)
>>> SSE (Streaming SIMD extensions)
>>> SSE2 (Streaming SIMD extensions 2)
>>> SS (Self-snoop)
>>> HTT (Multi-threading)
>>> TM (Thermal monitor supported)
>>> PBE (Pending break enabled)
>>> Version: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>> Voltage: 1.4 V
>>> External Clock: 133 MHz
>>> Max Speed: 4800 MHz
>>> Current Speed: 3067 MHz
>>> Status: Populated, Enabled
>>> Upgrade: Socket LGA1366
>>> L1 Cache Handle: 0x0710
>>> L2 Cache Handle: 0x0720
>>> L3 Cache Handle: 0x0730
>>> Serial Number: Not Specified
>>> Asset Tag: Not Specified
>>> Part Number: Not Specified
>>> Core Count: 6
>>> Core Enabled: 6
>>> Thread Count: 12
>>> Characteristics:
>>> 64-bit capable
>>>
>>> This also lists hyperthreading and 6 cores with 12 threads per physical
>>> cpu...
>>>
>>> The code which decides about printing the message or not does:
>>>
>>> if ( opt_smt == -1 && cpu_has_bug_l1tf && !pv_shim &&
>>>      boot_cpu_data.x86_num_siblings > 1 )
>>>     warning_add(
>>>         "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading\n"
>>>         "enabled.  Please assess your configuration and choose an\n"
>>>         "explicit 'smt=<bool>' setting.  See XSA-273.\n");
>>>
>>> (from commit 2a47c75509, author in Cc)
>>>
>>> Apparently in here, boot_cpu_data.x86_num_siblings > 1 still matches
>>> when hyperthreading is actually disabled in bios configuration?
>>>
>>> Is there a better way to detect configuration (enabled/disabled) vs.
>>> just the fact that the hardware has the feature and could enable it?
>>> Something like the same source as where xl info gets the
>>> threads_per_core from, which does show up as 1?
>> The HT flag in CPUID is of no use in this case.  It is actually
>> HyperThreadingTechnology which is a bit signalling that other topology
>> related information in the CPUID leaves has changed from the legacy
>> enumeration mechanisms.  Most hardware in the last 10 years sets the HTT
>> bit, even on non-HT capable hardware.
>>
>> Do you have the full Xen boot log (`xl dmesg` once dom0 has booted) ?
>>
>> Xen's boot_cpu_data.x86_num_siblings ought to be correct, but I'd agree
>> in this case it appears to be in direct contradiction to what the
>> firmware claims.
> (XEN) parameter "placeholder" unknown!
> (XEN) Xen version 4.11.1-pre (Debian
> 4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
> 6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
> (XEN) Bootloader: GRUB 2.02~beta3-5
> (XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
> com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0
> (XEN) Xen image load base address: 0
> (XEN) Video information:
> (XEN)  VGA is text mode 80x25, font 8x16
> (XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
> (XEN)  EDID info not retrieved because no DDC retrieval method detected
> (XEN) Disc information:
> (XEN)  Found 1 MBR signatures
> (XEN)  Found 1 EDD information structures
> (XEN) Xen-e820 RAM map:
> (XEN)  0000000000000000 - 000000000009f400 (usable)
> (XEN)  000000000009f400 - 00000000000a0000 (reserved)
> (XEN)  00000000000f0000 - 0000000000100000 (reserved)
> (XEN)  0000000000100000 - 00000000d762f000 (usable)
> (XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
> (XEN)  00000000d763c000 - 00000000d763d000 (usable)
> (XEN)  00000000d763d000 - 00000000dc000000 (reserved)
> (XEN)  00000000fec00000 - 00000000fee10000 (reserved)
> (XEN)  00000000ff800000 - 0000000100000000 (reserved)
> (XEN)  0000000100000000 - 0000001b27fff000 (usable)
> (XEN) New Xen image base address: 0xd7000000
> (XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
> (XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
> (XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
> (XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
> (XEN) ACPI: FACS D762F100, 0040
> (XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
> (XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
> (XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
> (XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
> (XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
> (XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
> (XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
> (XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
> (XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
> (XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
> (XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
> (XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
> (XEN) System RAM: 110581MB (113235768kB)
> (XEN) Domain heap initialised DMA width 32 bits
> (XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
> (XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
> (XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
> (XEN) Failed to get Error Log Address Range.
> (XEN) Speculative mitigation facilities:
> (XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
> (XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
> (XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
> Other: IBPB L1D_FLUSH
> (XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
> address 10000000000
> (XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
> MSR_SPEC_CTRL RSB EAGER_FPU
> (XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
> (XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
> (XEN) Using scheduler: SMP Credit Scheduler (credit)
> (XEN) Platform timer is 14.318MHz HPET
> (XEN) Detected 3066.791 MHz processor.
> (XEN) Initing memory sharing.
> (XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
> #47, #53
> (XEN) I/O virtualisation disabled
> (XEN) Enabled directed EOI with ioapic_ack_old on!
> (XEN) ENABLING IO-APIC IRQs
> (XEN)  -> Using old ACK method
> (XEN) Allocated console ring of 32 KiB.
> (XEN) VMX: Supported advanced features:
> (XEN)  - APIC MMIO access virtualisation
> (XEN)  - APIC TPR shadow
> (XEN)  - Extended Page Tables (EPT)
> (XEN)  - Virtual-Processor Identifiers (VPID)
> (XEN)  - Virtual NMI
> (XEN)  - MSR direct-access bitmap
> (XEN)  - Unrestricted Guest
> (XEN) HVM: ASIDs enabled.
> (XEN) HVM: VMX enabled
> (XEN) HVM: Hardware Assisted Paging (HAP) detected
> (XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
> (XEN) Brought up 12 CPUs
> (XEN) Dom0 has maximum 816 PIRQs
> (XEN)  Xen  kernel: 64-bit, lsb, compat32
> (XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
> (XEN) PHYSICAL MEMORY ARRANGEMENT:
> (XEN)  Dom0 alloc.:   0000001adc000000->0000001ae0000000 (1025804 pages
> to be allocated)
> (XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
> (XEN) VIRTUAL MEMORY ARRANGEMENT:
> (XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
> (XEN)  Init. ramdisk: 0000000000000000->0000000000000000
> (XEN)  Phys-Mach map: 0000008000000000->0000008000800000
> (XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
> (XEN)  Xenstore ring: 0000000000000000->0000000000000000
> (XEN)  Console ring:  0000000000000000->0000000000000000
> (XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
> (XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
> (XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
> (XEN)  ENTRY ADDRESS: ffffffff82433180
> (XEN) Dom0 has maximum 4 VCPUs
> (XEN) Initial low memory virq threshold set at 0x4000 pages.
> (XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
> (XEN)
> .........................................................................done.
> (XEN) Std. Loglevel: Errors and warnings
> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
> (XEN) ***************************************************
> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
> (XEN) enabled.  Please assess your configuration and choose an
> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
> (XEN) ***************************************************
> (XEN) 3... 2... 1...
> (XEN) Xen is relinquishing VGA console.
> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
> input to Xen)
> (XEN) Freed 476kB init memory
>
> I can reboot with another loglevel if needed.

Can you rerun with "cpuinfo" on the command line, and/or a debug build,
so we can see Xen's interpretation of the MADT ACPI table.

Additionally, if you can boot with "opt_dom0_vcpu_pin" and collect
`cpuid -r` which should pick up the raw processor APIC IDs.

Thanks,

~Andrew

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Hans van Kranenburg-2
On 09/03/2018 12:50 AM, Andrew Cooper wrote:

