Closed andreeaflorescu closed 3 years ago
We're still seeing this in our setup. Running a pretty recent firecracker version. Not sure why. I think it cropped up when we upgraded the kernel of our microvms.
Hi @jeromegn. Thanks for bringing this up. I am not sure if this is a regression or a different issue. Can you provide more details about your usecase and reproduction steps ?
It seems to only happen on our AMD servers. Specifically these models:
Below, the details of one occurrence of the issue.
[ 0.339347] smpboot: CPU0: AMD EPYC (family: 0x17, model: 0x31, stepping: 0x0)
[ 0.339552] Performance Events: Fam17h core perfctr, AMD PMU driver.
[ 0.339570] ... version: 0
[ 0.339571] ... bit width: 48
[ 0.339571] ... generic registers: 6
[ 0.339572] ... value mask: 0000ffffffffffff
[ 0.339572] ... max period: 00007fffffffffff
[ 0.339572] ... fixed-purpose events: 0
[ 0.339573] ... event mask: 000000000000003f
[ 0.339646] rcu: Hierarchical SRCU implementation.
[ 0.340065] random: crng done (trusting CPU's manufacturer)
[ 0.340212] smp: Bringing up secondary CPUs ...
[ 0.340357] x86: Booting SMP configuration:
[ 0.340358] .... node #0, CPUs: #1
[ 0.005221] kvm-clock: cpu 1, msr 2401041, secondary cpu clock
[ 0.005221] x86/cpu: Activated the Intel User Mode Instruction Prevention (UMIP) CPU feature
[ 0.005221] [Firmware Bug]: CPU1: APIC id mismatch. Firmware: 1 APIC: 16
[ 0.341428] KVM setup async PF for cpu 1
[ 0.341428] kvm-stealtime: cpu 1, msr 12baa0040
[ 0.341428] #2
[ 0.005221] kvm-clock: cpu 2, msr 2401081, secondary cpu clock
[ 0.005221] x86/cpu: Activated the Intel User Mode Instruction Prevention (UMIP) CPU feature
[ 0.005221] [Firmware Bug]: CPU2: APIC id mismatch. Firmware: 2 APIC: 16
[ 0.341428] KVM setup async PF for cpu 2
[ 0.341428] kvm-stealtime: cpu 2, msr 12bb20040
[ 0.341428] #3
[ 0.005221] kvm-clock: cpu 3, msr 24010c1, secondary cpu clock
[ 0.005221] x86/cpu: Activated the Intel User Mode Instruction Prevention (UMIP) CPU feature
[ 0.005221] [Firmware Bug]: CPU3: APIC id mismatch. Firmware: 3 APIC: 16
[ 0.343429] KVM setup async PF for cpu 3
[ 0.343429] kvm-stealtime: cpu 3, msr 12bba0040
[ 0.343429] smp: Brought up 1 node, 4 CPUs
[ 0.343429] smpboot: Max logical packages: 1
[ 0.343429] smpboot: Total of 4 processors activated (19962.49 BogoMIPS)
root@85595acf:/app# cat /proc/cmdline
init=/fly/init cgroup_enable=memory swapaccount=1 i8042.dumbkbd reboot=k panic=1 quiet random.trust_cpu=on i8042.noaux i8042.nomux i8042.nopnp console=ttyS0 pci=off root=/dev/vda rw virtio_mmio.device=4K@0xd0000000:5 virtio_mmio.device=4K@0xd0001000:6 virtio_mmio.device=4K@0xd0002000:7
Guest CPU:
root@85595acf:/app# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 4
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: AuthenticAMD
CPU family: 23
Model: 49
Model name: AMD EPYC
Stepping: 0