> On 02/09/18 23:27, Hans van Kranenburg wrote:
>> On 09/03/2018 12:14 AM, Andrew Cooper wrote:
>>> On 02/09/18 21:22, Hans van Kranenburg wrote:
>>>> On 08/31/2018 02:12 AM, Hans van Kranenburg wrote:
>>>>> On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:
>>>>>> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
>>>>>> BIOS update on them:
>>>>>>
>>>>>> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>>>>>>
>>>>>> Version: 2018.05.21(2 Jul 2018)
>>>>>>
>>>>>> The release notes contain a whole story about "This revision of the
>>>>>> System ROM includes the latest revision of the Intel microcode which, in
>>>>>> combination with operating system and hypervisor updates, provides
>>>>>> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
>>>>>> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>>>>>>
>>>>>> In the BIOS cpu settings, hyperthreading is disabled. This server
>>>>>> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>>>
>>>>>> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>>>>>>
>>>>>> -# xen info
>>>>>> host                   : rho
>>>>>> release                : 4.17.0-0.bpo.3-amd64
>>>>>> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
>>>>>> machine                : x86_64
>>>>>> nr_cpus                : 12
>>>>>> max_cpu_id             : 31
>>>>>> nr_nodes               : 2
>>>>>> cores_per_socket       : 6
>>>>>> threads_per_core       : 1
>>>> From server startup serial console:
>>>>
>>>> ---- >8 ----
>>>>                             108 GB Installed
>>>>
>>>>
>>>>
>>>> ProLiant System BIOS - P68 (05/21/2018)
>>>>
>>>> Copyright 1982, 2018 Hewlett-Packard Development Company, L.P.
>>>>
>>>>
>>>>
>>>>
>>>> 2 Processor(s) detected, 12 total cores enabled, Hyperthreading is disabled
>>>> Proc 1: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>> Proc 2: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>> QPI Speed: 6.4 GT/s
>>>> HP Power Profile Mode: Custom
>>>> Power Regulator Mode: Static High Performance
>>>>
>>>> Advanced Memory Protection Mode: Advanced ECC Support
>>>> Redundant ROM Detected - This system contains a valid backup system ROM.
>>>> Inlet Ambient Temperature: 20C/68F
>>>>
>>>> ---- >8 ----
>>>>
>>>> "Hyperthreading is disabled"
>>>>
>>>>>> Still, xl dmesg shows me:
>>>>>>
>>>>>> (XEN) ***************************************************
>>>>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>>>>> (XEN) enabled.  Please assess your configuration and choose an
>>>>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>>>>> (XEN) ***************************************************
>>>>>>
>>>>>> What's wrong here?
>>>>> Additionally:
>>>> So, interestingly, this information (from dom0) lists ht again in flags:
>>>>
>>>>> -# cat /proc/cpuinfo
>>>>> processor : 0
>>>>> vendor_id : GenuineIntel
>>>>> cpu family : 6
>>>>> model : 44
>>>>> model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
>>>>> stepping : 2
>>>>> microcode : 0x1f
>>>>> cpu MHz : 3066.788
>>>>> cache size : 12288 KB
>>>>> physical id : 0
>>>>> siblings : 4
>>>>> core id : 0
>>>>> cpu cores : 1
>>>>> apicid : 0
>>>>> initial apicid : 0
>>>>> fpu : yes
>>>>> fpu_exception : yes
>>>>> cpuid level : 11
>>>>> wp : yes
>>>>> flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
>>>>> mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
>>>>> nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
>>>>> popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
>>>>> bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
>>>>> bogomips : 6133.57
>>>>> clflush size : 64
>>>>> cache_alignment : 64
>>>>> address sizes : 40 bits physical, 48 bits virtual
>>>>> power management:
>>>>>
>>>>> (identical for all cpus listed)
>>>> Another view on the thing, from dmidecode:
>>>>
>>>> Handle 0x0400, DMI type 4, 42 bytes
>>>> Processor Information
>>>> Socket Designation: Proc 1
>>>> Type: Central Processor
>>>> Family: Xeon
>>>> Manufacturer: Intel
>>>> ID: C2 06 02 00 FF FB EB BF
>>>> Signature: Type 0, Family 6, Model 44, Stepping 2
>>>> Flags:
>>>> FPU (Floating-point unit on-chip)
>>>> VME (Virtual mode extension)
>>>> DE (Debugging extension)
>>>> PSE (Page size extension)
>>>> TSC (Time stamp counter)
>>>> MSR (Model specific registers)
>>>> PAE (Physical address extension)
>>>> MCE (Machine check exception)
>>>> CX8 (CMPXCHG8 instruction supported)
>>>> APIC (On-chip APIC hardware supported)
>>>> SEP (Fast system call)
>>>> MTRR (Memory type range registers)
>>>> PGE (Page global enable)
>>>> MCA (Machine check architecture)
>>>> CMOV (Conditional move instruction supported)
>>>> PAT (Page attribute table)
>>>> PSE-36 (36-bit page size extension)
>>>> CLFSH (CLFLUSH instruction supported)
>>>> DS (Debug store)
>>>> ACPI (ACPI supported)
>>>> MMX (MMX technology supported)
>>>> FXSR (FXSAVE and FXSTOR instructions supported)
>>>> SSE (Streaming SIMD extensions)
>>>> SSE2 (Streaming SIMD extensions 2)
>>>> SS (Self-snoop)
>>>> HTT (Multi-threading)
>>>> TM (Thermal monitor supported)
>>>> PBE (Pending break enabled)
>>>> Version: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>> Voltage: 1.4 V
>>>> External Clock: 133 MHz
>>>> Max Speed: 4800 MHz
>>>> Current Speed: 3067 MHz
>>>> Status: Populated, Enabled
>>>> Upgrade: Socket LGA1366
>>>> L1 Cache Handle: 0x0710
>>>> L2 Cache Handle: 0x0720
>>>> L3 Cache Handle: 0x0730
>>>> Serial Number: Not Specified
>>>> Asset Tag: Not Specified
>>>> Part Number: Not Specified
>>>> Core Count: 6
>>>> Core Enabled: 6
>>>> Thread Count: 12
>>>> Characteristics:
>>>> 64-bit capable
>>>>
>>>> This also lists hyperthreading and 6 cores with 12 threads per physical
>>>> cpu...
>>>>
>>>> The code which decides about printing the message or not does:
>>>>
>>>> if ( opt_smt == -1 && cpu_has_bug_l1tf && !pv_shim &&
>>>>      boot_cpu_data.x86_num_siblings > 1 )
>>>>     warning_add(
>>>>         "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading\n"
>>>>         "enabled.  Please assess your configuration and choose an\n"
>>>>         "explicit 'smt=<bool>' setting.  See XSA-273.\n");
>>>>
>>>> (from commit 2a47c75509, author in Cc)
>>>>
>>>> Apparently in here, boot_cpu_data.x86_num_siblings > 1 still matches
>>>> when hyperthreading is actually disabled in bios configuration?
>>>>
>>>> Is there a better way to detect configuration (enabled/disabled) vs.
>>>> just the fact that the hardware has the feature and could enable it?
>>>> Something like the same source as where xl info gets the
>>>> threads_per_core from, which does show up as 1?
>>> The HT flag in CPUID is of no use in this case.  It is actually
>>> HyperThreadingTechnology which is a bit signalling that other topology
>>> related information in the CPUID leaves has changed from the legacy
>>> enumeration mechanisms.  Most hardware in the last 10 years sets the HTT
>>> bit, even on non-HT capable hardware.
>>>
>>> Do you have the full Xen boot log (`xl dmesg` once dom0 has booted) ?
>>>
>>> Xen's boot_cpu_data.x86_num_siblings ought to be correct, but I'd agree
>>> in this case it appears to be in direct contradiction to what the
>>> firmware claims.
>> (XEN) parameter "placeholder" unknown!
>> (XEN) Xen version 4.11.1-pre (Debian
>> 4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
>> 6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
>> (XEN) Bootloader: GRUB 2.02~beta3-5
>> (XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
>> com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0
>> (XEN) Xen image load base address: 0
>> (XEN) Video information:
>> (XEN)  VGA is text mode 80x25, font 8x16
>> (XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
>> (XEN)  EDID info not retrieved because no DDC retrieval method detected
>> (XEN) Disc information:
>> (XEN)  Found 1 MBR signatures
>> (XEN)  Found 1 EDD information structures
>> (XEN) Xen-e820 RAM map:
>> (XEN)  0000000000000000 - 000000000009f400 (usable)
>> (XEN)  000000000009f400 - 00000000000a0000 (reserved)
>> (XEN)  00000000000f0000 - 0000000000100000 (reserved)
>> (XEN)  0000000000100000 - 00000000d762f000 (usable)
>> (XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
>> (XEN)  00000000d763c000 - 00000000d763d000 (usable)
>> (XEN)  00000000d763d000 - 00000000dc000000 (reserved)
>> (XEN)  00000000fec00000 - 00000000fee10000 (reserved)
>> (XEN)  00000000ff800000 - 0000000100000000 (reserved)
>> (XEN)  0000000100000000 - 0000001b27fff000 (usable)
>> (XEN) New Xen image base address: 0xd7000000
>> (XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
>> (XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
>> (XEN) ACPI: FACS D762F100, 0040
>> (XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
>> (XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
>> (XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
>> (XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
>> (XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
>> (XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
>> (XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
>> (XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
>> (XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
>> (XEN) System RAM: 110581MB (113235768kB)
>> (XEN) Domain heap initialised DMA width 32 bits
>> (XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
>> (XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
>> (XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
>> (XEN) Failed to get Error Log Address Range.
>> (XEN) Speculative mitigation facilities:
>> (XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
>> (XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
>> (XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
>> Other: IBPB L1D_FLUSH
>> (XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
>> address 10000000000
>> (XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
>> MSR_SPEC_CTRL RSB EAGER_FPU
>> (XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
>> (XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>> (XEN) Platform timer is 14.318MHz HPET
>> (XEN) Detected 3066.791 MHz processor.
>> (XEN) Initing memory sharing.
>> (XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
>> #47, #53
>> (XEN) I/O virtualisation disabled
>> (XEN) Enabled directed EOI with ioapic_ack_old on!
>> (XEN) ENABLING IO-APIC IRQs
>> (XEN)  -> Using old ACK method
>> (XEN) Allocated console ring of 32 KiB.
>> (XEN) VMX: Supported advanced features:
>> (XEN)  - APIC MMIO access virtualisation
>> (XEN)  - APIC TPR shadow
>> (XEN)  - Extended Page Tables (EPT)
>> (XEN)  - Virtual-Processor Identifiers (VPID)
>> (XEN)  - Virtual NMI
>> (XEN)  - MSR direct-access bitmap
>> (XEN)  - Unrestricted Guest
>> (XEN) HVM: ASIDs enabled.
>> (XEN) HVM: VMX enabled
>> (XEN) HVM: Hardware Assisted Paging (HAP) detected
>> (XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
>> (XEN) Brought up 12 CPUs
>> (XEN) Dom0 has maximum 816 PIRQs
>> (XEN)  Xen  kernel: 64-bit, lsb, compat32
>> (XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>> (XEN)  Dom0 alloc.:   0000001adc000000->0000001ae0000000 (1025804 pages
>> to be allocated)
>> (XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>> (XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
>> (XEN)  Init. ramdisk: 0000000000000000->0000000000000000
>> (XEN)  Phys-Mach map: 0000008000000000->0000008000800000
>> (XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
>> (XEN)  Xenstore ring: 0000000000000000->0000000000000000
>> (XEN)  Console ring:  0000000000000000->0000000000000000
>> (XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
>> (XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
>> (XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
>> (XEN)  ENTRY ADDRESS: ffffffff82433180
>> (XEN) Dom0 has maximum 4 VCPUs
>> (XEN) Initial low memory virq threshold set at 0x4000 pages.
>> (XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
>> (XEN)
>> .........................................................................done.
>> (XEN) Std. Loglevel: Errors and warnings
>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>> (XEN) ***************************************************
>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>> (XEN) enabled.  Please assess your configuration and choose an
>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>> (XEN) ***************************************************
>> (XEN) 3... 2... 1...
>> (XEN) Xen is relinquishing VGA console.
>> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
>> input to Xen)
>> (XEN) Freed 476kB init memory
>>
>> I can reboot with another loglevel if needed.
>
> Can you rerun with "cpuinfo" on the command line, and/or a debug build,
> so we can see Xen's interpretation of the MADT ACPI table.
>
> Additionally, if you can boot with "opt_dom0_vcpu_pin" and collect
> `cpuid -r` which should pick up the raw processor APIC IDs.

Sure. Message is already getting rather long, but I don't know what to
cut away best above.

(XEN) parameter "placeholder" unknown!
(XEN) Xen version 4.11.1-pre (Debian
4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
(XEN) Bootloader: GRUB 2.02~beta3-5
(XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0 cpuinfo
dom0_vcpus_pin
(XEN) Xen image load base address: 0
(XEN) Video information:
(XEN)  VGA is text mode 80x25, font 8x16
(XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
(XEN)  EDID info not retrieved because no DDC retrieval method detected
(XEN) Disc information:
(XEN)  Found 1 MBR signatures
(XEN)  Found 1 EDD information structures
(XEN) Xen-e820 RAM map:
(XEN)  0000000000000000 - 000000000009f400 (usable)
(XEN)  000000000009f400 - 00000000000a0000 (reserved)
(XEN)  00000000000f0000 - 0000000000100000 (reserved)
(XEN)  0000000000100000 - 00000000d762f000 (usable)
(XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
(XEN)  00000000d763c000 - 00000000d763d000 (usable)
(XEN)  00000000d763d000 - 00000000dc000000 (reserved)
(XEN)  00000000fec00000 - 00000000fee10000 (reserved)
(XEN)  00000000ff800000 - 0000000100000000 (reserved)
(XEN)  0000000100000000 - 0000001b27fff000 (usable)
(XEN) New Xen image base address: 0xd7000000
(XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
(XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
(XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
(XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
(XEN) ACPI: FACS D762F100, 0040
(XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
(XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
(XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
(XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
(XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
(XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
(XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
(XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
(XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
(XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
(XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
(XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
(XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
(XEN) System RAM: 110581MB (113235768kB)
(XEN) Domain heap initialised DMA width 32 bits
(XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
(XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
(XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
(XEN) Failed to get Error Log Address Range.
(XEN) CPU: Physical Processor ID: 0
(XEN) CPU: Processor Core ID: 0
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) Speculative mitigation facilities:
(XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
(XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
(XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
Other: IBPB L1D_FLUSH
(XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
address 10000000000
(XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
MSR_SPEC_CTRL RSB EAGER_FPU
(XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
(XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Initializing CPU#0
(XEN) Platform timer is 14.318MHz HPET
(XEN) Detected 3066.790 MHz processor.
(XEN) Initing memory sharing.
(XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
#47, #53
(XEN) I/O virtualisation disabled
(XEN) CPU0: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) Enabled directed EOI with ioapic_ack_old on!
(XEN) ENABLING IO-APIC IRQs
(XEN)  -> Using old ACK method
(XEN) Allocated console ring of 32 KiB.
(XEN) VMX: Supported advanced features:
(XEN)  - APIC MMIO access virtualisation
(XEN)  - APIC TPR shadow
(XEN)  - Extended Page Tables (EPT)
(XEN)  - Virtual-Processor Identifiers (VPID)
(XEN)  - Virtual NMI
(XEN)  - MSR direct-access bitmap
(XEN)  - Unrestricted Guest
(XEN) HVM: ASIDs enabled.
(XEN) HVM: VMX enabled
(XEN) HVM: Hardware Assisted Paging (HAP) detected
(XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
(XEN) CPU 0 APIC 0 -> Node 0
(XEN) CPU 1 APIC 2 -> Node 0
(XEN) Booting processor 1/2 eip 8f000
(XEN) Initializing CPU#1
(XEN) CPU: Physical Processor ID: 0
(XEN) CPU: Processor Core ID: 1
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU1: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 2 APIC 4 -> Node 0
(XEN) Booting processor 2/4 eip 8f000
(XEN) Initializing CPU#2
(XEN) CPU: Physical Processor ID: 0
(XEN) CPU: Processor Core ID: 2
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU2: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 3 APIC 16 -> Node 0
(XEN) Booting processor 3/16 eip 8f000
(XEN) Initializing CPU#3
(XEN) CPU: Physical Processor ID: 0
(XEN) CPU: Processor Core ID: 8
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU3: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 4 APIC 18 -> Node 0
(XEN) Booting processor 4/18 eip 8f000
(XEN) Initializing CPU#4
(XEN) CPU: Physical Processor ID: 0
(XEN) CPU: Processor Core ID: 9
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU4: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 5 APIC 20 -> Node 0
(XEN) Booting processor 5/20 eip 8f000
(XEN) Initializing CPU#5
(XEN) CPU: Physical Processor ID: 0
(XEN) CPU: Processor Core ID: 10
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU5: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 6 APIC 32 -> Node 1
(XEN) Booting processor 6/32 eip 8f000
(XEN) Initializing CPU#6
(XEN) CPU: Physical Processor ID: 1
(XEN) CPU: Processor Core ID: 0
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU6: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 7 APIC 34 -> Node 1
(XEN) Booting processor 7/34 eip 8f000
(XEN) Initializing CPU#7
(XEN) CPU: Physical Processor ID: 1
(XEN) CPU: Processor Core ID: 1
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU7: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 8 APIC 36 -> Node 1
(XEN) Booting processor 8/36 eip 8f000
(XEN) Initializing CPU#8
(XEN) CPU: Physical Processor ID: 1
(XEN) CPU: Processor Core ID: 2
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU8: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 9 APIC 48 -> Node 1
(XEN) Booting processor 9/48 eip 8f000
(XEN) Initializing CPU#9
(XEN) CPU: Physical Processor ID: 1
(XEN) CPU: Processor Core ID: 8
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU9: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 10 APIC 50 -> Node 1
(XEN) Booting processor 10/50 eip 8f000
(XEN) Initializing CPU#10
(XEN) CPU: Physical Processor ID: 1
(XEN) CPU: Processor Core ID: 9
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU10: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) CPU 11 APIC 52 -> Node 1
(XEN) Booting processor 11/52 eip 8f000
(XEN) Initializing CPU#11
(XEN) CPU: Physical Processor ID: 1
(XEN) CPU: Processor Core ID: 10
(XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
(XEN) CPU: L2 cache: 256K
(XEN) CPU: L3 cache: 12288K
(XEN) CPU11: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
(XEN) Brought up 12 CPUs
(XEN) Dom0 has maximum 816 PIRQs
(XEN)  Xen  kernel: 64-bit, lsb, compat32
(XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
(XEN) PHYSICAL MEMORY ARRANGEMENT:
(XEN)  Dom0 alloc.:   0000000d98000000->0000000d9c000000 (1025804 pages
to be allocated)
(XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
(XEN) VIRTUAL MEMORY ARRANGEMENT:
(XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
(XEN)  Init. ramdisk: 0000000000000000->0000000000000000
(XEN)  Phys-Mach map: 0000008000000000->0000008000800000
(XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
(XEN)  Xenstore ring: 0000000000000000->0000000000000000
(XEN)  Console ring:  0000000000000000->0000000000000000
(XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
(XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
(XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
(XEN)  ENTRY ADDRESS: ffffffff82433180
(XEN) Dom0 has maximum 4 VCPUs
(XEN) Initial low memory virq threshold set at 0x4000 pages.
(XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
(XEN)
.........................................................................done.
(XEN) Std. Loglevel: Errors and warnings
(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
(XEN) ***************************************************
(XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
(XEN) enabled.  Please assess your configuration and choose an
(XEN) explicit 'smt=<bool>' setting.  See XSA-273.
(XEN) ***************************************************
(XEN) 3... 2... 1...
(XEN) Xen is relinquishing VGA console.
(XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
input to Xen)
(XEN) Freed 476kB init memory

-# cpuid -r
CPU 0:
   0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
edx=0x49656e69
   0x00000001 0x00: eax=0x000206c2 ebx=0x00200800 ecx=0x029ee3ff
edx=0xbfebfbff
   0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
edx=0x00ca0000
   0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
edx=0x00000000
   0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
edx=0x00000000
   0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
edx=0x00000000
   0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
edx=0x00000002
   0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
edx=0x00001120
   0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
edx=0x00000000
   0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x9c000000
   0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
edx=0x00000603
   0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000000
   0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
edx=0x00000000
   0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
edx=0x2c100800
   0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
edx=0x2952286e
   0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
edx=0x58202020
   0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
edx=0x007a4847
   0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
edx=0x00000000
   0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000100
   0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000000
   0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000000
CPU 1:
   0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
edx=0x49656e69
   0x00000001 0x00: eax=0x000206c2 ebx=0x02200800 ecx=0x029ee3ff
edx=0xbfebfbff
   0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
edx=0x00ca0000
   0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
edx=0x00000000
   0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
edx=0x00000000
   0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
edx=0x00000000
   0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
edx=0x00000002
   0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
edx=0x00001120
   0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
edx=0x00000000
   0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x9c000000
   0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
edx=0x00000603
   0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000002
   0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
edx=0x00000002
   0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
edx=0x2c100800
   0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
edx=0x2952286e
   0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
edx=0x58202020
   0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
edx=0x007a4847
   0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
edx=0x00000000
   0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000100
   0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000002
   0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000002
CPU 2:
   0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
edx=0x49656e69
   0x00000001 0x00: eax=0x000206c2 ebx=0x04200800 ecx=0x029ee3ff
edx=0xbfebfbff
   0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
edx=0x00ca0000
   0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
edx=0x00000000
   0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
edx=0x00000000
   0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
edx=0x00000000
   0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
edx=0x00000002
   0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
edx=0x00001120
   0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
edx=0x00000000
   0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x9c000000
   0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
edx=0x00000603
   0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000004
   0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
edx=0x00000004
   0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
edx=0x2c100800
   0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
edx=0x2952286e
   0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
edx=0x58202020
   0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
edx=0x007a4847
   0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
edx=0x00000000
   0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000100
   0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000004
   0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000004
CPU 3:
   0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
edx=0x49656e69
   0x00000001 0x00: eax=0x000206c2 ebx=0x10200800 ecx=0x029ee3ff
edx=0xbfebfbff
   0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
edx=0x00ca0000
   0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
edx=0x00000000
   0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
edx=0x00000000
   0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
edx=0x00000000
   0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
edx=0x00000002
   0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
edx=0x00001120
   0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
edx=0x00000000
   0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x9c000000
   0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
edx=0x00000603
   0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000010
   0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
edx=0x00000010
   0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
edx=0x2c100800
   0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
edx=0x2952286e
   0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
edx=0x58202020
   0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
edx=0x007a4847
   0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
edx=0x00000000
   0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
edx=0x00000100
   0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
   0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000010
   0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
edx=0x00000010

Or if the formatting is annoying, http://paste.debian.net/plainh/728b0c36

Hans

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Andrew Cooper
On 03/09/18 00:11, Hans van Kranenburg wrote:

> On 09/03/2018 12:50 AM, Andrew Cooper wrote:
>> On 02/09/18 23:27, Hans van Kranenburg wrote:
>>> On 09/03/2018 12:14 AM, Andrew Cooper wrote:
>>>> On 02/09/18 21:22, Hans van Kranenburg wrote:
>>>>> On 08/31/2018 02:12 AM, Hans van Kranenburg wrote:
>>>>>> On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:
>>>>>>> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
>>>>>>> BIOS update on them:
>>>>>>>
>>>>>>> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>>>>>>>
>>>>>>> Version: 2018.05.21(2 Jul 2018)
>>>>>>>
>>>>>>> The release notes contain a whole story about "This revision of the
>>>>>>> System ROM includes the latest revision of the Intel microcode which, in
>>>>>>> combination with operating system and hypervisor updates, provides
>>>>>>> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
>>>>>>> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>>>>>>>
>>>>>>> In the BIOS cpu settings, hyperthreading is disabled. This server
>>>>>>> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>>>>
>>>>>>> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>>>>>>>
>>>>>>> -# xen info
>>>>>>> host                   : rho
>>>>>>> release                : 4.17.0-0.bpo.3-amd64
>>>>>>> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
>>>>>>> machine                : x86_64
>>>>>>> nr_cpus                : 12
>>>>>>> max_cpu_id             : 31
>>>>>>> nr_nodes               : 2
>>>>>>> cores_per_socket       : 6
>>>>>>> threads_per_core       : 1
>>>>> From server startup serial console:
>>>>>
>>>>> ---- >8 ----
>>>>>                             108 GB Installed
>>>>>
>>>>>
>>>>>
>>>>> ProLiant System BIOS - P68 (05/21/2018)
>>>>>
>>>>> Copyright 1982, 2018 Hewlett-Packard Development Company, L.P.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> 2 Processor(s) detected, 12 total cores enabled, Hyperthreading is disabled
>>>>> Proc 1: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>> Proc 2: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>> QPI Speed: 6.4 GT/s
>>>>> HP Power Profile Mode: Custom
>>>>> Power Regulator Mode: Static High Performance
>>>>>
>>>>> Advanced Memory Protection Mode: Advanced ECC Support
>>>>> Redundant ROM Detected - This system contains a valid backup system ROM.
>>>>> Inlet Ambient Temperature: 20C/68F
>>>>>
>>>>> ---- >8 ----
>>>>>
>>>>> "Hyperthreading is disabled"
>>>>>
>>>>>>> Still, xl dmesg shows me:
>>>>>>>
>>>>>>> (XEN) ***************************************************
>>>>>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>>>>>> (XEN) enabled.  Please assess your configuration and choose an
>>>>>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>>>>>> (XEN) ***************************************************
>>>>>>>
>>>>>>> What's wrong here?
>>>>>> Additionally:
>>>>> So, interestingly, this information (from dom0) lists ht again in flags:
>>>>>
>>>>>> -# cat /proc/cpuinfo
>>>>>> processor : 0
>>>>>> vendor_id : GenuineIntel
>>>>>> cpu family : 6
>>>>>> model : 44
>>>>>> model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
>>>>>> stepping : 2
>>>>>> microcode : 0x1f
>>>>>> cpu MHz : 3066.788
>>>>>> cache size : 12288 KB
>>>>>> physical id : 0
>>>>>> siblings : 4
>>>>>> core id : 0
>>>>>> cpu cores : 1
>>>>>> apicid : 0
>>>>>> initial apicid : 0
>>>>>> fpu : yes
>>>>>> fpu_exception : yes
>>>>>> cpuid level : 11
>>>>>> wp : yes
>>>>>> flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
>>>>>> mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
>>>>>> nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
>>>>>> popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
>>>>>> bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
>>>>>> bogomips : 6133.57
>>>>>> clflush size : 64
>>>>>> cache_alignment : 64
>>>>>> address sizes : 40 bits physical, 48 bits virtual
>>>>>> power management:
>>>>>>
>>>>>> (identical for all cpus listed)
>>>>> Another view on the thing, from dmidecode:
>>>>>
>>>>> Handle 0x0400, DMI type 4, 42 bytes
>>>>> Processor Information
>>>>> Socket Designation: Proc 1
>>>>> Type: Central Processor
>>>>> Family: Xeon
>>>>> Manufacturer: Intel
>>>>> ID: C2 06 02 00 FF FB EB BF
>>>>> Signature: Type 0, Family 6, Model 44, Stepping 2
>>>>> Flags:
>>>>> FPU (Floating-point unit on-chip)
>>>>> VME (Virtual mode extension)
>>>>> DE (Debugging extension)
>>>>> PSE (Page size extension)
>>>>> TSC (Time stamp counter)
>>>>> MSR (Model specific registers)
>>>>> PAE (Physical address extension)
>>>>> MCE (Machine check exception)
>>>>> CX8 (CMPXCHG8 instruction supported)
>>>>> APIC (On-chip APIC hardware supported)
>>>>> SEP (Fast system call)
>>>>> MTRR (Memory type range registers)
>>>>> PGE (Page global enable)
>>>>> MCA (Machine check architecture)
>>>>> CMOV (Conditional move instruction supported)
>>>>> PAT (Page attribute table)
>>>>> PSE-36 (36-bit page size extension)
>>>>> CLFSH (CLFLUSH instruction supported)
>>>>> DS (Debug store)
>>>>> ACPI (ACPI supported)
>>>>> MMX (MMX technology supported)
>>>>> FXSR (FXSAVE and FXSTOR instructions supported)
>>>>> SSE (Streaming SIMD extensions)
>>>>> SSE2 (Streaming SIMD extensions 2)
>>>>> SS (Self-snoop)
>>>>> HTT (Multi-threading)
>>>>> TM (Thermal monitor supported)
>>>>> PBE (Pending break enabled)
>>>>> Version: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>> Voltage: 1.4 V
>>>>> External Clock: 133 MHz
>>>>> Max Speed: 4800 MHz
>>>>> Current Speed: 3067 MHz
>>>>> Status: Populated, Enabled
>>>>> Upgrade: Socket LGA1366
>>>>> L1 Cache Handle: 0x0710
>>>>> L2 Cache Handle: 0x0720
>>>>> L3 Cache Handle: 0x0730
>>>>> Serial Number: Not Specified
>>>>> Asset Tag: Not Specified
>>>>> Part Number: Not Specified
>>>>> Core Count: 6
>>>>> Core Enabled: 6
>>>>> Thread Count: 12
>>>>> Characteristics:
>>>>> 64-bit capable
>>>>>
>>>>> This also lists hyperthreading and 6 cores with 12 threads per physical
>>>>> cpu...
>>>>>
>>>>> The code which decides about printing the message or not does:
>>>>>
>>>>> if ( opt_smt == -1 && cpu_has_bug_l1tf && !pv_shim &&
>>>>>      boot_cpu_data.x86_num_siblings > 1 )
>>>>>     warning_add(
>>>>>         "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading\n"
>>>>>         "enabled.  Please assess your configuration and choose an\n"
>>>>>         "explicit 'smt=<bool>' setting.  See XSA-273.\n");
>>>>>
>>>>> (from commit 2a47c75509, author in Cc)
>>>>>
>>>>> Apparently in here, boot_cpu_data.x86_num_siblings > 1 still matches
>>>>> when hyperthreading is actually disabled in bios configuration?
>>>>>
>>>>> Is there a better way to detect configuration (enabled/disabled) vs.
>>>>> just the fact that the hardware has the feature and could enable it?
>>>>> Something like the same source as where xl info gets the
>>>>> threads_per_core from, which does show up as 1?
>>>> The HT flag in CPUID is of no use in this case.  It is actually
>>>> HyperThreadingTechnology which is a bit signalling that other topology
>>>> related information in the CPUID leaves has changed from the legacy
>>>> enumeration mechanisms.  Most hardware in the last 10 years sets the HTT
>>>> bit, even on non-HT capable hardware.
>>>>
>>>> Do you have the full Xen boot log (`xl dmesg` once dom0 has booted) ?
>>>>
>>>> Xen's boot_cpu_data.x86_num_siblings ought to be correct, but I'd agree
>>>> in this case it appears to be in direct contradiction to what the
>>>> firmware claims.
>>> (XEN) parameter "placeholder" unknown!
>>> (XEN) Xen version 4.11.1-pre (Debian
>>> 4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
>>> 6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
>>> (XEN) Bootloader: GRUB 2.02~beta3-5
>>> (XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
>>> com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0
>>> (XEN) Xen image load base address: 0
>>> (XEN) Video information:
>>> (XEN)  VGA is text mode 80x25, font 8x16
>>> (XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
>>> (XEN)  EDID info not retrieved because no DDC retrieval method detected
>>> (XEN) Disc information:
>>> (XEN)  Found 1 MBR signatures
>>> (XEN)  Found 1 EDD information structures
>>> (XEN) Xen-e820 RAM map:
>>> (XEN)  0000000000000000 - 000000000009f400 (usable)
>>> (XEN)  000000000009f400 - 00000000000a0000 (reserved)
>>> (XEN)  00000000000f0000 - 0000000000100000 (reserved)
>>> (XEN)  0000000000100000 - 00000000d762f000 (usable)
>>> (XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
>>> (XEN)  00000000d763c000 - 00000000d763d000 (usable)
>>> (XEN)  00000000d763d000 - 00000000dc000000 (reserved)
>>> (XEN)  00000000fec00000 - 00000000fee10000 (reserved)
>>> (XEN)  00000000ff800000 - 0000000100000000 (reserved)
>>> (XEN)  0000000100000000 - 0000001b27fff000 (usable)
>>> (XEN) New Xen image base address: 0xd7000000
>>> (XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
>>> (XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
>>> (XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
>>> (XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
>>> (XEN) ACPI: FACS D762F100, 0040
>>> (XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
>>> (XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
>>> (XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
>>> (XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
>>> (XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
>>> (XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
>>> (XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
>>> (XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
>>> (XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
>>> (XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
>>> (XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
>>> (XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
>>> (XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
>>> (XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
>>> (XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
>>> (XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
>>> (XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
>>> (XEN) System RAM: 110581MB (113235768kB)
>>> (XEN) Domain heap initialised DMA width 32 bits
>>> (XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
>>> (XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
>>> (XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
>>> (XEN) Failed to get Error Log Address Range.
>>> (XEN) Speculative mitigation facilities:
>>> (XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
>>> (XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
>>> (XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
>>> Other: IBPB L1D_FLUSH
>>> (XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
>>> address 10000000000
>>> (XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
>>> MSR_SPEC_CTRL RSB EAGER_FPU
>>> (XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
>>> (XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
>>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>>> (XEN) Platform timer is 14.318MHz HPET
>>> (XEN) Detected 3066.791 MHz processor.
>>> (XEN) Initing memory sharing.
>>> (XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
>>> #47, #53
>>> (XEN) I/O virtualisation disabled
>>> (XEN) Enabled directed EOI with ioapic_ack_old on!
>>> (XEN) ENABLING IO-APIC IRQs
>>> (XEN)  -> Using old ACK method
>>> (XEN) Allocated console ring of 32 KiB.
>>> (XEN) VMX: Supported advanced features:
>>> (XEN)  - APIC MMIO access virtualisation
>>> (XEN)  - APIC TPR shadow
>>> (XEN)  - Extended Page Tables (EPT)
>>> (XEN)  - Virtual-Processor Identifiers (VPID)
>>> (XEN)  - Virtual NMI
>>> (XEN)  - MSR direct-access bitmap
>>> (XEN)  - Unrestricted Guest
>>> (XEN) HVM: ASIDs enabled.
>>> (XEN) HVM: VMX enabled
>>> (XEN) HVM: Hardware Assisted Paging (HAP) detected
>>> (XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
>>> (XEN) Brought up 12 CPUs
>>> (XEN) Dom0 has maximum 816 PIRQs
>>> (XEN)  Xen  kernel: 64-bit, lsb, compat32
>>> (XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
>>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>>> (XEN)  Dom0 alloc.:   0000001adc000000->0000001ae0000000 (1025804 pages
>>> to be allocated)
>>> (XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
>>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>>> (XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
>>> (XEN)  Init. ramdisk: 0000000000000000->0000000000000000
>>> (XEN)  Phys-Mach map: 0000008000000000->0000008000800000
>>> (XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
>>> (XEN)  Xenstore ring: 0000000000000000->0000000000000000
>>> (XEN)  Console ring:  0000000000000000->0000000000000000
>>> (XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
>>> (XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
>>> (XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
>>> (XEN)  ENTRY ADDRESS: ffffffff82433180
>>> (XEN) Dom0 has maximum 4 VCPUs
>>> (XEN) Initial low memory virq threshold set at 0x4000 pages.
>>> (XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
>>> (XEN)
>>> .........................................................................done.
>>> (XEN) Std. Loglevel: Errors and warnings
>>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>>> (XEN) ***************************************************
>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>> (XEN) enabled.  Please assess your configuration and choose an
>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>> (XEN) ***************************************************
>>> (XEN) 3... 2... 1...
>>> (XEN) Xen is relinquishing VGA console.
>>> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
>>> input to Xen)
>>> (XEN) Freed 476kB init memory
>>>
>>> I can reboot with another loglevel if needed.
>> Can you rerun with "cpuinfo" on the command line, and/or a debug build,
>> so we can see Xen's interpretation of the MADT ACPI table.
>>
>> Additionally, if you can boot with "opt_dom0_vcpu_pin" and collect
>> `cpuid -r` which should pick up the raw processor APIC IDs.
> Sure. Message is already getting rather long, but I don't know what to
> cut away best above.
>
> (XEN) parameter "placeholder" unknown!
> (XEN) Xen version 4.11.1-pre (Debian
> 4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
> 6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
> (XEN) Bootloader: GRUB 2.02~beta3-5
> (XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
> com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0 cpuinfo
> dom0_vcpus_pin
> (XEN) Xen image load base address: 0
> (XEN) Video information:
> (XEN)  VGA is text mode 80x25, font 8x16
> (XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
> (XEN)  EDID info not retrieved because no DDC retrieval method detected
> (XEN) Disc information:
> (XEN)  Found 1 MBR signatures
> (XEN)  Found 1 EDD information structures
> (XEN) Xen-e820 RAM map:
> (XEN)  0000000000000000 - 000000000009f400 (usable)
> (XEN)  000000000009f400 - 00000000000a0000 (reserved)
> (XEN)  00000000000f0000 - 0000000000100000 (reserved)
> (XEN)  0000000000100000 - 00000000d762f000 (usable)
> (XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
> (XEN)  00000000d763c000 - 00000000d763d000 (usable)
> (XEN)  00000000d763d000 - 00000000dc000000 (reserved)
> (XEN)  00000000fec00000 - 00000000fee10000 (reserved)
> (XEN)  00000000ff800000 - 0000000100000000 (reserved)
> (XEN)  0000000100000000 - 0000001b27fff000 (usable)
> (XEN) New Xen image base address: 0xd7000000
> (XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
> (XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
> (XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
> (XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
> (XEN) ACPI: FACS D762F100, 0040
> (XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
> (XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
> (XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
> (XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
> (XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
> (XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
> (XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
> (XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
> (XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
> (XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
> (XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
> (XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
> (XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
> (XEN) System RAM: 110581MB (113235768kB)
> (XEN) Domain heap initialised DMA width 32 bits
> (XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
> (XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
> (XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
> (XEN) Failed to get Error Log Address Range.
> (XEN) CPU: Physical Processor ID: 0
> (XEN) CPU: Processor Core ID: 0
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) Speculative mitigation facilities:
> (XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
> (XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
> (XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
> Other: IBPB L1D_FLUSH
> (XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
> address 10000000000
> (XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
> MSR_SPEC_CTRL RSB EAGER_FPU
> (XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
> (XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
> (XEN) Using scheduler: SMP Credit Scheduler (credit)
> (XEN) Initializing CPU#0
> (XEN) Platform timer is 14.318MHz HPET
> (XEN) Detected 3066.790 MHz processor.
> (XEN) Initing memory sharing.
> (XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
> #47, #53
> (XEN) I/O virtualisation disabled
> (XEN) CPU0: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) Enabled directed EOI with ioapic_ack_old on!
> (XEN) ENABLING IO-APIC IRQs
> (XEN)  -> Using old ACK method
> (XEN) Allocated console ring of 32 KiB.
> (XEN) VMX: Supported advanced features:
> (XEN)  - APIC MMIO access virtualisation
> (XEN)  - APIC TPR shadow
> (XEN)  - Extended Page Tables (EPT)
> (XEN)  - Virtual-Processor Identifiers (VPID)
> (XEN)  - Virtual NMI
> (XEN)  - MSR direct-access bitmap
> (XEN)  - Unrestricted Guest
> (XEN) HVM: ASIDs enabled.
> (XEN) HVM: VMX enabled
> (XEN) HVM: Hardware Assisted Paging (HAP) detected
> (XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
> (XEN) CPU 0 APIC 0 -> Node 0
> (XEN) CPU 1 APIC 2 -> Node 0
> (XEN) Booting processor 1/2 eip 8f000
> (XEN) Initializing CPU#1
> (XEN) CPU: Physical Processor ID: 0
> (XEN) CPU: Processor Core ID: 1
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU1: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 2 APIC 4 -> Node 0
> (XEN) Booting processor 2/4 eip 8f000
> (XEN) Initializing CPU#2
> (XEN) CPU: Physical Processor ID: 0
> (XEN) CPU: Processor Core ID: 2
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU2: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 3 APIC 16 -> Node 0
> (XEN) Booting processor 3/16 eip 8f000
> (XEN) Initializing CPU#3
> (XEN) CPU: Physical Processor ID: 0
> (XEN) CPU: Processor Core ID: 8
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU3: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 4 APIC 18 -> Node 0
> (XEN) Booting processor 4/18 eip 8f000
> (XEN) Initializing CPU#4
> (XEN) CPU: Physical Processor ID: 0
> (XEN) CPU: Processor Core ID: 9
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU4: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 5 APIC 20 -> Node 0
> (XEN) Booting processor 5/20 eip 8f000
> (XEN) Initializing CPU#5
> (XEN) CPU: Physical Processor ID: 0
> (XEN) CPU: Processor Core ID: 10
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU5: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 6 APIC 32 -> Node 1
> (XEN) Booting processor 6/32 eip 8f000
> (XEN) Initializing CPU#6
> (XEN) CPU: Physical Processor ID: 1
> (XEN) CPU: Processor Core ID: 0
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU6: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 7 APIC 34 -> Node 1
> (XEN) Booting processor 7/34 eip 8f000
> (XEN) Initializing CPU#7
> (XEN) CPU: Physical Processor ID: 1
> (XEN) CPU: Processor Core ID: 1
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU7: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 8 APIC 36 -> Node 1
> (XEN) Booting processor 8/36 eip 8f000
> (XEN) Initializing CPU#8
> (XEN) CPU: Physical Processor ID: 1
> (XEN) CPU: Processor Core ID: 2
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU8: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 9 APIC 48 -> Node 1
> (XEN) Booting processor 9/48 eip 8f000
> (XEN) Initializing CPU#9
> (XEN) CPU: Physical Processor ID: 1
> (XEN) CPU: Processor Core ID: 8
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU9: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 10 APIC 50 -> Node 1
> (XEN) Booting processor 10/50 eip 8f000
> (XEN) Initializing CPU#10
> (XEN) CPU: Physical Processor ID: 1
> (XEN) CPU: Processor Core ID: 9
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU10: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) CPU 11 APIC 52 -> Node 1
> (XEN) Booting processor 11/52 eip 8f000
> (XEN) Initializing CPU#11
> (XEN) CPU: Physical Processor ID: 1
> (XEN) CPU: Processor Core ID: 10
> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
> (XEN) CPU: L2 cache: 256K
> (XEN) CPU: L3 cache: 12288K
> (XEN) CPU11: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
> (XEN) Brought up 12 CPUs
> (XEN) Dom0 has maximum 816 PIRQs
> (XEN)  Xen  kernel: 64-bit, lsb, compat32
> (XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
> (XEN) PHYSICAL MEMORY ARRANGEMENT:
> (XEN)  Dom0 alloc.:   0000000d98000000->0000000d9c000000 (1025804 pages
> to be allocated)
> (XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
> (XEN) VIRTUAL MEMORY ARRANGEMENT:
> (XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
> (XEN)  Init. ramdisk: 0000000000000000->0000000000000000
> (XEN)  Phys-Mach map: 0000008000000000->0000008000800000
> (XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
> (XEN)  Xenstore ring: 0000000000000000->0000000000000000
> (XEN)  Console ring:  0000000000000000->0000000000000000
> (XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
> (XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
> (XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
> (XEN)  ENTRY ADDRESS: ffffffff82433180
> (XEN) Dom0 has maximum 4 VCPUs
> (XEN) Initial low memory virq threshold set at 0x4000 pages.
> (XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
> (XEN)
> .........................................................................done.
> (XEN) Std. Loglevel: Errors and warnings
> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
> (XEN) ***************************************************
> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
> (XEN) enabled.  Please assess your configuration and choose an
> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
> (XEN) ***************************************************
> (XEN) 3... 2... 1...
> (XEN) Xen is relinquishing VGA console.
> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
> input to Xen)
> (XEN) Freed 476kB init memory
>
> -# cpuid -r
> CPU 0:
>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
> edx=0x49656e69
>    0x00000001 0x00: eax=0x000206c2 ebx=0x00200800 ecx=0x029ee3ff
> edx=0xbfebfbff
>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
> edx=0x00ca0000
>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
> edx=0x00000000
>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
> edx=0x00000000
>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
> edx=0x00000000
>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
> edx=0x00000002
>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
> edx=0x00001120
>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
> edx=0x00000000
>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x9c000000
>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
> edx=0x00000603
>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000000
>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
> edx=0x00000000
>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
> edx=0x2c100800
>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
> edx=0x2952286e
>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
> edx=0x58202020
>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
> edx=0x007a4847
>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
> edx=0x00000000
>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000100
>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000000
>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000000
> CPU 1:
>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
> edx=0x49656e69
>    0x00000001 0x00: eax=0x000206c2 ebx=0x02200800 ecx=0x029ee3ff
> edx=0xbfebfbff
>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
> edx=0x00ca0000
>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
> edx=0x00000000
>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
> edx=0x00000000
>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
> edx=0x00000000
>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
> edx=0x00000002
>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
> edx=0x00001120
>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
> edx=0x00000000
>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x9c000000
>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
> edx=0x00000603
>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000002
>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
> edx=0x00000002
>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
> edx=0x2c100800
>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
> edx=0x2952286e
>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
> edx=0x58202020
>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
> edx=0x007a4847
>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
> edx=0x00000000
>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000100
>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000002
>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000002
> CPU 2:
>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
> edx=0x49656e69
>    0x00000001 0x00: eax=0x000206c2 ebx=0x04200800 ecx=0x029ee3ff
> edx=0xbfebfbff
>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
> edx=0x00ca0000
>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
> edx=0x00000000
>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
> edx=0x00000000
>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
> edx=0x00000000
>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
> edx=0x00000002
>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
> edx=0x00001120
>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
> edx=0x00000000
>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x9c000000
>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
> edx=0x00000603
>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000004
>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
> edx=0x00000004
>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
> edx=0x2c100800
>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
> edx=0x2952286e
>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
> edx=0x58202020
>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
> edx=0x007a4847
>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
> edx=0x00000000
>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000100
>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000004
>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000004
> CPU 3:
>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
> edx=0x49656e69
>    0x00000001 0x00: eax=0x000206c2 ebx=0x10200800 ecx=0x029ee3ff
> edx=0xbfebfbff
>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
> edx=0x00ca0000
>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
> edx=0x00000000
>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
> edx=0x00000000
>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
> edx=0x00000000
>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
> edx=0x00000002
>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
> edx=0x00001120
>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
> edx=0x00000000
>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x9c000000
>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
> edx=0x00000603
>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000010
>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
> edx=0x00000010
>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
> edx=0x2c100800
>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
> edx=0x2952286e
>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
> edx=0x58202020
>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
> edx=0x007a4847
>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
> edx=0x00000000
>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
> edx=0x00000100
>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
> edx=0x00000000
>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000010
>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
> edx=0x00000010
>
> Or if the formatting is annoying, http://paste.debian.net/plainh/728b0c36

Looks like Xen does have a bug identifying the topology.  Hyperthreading
is definitely off, but there is no MADT so information is probably being
derived from the legacy MP table.

For now, set smt=0 if you want to skip the warning, and can you email
xen-devel with a bug report please?

~Andrew

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

Hans van Kranenburg-2
On 09/03/2018 01:23 AM, Andrew Cooper wrote:

> On 03/09/18 00:11, Hans van Kranenburg wrote:
>> On 09/03/2018 12:50 AM, Andrew Cooper wrote:
>>> On 02/09/18 23:27, Hans van Kranenburg wrote:
>>>> On 09/03/2018 12:14 AM, Andrew Cooper wrote:
>>>>> On 02/09/18 21:22, Hans van Kranenburg wrote:
>>>>>> On 08/31/2018 02:12 AM, Hans van Kranenburg wrote:
>>>>>>> On 08/31/2018 02:09 AM, Hans van Kranenburg wrote:
>>>>>>>> I have some HP ProLiant DL360 G7 (P68) servers here, and I just put this
>>>>>>>> BIOS update on them:
>>>>>>>>
>>>>>>>> https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_23267b7aabb6489a8332d06919#tab3
>>>>>>>>
>>>>>>>> Version: 2018.05.21(2 Jul 2018)
>>>>>>>>
>>>>>>>> The release notes contain a whole story about "This revision of the
>>>>>>>> System ROM includes the latest revision of the Intel microcode which, in
>>>>>>>> combination with operating system and hypervisor updates, provides
>>>>>>>> mitigation for the L1 Terminal Fault – OS/SMM (CVE-2018-3620) and L1
>>>>>>>> Terminal Fault – VMM (CVE-2018-3646) security vulnerabilities."
>>>>>>>>
>>>>>>>> In the BIOS cpu settings, hyperthreading is disabled. This server
>>>>>>>> contains 2x 6-core Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>>>>>
>>>>>>>> From xen info: (4.11, built from stable-4.11 commit 733450b39b)
>>>>>>>>
>>>>>>>> -# xen info
>>>>>>>> host                   : rho
>>>>>>>> release                : 4.17.0-0.bpo.3-amd64
>>>>>>>> version                : #1 SMP Debian 4.17.17-1~bpo9+1 (2018-08-27)
>>>>>>>> machine                : x86_64
>>>>>>>> nr_cpus                : 12
>>>>>>>> max_cpu_id             : 31
>>>>>>>> nr_nodes               : 2
>>>>>>>> cores_per_socket       : 6
>>>>>>>> threads_per_core       : 1
>>>>>> From server startup serial console:
>>>>>>
>>>>>> ---- >8 ----
>>>>>>                             108 GB Installed
>>>>>>
>>>>>>
>>>>>>
>>>>>> ProLiant System BIOS - P68 (05/21/2018)
>>>>>>
>>>>>> Copyright 1982, 2018 Hewlett-Packard Development Company, L.P.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2 Processor(s) detected, 12 total cores enabled, Hyperthreading is disabled
>>>>>> Proc 1: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>>> Proc 2: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>>> QPI Speed: 6.4 GT/s
>>>>>> HP Power Profile Mode: Custom
>>>>>> Power Regulator Mode: Static High Performance
>>>>>>
>>>>>> Advanced Memory Protection Mode: Advanced ECC Support
>>>>>> Redundant ROM Detected - This system contains a valid backup system ROM.
>>>>>> Inlet Ambient Temperature: 20C/68F
>>>>>>
>>>>>> ---- >8 ----
>>>>>>
>>>>>> "Hyperthreading is disabled"
>>>>>>
>>>>>>>> Still, xl dmesg shows me:
>>>>>>>>
>>>>>>>> (XEN) ***************************************************
>>>>>>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>>>>>>> (XEN) enabled.  Please assess your configuration and choose an
>>>>>>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>>>>>>> (XEN) ***************************************************
>>>>>>>>
>>>>>>>> What's wrong here?
>>>>>>> Additionally:
>>>>>> So, interestingly, this information (from dom0) lists ht again in flags:
>>>>>>
>>>>>>> -# cat /proc/cpuinfo
>>>>>>> processor : 0
>>>>>>> vendor_id : GenuineIntel
>>>>>>> cpu family : 6
>>>>>>> model : 44
>>>>>>> model name : Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz
>>>>>>> stepping : 2
>>>>>>> microcode : 0x1f
>>>>>>> cpu MHz : 3066.788
>>>>>>> cache size : 12288 KB
>>>>>>> physical id : 0
>>>>>>> siblings : 4
>>>>>>> core id : 0
>>>>>>> cpu cores : 1
>>>>>>> apicid : 0
>>>>>>> initial apicid : 0
>>>>>>> fpu : yes
>>>>>>> fpu_exception : yes
>>>>>>> cpuid level : 11
>>>>>>> wp : yes
>>>>>>> flags : fpu de tsc msr pae mce cx8 apic sep mca cmov pat clflush acpi
>>>>>>> mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl
>>>>>>> nonstop_tsc cpuid pni pclmulqdq monitor est ssse3 cx16 sse4_1 sse4_2
>>>>>>> popcnt aes hypervisor lahf_lm ssbd ibrs ibpb stibp
>>>>>>> bugs : null_seg cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf
>>>>>>> bogomips : 6133.57
>>>>>>> clflush size : 64
>>>>>>> cache_alignment : 64
>>>>>>> address sizes : 40 bits physical, 48 bits virtual
>>>>>>> power management:
>>>>>>>
>>>>>>> (identical for all cpus listed)
>>>>>> Another view on the thing, from dmidecode:
>>>>>>
>>>>>> Handle 0x0400, DMI type 4, 42 bytes
>>>>>> Processor Information
>>>>>> Socket Designation: Proc 1
>>>>>> Type: Central Processor
>>>>>> Family: Xeon
>>>>>> Manufacturer: Intel
>>>>>> ID: C2 06 02 00 FF FB EB BF
>>>>>> Signature: Type 0, Family 6, Model 44, Stepping 2
>>>>>> Flags:
>>>>>> FPU (Floating-point unit on-chip)
>>>>>> VME (Virtual mode extension)
>>>>>> DE (Debugging extension)
>>>>>> PSE (Page size extension)
>>>>>> TSC (Time stamp counter)
>>>>>> MSR (Model specific registers)
>>>>>> PAE (Physical address extension)
>>>>>> MCE (Machine check exception)
>>>>>> CX8 (CMPXCHG8 instruction supported)
>>>>>> APIC (On-chip APIC hardware supported)
>>>>>> SEP (Fast system call)
>>>>>> MTRR (Memory type range registers)
>>>>>> PGE (Page global enable)
>>>>>> MCA (Machine check architecture)
>>>>>> CMOV (Conditional move instruction supported)
>>>>>> PAT (Page attribute table)
>>>>>> PSE-36 (36-bit page size extension)
>>>>>> CLFSH (CLFLUSH instruction supported)
>>>>>> DS (Debug store)
>>>>>> ACPI (ACPI supported)
>>>>>> MMX (MMX technology supported)
>>>>>> FXSR (FXSAVE and FXSTOR instructions supported)
>>>>>> SSE (Streaming SIMD extensions)
>>>>>> SSE2 (Streaming SIMD extensions 2)
>>>>>> SS (Self-snoop)
>>>>>> HTT (Multi-threading)
>>>>>> TM (Thermal monitor supported)
>>>>>> PBE (Pending break enabled)
>>>>>> Version: Intel(R) Xeon(R) CPU X5675 @ 3.07GHz
>>>>>> Voltage: 1.4 V
>>>>>> External Clock: 133 MHz
>>>>>> Max Speed: 4800 MHz
>>>>>> Current Speed: 3067 MHz
>>>>>> Status: Populated, Enabled
>>>>>> Upgrade: Socket LGA1366
>>>>>> L1 Cache Handle: 0x0710
>>>>>> L2 Cache Handle: 0x0720
>>>>>> L3 Cache Handle: 0x0730
>>>>>> Serial Number: Not Specified
>>>>>> Asset Tag: Not Specified
>>>>>> Part Number: Not Specified
>>>>>> Core Count: 6
>>>>>> Core Enabled: 6
>>>>>> Thread Count: 12
>>>>>> Characteristics:
>>>>>> 64-bit capable
>>>>>>
>>>>>> This also lists hyperthreading and 6 cores with 12 threads per physical
>>>>>> cpu...
>>>>>>
>>>>>> The code which decides about printing the message or not does:
>>>>>>
>>>>>> if ( opt_smt == -1 && cpu_has_bug_l1tf && !pv_shim &&
>>>>>>      boot_cpu_data.x86_num_siblings > 1 )
>>>>>>     warning_add(
>>>>>>         "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading\n"
>>>>>>         "enabled.  Please assess your configuration and choose an\n"
>>>>>>         "explicit 'smt=<bool>' setting.  See XSA-273.\n");
>>>>>>
>>>>>> (from commit 2a47c75509, author in Cc)
>>>>>>
>>>>>> Apparently in here, boot_cpu_data.x86_num_siblings > 1 still matches
>>>>>> when hyperthreading is actually disabled in bios configuration?
>>>>>>
>>>>>> Is there a better way to detect configuration (enabled/disabled) vs.
>>>>>> just the fact that the hardware has the feature and could enable it?
>>>>>> Something like the same source as where xl info gets the
>>>>>> threads_per_core from, which does show up as 1?
>>>>> The HT flag in CPUID is of no use in this case.  It is actually
>>>>> HyperThreadingTechnology which is a bit signalling that other topology
>>>>> related information in the CPUID leaves has changed from the legacy
>>>>> enumeration mechanisms.  Most hardware in the last 10 years sets the HTT
>>>>> bit, even on non-HT capable hardware.
>>>>>
>>>>> Do you have the full Xen boot log (`xl dmesg` once dom0 has booted) ?
>>>>>
>>>>> Xen's boot_cpu_data.x86_num_siblings ought to be correct, but I'd agree
>>>>> in this case it appears to be in direct contradiction to what the
>>>>> firmware claims.
>>>> (XEN) parameter "placeholder" unknown!
>>>> (XEN) Xen version 4.11.1-pre (Debian
>>>> 4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
>>>> 6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
>>>> (XEN) Bootloader: GRUB 2.02~beta3-5
>>>> (XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
>>>> com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0
>>>> (XEN) Xen image load base address: 0
>>>> (XEN) Video information:
>>>> (XEN)  VGA is text mode 80x25, font 8x16
>>>> (XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
>>>> (XEN)  EDID info not retrieved because no DDC retrieval method detected
>>>> (XEN) Disc information:
>>>> (XEN)  Found 1 MBR signatures
>>>> (XEN)  Found 1 EDD information structures
>>>> (XEN) Xen-e820 RAM map:
>>>> (XEN)  0000000000000000 - 000000000009f400 (usable)
>>>> (XEN)  000000000009f400 - 00000000000a0000 (reserved)
>>>> (XEN)  00000000000f0000 - 0000000000100000 (reserved)
>>>> (XEN)  0000000000100000 - 00000000d762f000 (usable)
>>>> (XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
>>>> (XEN)  00000000d763c000 - 00000000d763d000 (usable)
>>>> (XEN)  00000000d763d000 - 00000000dc000000 (reserved)
>>>> (XEN)  00000000fec00000 - 00000000fee10000 (reserved)
>>>> (XEN)  00000000ff800000 - 0000000100000000 (reserved)
>>>> (XEN)  0000000100000000 - 0000001b27fff000 (usable)
>>>> (XEN) New Xen image base address: 0xd7000000
>>>> (XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
>>>> (XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
>>>> (XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
>>>> (XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
>>>> (XEN) ACPI: FACS D762F100, 0040
>>>> (XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
>>>> (XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
>>>> (XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
>>>> (XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
>>>> (XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
>>>> (XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
>>>> (XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
>>>> (XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
>>>> (XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
>>>> (XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
>>>> (XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
>>>> (XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
>>>> (XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
>>>> (XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
>>>> (XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
>>>> (XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
>>>> (XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
>>>> (XEN) System RAM: 110581MB (113235768kB)
>>>> (XEN) Domain heap initialised DMA width 32 bits
>>>> (XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
>>>> (XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
>>>> (XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
>>>> (XEN) Failed to get Error Log Address Range.
>>>> (XEN) Speculative mitigation facilities:
>>>> (XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
>>>> (XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
>>>> (XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
>>>> Other: IBPB L1D_FLUSH
>>>> (XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
>>>> address 10000000000
>>>> (XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
>>>> MSR_SPEC_CTRL RSB EAGER_FPU
>>>> (XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
>>>> (XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
>>>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>>>> (XEN) Platform timer is 14.318MHz HPET
>>>> (XEN) Detected 3066.791 MHz processor.
>>>> (XEN) Initing memory sharing.
>>>> (XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
>>>> #47, #53
>>>> (XEN) I/O virtualisation disabled
>>>> (XEN) Enabled directed EOI with ioapic_ack_old on!
>>>> (XEN) ENABLING IO-APIC IRQs
>>>> (XEN)  -> Using old ACK method
>>>> (XEN) Allocated console ring of 32 KiB.
>>>> (XEN) VMX: Supported advanced features:
>>>> (XEN)  - APIC MMIO access virtualisation
>>>> (XEN)  - APIC TPR shadow
>>>> (XEN)  - Extended Page Tables (EPT)
>>>> (XEN)  - Virtual-Processor Identifiers (VPID)
>>>> (XEN)  - Virtual NMI
>>>> (XEN)  - MSR direct-access bitmap
>>>> (XEN)  - Unrestricted Guest
>>>> (XEN) HVM: ASIDs enabled.
>>>> (XEN) HVM: VMX enabled
>>>> (XEN) HVM: Hardware Assisted Paging (HAP) detected
>>>> (XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
>>>> (XEN) Brought up 12 CPUs
>>>> (XEN) Dom0 has maximum 816 PIRQs
>>>> (XEN)  Xen  kernel: 64-bit, lsb, compat32
>>>> (XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
>>>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>>>> (XEN)  Dom0 alloc.:   0000001adc000000->0000001ae0000000 (1025804 pages
>>>> to be allocated)
>>>> (XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
>>>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>>>> (XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
>>>> (XEN)  Init. ramdisk: 0000000000000000->0000000000000000
>>>> (XEN)  Phys-Mach map: 0000008000000000->0000008000800000
>>>> (XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
>>>> (XEN)  Xenstore ring: 0000000000000000->0000000000000000
>>>> (XEN)  Console ring:  0000000000000000->0000000000000000
>>>> (XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
>>>> (XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
>>>> (XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
>>>> (XEN)  ENTRY ADDRESS: ffffffff82433180
>>>> (XEN) Dom0 has maximum 4 VCPUs
>>>> (XEN) Initial low memory virq threshold set at 0x4000 pages.
>>>> (XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
>>>> (XEN)
>>>> .........................................................................done.
>>>> (XEN) Std. Loglevel: Errors and warnings
>>>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>>>> (XEN) ***************************************************
>>>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>>>> (XEN) enabled.  Please assess your configuration and choose an
>>>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>>>> (XEN) ***************************************************
>>>> (XEN) 3... 2... 1...
>>>> (XEN) Xen is relinquishing VGA console.
>>>> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
>>>> input to Xen)
>>>> (XEN) Freed 476kB init memory
>>>>
>>>> I can reboot with another loglevel if needed.
>>> Can you rerun with "cpuinfo" on the command line, and/or a debug build,
>>> so we can see Xen's interpretation of the MADT ACPI table.
>>>
>>> Additionally, if you can boot with "opt_dom0_vcpu_pin" and collect
>>> `cpuid -r` which should pick up the raw processor APIC IDs.
>> Sure. Message is already getting rather long, but I don't know what to
>> cut away best above.
>>
>> (XEN) parameter "placeholder" unknown!
>> (XEN) Xen version 4.11.1-pre (Debian
>> 4.11.1~pre+1.733450b39b-1~exp1~mxbp9+1) ([hidden email]) (gcc (Debian
>> 6.3.0-18+deb9u1) 6.3.0 20170516) debug=n  Wed Aug 22 15:26:44 UTC 2018
>> (XEN) Bootloader: GRUB 2.02~beta3-5
>> (XEN) Command line: placeholder dom0_max_vcpus=4 dom0_mem=4G,max:4G
>> com2=115200,8n1 console=com2,vga noreboot xpti=no-dom0 cpuinfo
>> dom0_vcpus_pin
>> (XEN) Xen image load base address: 0
>> (XEN) Video information:
>> (XEN)  VGA is text mode 80x25, font 8x16
>> (XEN)  VBE/DDC methods: none; EDID transfer time: 2 seconds
>> (XEN)  EDID info not retrieved because no DDC retrieval method detected
>> (XEN) Disc information:
>> (XEN)  Found 1 MBR signatures
>> (XEN)  Found 1 EDD information structures
>> (XEN) Xen-e820 RAM map:
>> (XEN)  0000000000000000 - 000000000009f400 (usable)
>> (XEN)  000000000009f400 - 00000000000a0000 (reserved)
>> (XEN)  00000000000f0000 - 0000000000100000 (reserved)
>> (XEN)  0000000000100000 - 00000000d762f000 (usable)
>> (XEN)  00000000d762f000 - 00000000d763c000 (ACPI data)
>> (XEN)  00000000d763c000 - 00000000d763d000 (usable)
>> (XEN)  00000000d763d000 - 00000000dc000000 (reserved)
>> (XEN)  00000000fec00000 - 00000000fee10000 (reserved)
>> (XEN)  00000000ff800000 - 0000000100000000 (reserved)
>> (XEN)  0000000100000000 - 0000001b27fff000 (usable)
>> (XEN) New Xen image base address: 0xd7000000
>> (XEN) ACPI: RSDP 000F4F00, 0024 (r2 HP    )
>> (XEN) ACPI: XSDT D7630140, 00B4 (r1 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: FACP D7630240, 00F4 (r3 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: DSDT D7630340, 20BD (r1 HP         DSDT        1 INTL 20030228)
>> (XEN) ACPI: FACS D762F100, 0040
>> (XEN) ACPI: SPCR D762F140, 0050 (r1 HP     SPCRRBSU        1   �     162E)
>> (XEN) ACPI: MCFG D762F1C0, 003C (r1 HP     ProLiant        1             0)
>> (XEN) ACPI: HPET D762F200, 0038 (r1 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: FFFF D762F240, 0064 (r2 HP     ProLiant        2   �     162E)
>> (XEN) ACPI: SPMI D762F2C0, 0040 (r5 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: ERST D762F300, 01D0 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: APIC D762F500, 015E (r1 HP     ProLiant        2             0)
>> (XEN) ACPI: SRAT D762F680, 0570 (r1 HP     Proliant        1   �     162E)
>> (XEN) ACPI: FFFF D762FC00, 0176 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: BERT D762FD80, 0030 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: HEST D762FDC0, 00BC (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: DMAR D762FE80, 0146 (r1 HP     ProLiant        1   �     162E)
>> (XEN) ACPI: SSDT D7632400, 0125 (r3     HP  CRSPCI0        2   HP        1)
>> (XEN) ACPI: SSDT D7632540, 01CF (r3     HP  riser1a        2 INTL 20061109)
>> (XEN) ACPI: SSDT D7632740, 03BB (r1     HP      pcc        1 INTL 20090625)
>> (XEN) ACPI: SSDT D7632B00, 0377 (r1     HP     pmab        1 INTL 20090625)
>> (XEN) ACPI: SSDT D7632E80, 2094 (r1  INTEL PPM RCM         1 INTL 20061109)
>> (XEN) System RAM: 110581MB (113235768kB)
>> (XEN) Domain heap initialised DMA width 32 bits
>> (XEN) IOAPIC[0]: apic_id 8, version 32, address 0xfec00000, GSI 0-23
>> (XEN) IOAPIC[1]: apic_id 0, version 32, address 0xfec80000, GSI 24-47
>> (XEN) Enabling APIC mode:  Phys.  Using 2 I/O APICs
>> (XEN) Failed to get Error Log Address Range.
>> (XEN) CPU: Physical Processor ID: 0
>> (XEN) CPU: Processor Core ID: 0
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) Speculative mitigation facilities:
>> (XEN)   Hardware features: IBRS/IBPB STIBP L1D_FLUSH SSBD
>> (XEN)   Compiled-in support: INDIRECT_THUNK SHADOW_PAGING
>> (XEN)   Xen settings: BTI-Thunk RETPOLINE, SPEC_CTRL: IBRS- SSBD-,
>> Other: IBPB L1D_FLUSH
>> (XEN)   L1TF: believed vulnerable, maxphysaddr L1D 44, CPUID 40, Safe
>> address 10000000000
>> (XEN)   Support for VMs: PV: MSR_SPEC_CTRL RSB EAGER_FPU, HVM:
>> MSR_SPEC_CTRL RSB EAGER_FPU
>> (XEN)   XPTI (64-bit PV only): Dom0 disabled, DomU disabled
>> (XEN)   PV L1TF shadowing: Dom0 disabled, DomU enabled
>> (XEN) Using scheduler: SMP Credit Scheduler (credit)
>> (XEN) Initializing CPU#0
>> (XEN) Platform timer is 14.318MHz HPET
>> (XEN) Detected 3066.790 MHz processor.
>> (XEN) Initing memory sharing.
>> (XEN) [VT-D]Disabling IOMMU due to Intel 5500/5520/X58 Chipset errata
>> #47, #53
>> (XEN) I/O virtualisation disabled
>> (XEN) CPU0: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) Enabled directed EOI with ioapic_ack_old on!
>> (XEN) ENABLING IO-APIC IRQs
>> (XEN)  -> Using old ACK method
>> (XEN) Allocated console ring of 32 KiB.
>> (XEN) VMX: Supported advanced features:
>> (XEN)  - APIC MMIO access virtualisation
>> (XEN)  - APIC TPR shadow
>> (XEN)  - Extended Page Tables (EPT)
>> (XEN)  - Virtual-Processor Identifiers (VPID)
>> (XEN)  - Virtual NMI
>> (XEN)  - MSR direct-access bitmap
>> (XEN)  - Unrestricted Guest
>> (XEN) HVM: ASIDs enabled.
>> (XEN) HVM: VMX enabled
>> (XEN) HVM: Hardware Assisted Paging (HAP) detected
>> (XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB
>> (XEN) CPU 0 APIC 0 -> Node 0
>> (XEN) CPU 1 APIC 2 -> Node 0
>> (XEN) Booting processor 1/2 eip 8f000
>> (XEN) Initializing CPU#1
>> (XEN) CPU: Physical Processor ID: 0
>> (XEN) CPU: Processor Core ID: 1
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU1: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 2 APIC 4 -> Node 0
>> (XEN) Booting processor 2/4 eip 8f000
>> (XEN) Initializing CPU#2
>> (XEN) CPU: Physical Processor ID: 0
>> (XEN) CPU: Processor Core ID: 2
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU2: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 3 APIC 16 -> Node 0
>> (XEN) Booting processor 3/16 eip 8f000
>> (XEN) Initializing CPU#3
>> (XEN) CPU: Physical Processor ID: 0
>> (XEN) CPU: Processor Core ID: 8
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU3: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 4 APIC 18 -> Node 0
>> (XEN) Booting processor 4/18 eip 8f000
>> (XEN) Initializing CPU#4
>> (XEN) CPU: Physical Processor ID: 0
>> (XEN) CPU: Processor Core ID: 9
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU4: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 5 APIC 20 -> Node 0
>> (XEN) Booting processor 5/20 eip 8f000
>> (XEN) Initializing CPU#5
>> (XEN) CPU: Physical Processor ID: 0
>> (XEN) CPU: Processor Core ID: 10
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU5: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 6 APIC 32 -> Node 1
>> (XEN) Booting processor 6/32 eip 8f000
>> (XEN) Initializing CPU#6
>> (XEN) CPU: Physical Processor ID: 1
>> (XEN) CPU: Processor Core ID: 0
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU6: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 7 APIC 34 -> Node 1
>> (XEN) Booting processor 7/34 eip 8f000
>> (XEN) Initializing CPU#7
>> (XEN) CPU: Physical Processor ID: 1
>> (XEN) CPU: Processor Core ID: 1
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU7: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 8 APIC 36 -> Node 1
>> (XEN) Booting processor 8/36 eip 8f000
>> (XEN) Initializing CPU#8
>> (XEN) CPU: Physical Processor ID: 1
>> (XEN) CPU: Processor Core ID: 2
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU8: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 9 APIC 48 -> Node 1
>> (XEN) Booting processor 9/48 eip 8f000
>> (XEN) Initializing CPU#9
>> (XEN) CPU: Physical Processor ID: 1
>> (XEN) CPU: Processor Core ID: 8
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU9: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 10 APIC 50 -> Node 1
>> (XEN) Booting processor 10/50 eip 8f000
>> (XEN) Initializing CPU#10
>> (XEN) CPU: Physical Processor ID: 1
>> (XEN) CPU: Processor Core ID: 9
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU10: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) CPU 11 APIC 52 -> Node 1
>> (XEN) Booting processor 11/52 eip 8f000
>> (XEN) Initializing CPU#11
>> (XEN) CPU: Physical Processor ID: 1
>> (XEN) CPU: Processor Core ID: 10
>> (XEN) CPU: L1 I cache: 32K, L1 D cache: 32K
>> (XEN) CPU: L2 cache: 256K
>> (XEN) CPU: L3 cache: 12288K
>> (XEN) CPU11: Intel(R) Xeon(R) CPU           X5675  @ 3.07GHz stepping 02
>> (XEN) Brought up 12 CPUs
>> (XEN) Dom0 has maximum 816 PIRQs
>> (XEN)  Xen  kernel: 64-bit, lsb, compat32
>> (XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x266a000
>> (XEN) PHYSICAL MEMORY ARRANGEMENT:
>> (XEN)  Dom0 alloc.:   0000000d98000000->0000000d9c000000 (1025804 pages
>> to be allocated)
>> (XEN)  Init. ramdisk: 0000001b2650c000->0000001b27dffa74
>> (XEN) VIRTUAL MEMORY ARRANGEMENT:
>> (XEN)  Loaded kernel: ffffffff81000000->ffffffff8266a000
>> (XEN)  Init. ramdisk: 0000000000000000->0000000000000000
>> (XEN)  Phys-Mach map: 0000008000000000->0000008000800000
>> (XEN)  Start info:    ffffffff8266a000->ffffffff8266a4b4
>> (XEN)  Xenstore ring: 0000000000000000->0000000000000000
>> (XEN)  Console ring:  0000000000000000->0000000000000000
>> (XEN)  Page tables:   ffffffff8266b000->ffffffff82682000
>> (XEN)  Boot stack:    ffffffff82682000->ffffffff82683000
>> (XEN)  TOTAL:         ffffffff80000000->ffffffff82800000
>> (XEN)  ENTRY ADDRESS: ffffffff82433180
>> (XEN) Dom0 has maximum 4 VCPUs
>> (XEN) Initial low memory virq threshold set at 0x4000 pages.
>> (XEN) Scrubbing Free RAM on 2 nodes using 12 CPUs
>> (XEN)
>> .........................................................................done.
>> (XEN) Std. Loglevel: Errors and warnings
>> (XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
>> (XEN) ***************************************************
>> (XEN) Booted on L1TF-vulnerable hardware with SMT/Hyperthreading
>> (XEN) enabled.  Please assess your configuration and choose an
>> (XEN) explicit 'smt=<bool>' setting.  See XSA-273.
>> (XEN) ***************************************************
>> (XEN) 3... 2... 1...
>> (XEN) Xen is relinquishing VGA console.
>> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
>> input to Xen)
>> (XEN) Freed 476kB init memory
>>
>> -# cpuid -r
>> CPU 0:
>>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
>> edx=0x49656e69
>>    0x00000001 0x00: eax=0x000206c2 ebx=0x00200800 ecx=0x029ee3ff
>> edx=0xbfebfbff
>>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
>> edx=0x00ca0000
>>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
>> edx=0x00000000
>>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
>> edx=0x00000000
>>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
>> edx=0x00000000
>>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
>> edx=0x00000002
>>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
>> edx=0x00001120
>>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
>> edx=0x00000000
>>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x9c000000
>>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
>> edx=0x00000603
>>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000000
>>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
>> edx=0x00000000
>>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
>> edx=0x2c100800
>>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
>> edx=0x2952286e
>>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
>> edx=0x58202020
>>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
>> edx=0x007a4847
>>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
>> edx=0x00000000
>>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000100
>>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000000
>>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000000
>> CPU 1:
>>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
>> edx=0x49656e69
>>    0x00000001 0x00: eax=0x000206c2 ebx=0x02200800 ecx=0x029ee3ff
>> edx=0xbfebfbff
>>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
>> edx=0x00ca0000
>>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
>> edx=0x00000000
>>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
>> edx=0x00000000
>>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
>> edx=0x00000000
>>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
>> edx=0x00000002
>>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
>> edx=0x00001120
>>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
>> edx=0x00000000
>>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x9c000000
>>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
>> edx=0x00000603
>>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000002
>>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
>> edx=0x00000002
>>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
>> edx=0x2c100800
>>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
>> edx=0x2952286e
>>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
>> edx=0x58202020
>>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
>> edx=0x007a4847
>>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
>> edx=0x00000000
>>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000100
>>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000002
>>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000002
>> CPU 2:
>>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
>> edx=0x49656e69
>>    0x00000001 0x00: eax=0x000206c2 ebx=0x04200800 ecx=0x029ee3ff
>> edx=0xbfebfbff
>>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
>> edx=0x00ca0000
>>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
>> edx=0x00000000
>>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
>> edx=0x00000000
>>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
>> edx=0x00000000
>>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
>> edx=0x00000002
>>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
>> edx=0x00001120
>>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
>> edx=0x00000000
>>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x9c000000
>>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
>> edx=0x00000603
>>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000004
>>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
>> edx=0x00000004
>>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
>> edx=0x2c100800
>>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
>> edx=0x2952286e
>>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
>> edx=0x58202020
>>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
>> edx=0x007a4847
>>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
>> edx=0x00000000
>>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000100
>>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000004
>>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000004
>> CPU 3:
>>    0x00000000 0x00: eax=0x0000000b ebx=0x756e6547 ecx=0x6c65746e
>> edx=0x49656e69
>>    0x00000001 0x00: eax=0x000206c2 ebx=0x10200800 ecx=0x029ee3ff
>> edx=0xbfebfbff
>>    0x00000002 0x00: eax=0x55035a01 ebx=0x00f0b0ff ecx=0x00000000
>> edx=0x00ca0000
>>    0x00000003 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000004 0x00: eax=0x3c004121 ebx=0x01c0003f ecx=0x0000003f
>> edx=0x00000000
>>    0x00000004 0x01: eax=0x3c004122 ebx=0x00c0003f ecx=0x0000007f
>> edx=0x00000000
>>    0x00000004 0x02: eax=0x3c004143 ebx=0x01c0003f ecx=0x000001ff
>> edx=0x00000000
>>    0x00000004 0x03: eax=0x3c07c163 ebx=0x03c0003f ecx=0x00002fff
>> edx=0x00000002
>>    0x00000005 0x00: eax=0x00000040 ebx=0x00000040 ecx=0x00000003
>> edx=0x00001120
>>    0x00000006 0x00: eax=0x00000007 ebx=0x00000002 ecx=0x00000009
>> edx=0x00000000
>>    0x00000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x9c000000
>>    0x00000008 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x00000009 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x0000000a 0x00: eax=0x07300403 ebx=0x00000004 ecx=0x00000000
>> edx=0x00000603
>>    0x0000000b 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000010
>>    0x0000000b 0x01: eax=0x00000005 ebx=0x0000000c ecx=0x00000201
>> edx=0x00000010
>>    0x80000000 0x00: eax=0x80000008 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000001 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000001
>> edx=0x2c100800
>>    0x80000002 0x00: eax=0x65746e49 ebx=0x2952286c ecx=0x6f655820
>> edx=0x2952286e
>>    0x80000003 0x00: eax=0x55504320 ebx=0x20202020 ecx=0x20202020
>> edx=0x58202020
>>    0x80000004 0x00: eax=0x35373635 ebx=0x20402020 ecx=0x37302e33
>> edx=0x007a4847
>>    0x80000005 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80000006 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x01006040
>> edx=0x00000000
>>    0x80000007 0x00: eax=0x00000000 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000100
>>    0x80000008 0x00: eax=0x00003028 ebx=0x00000000 ecx=0x00000000
>> edx=0x00000000
>>    0x80860000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000010
>>    0xc0000000 0x00: eax=0x00000001 ebx=0x00000002 ecx=0x00000100
>> edx=0x00000010
>>
>> Or if the formatting is annoying, http://paste.debian.net/plainh/728b0c36
>
> Looks like Xen does have a bug identifying the topology.  Hyperthreading
> is definitely off, but there is no MADT so information is probably being
> derived from the legacy MP table.
>
> For now, set smt=0 if you want to skip the warning, and can you email
> xen-devel with a bug report please?

Sure. Thanks for helping getting the right info together for it. :)

I'll also be rebooting a bunch of HP DL360 gen8 and gen9 into Xen 4.11
in the upcoming days.

Hans

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users
Reply | Threaded
Open this post in threaded view
|

Re: "Booted on L1TF-vulnerable hardware with SMT/Hyperthreading enabled" .. or not?

MateoConLechuga
I have been having the same issue using stable-4.11. Any chance this has been
fixed?



--
Sent from: http://xen.1045712.n5.nabble.com/Xen-User-f2551083.html

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xenproject.org/mailman/listinfo/xen-users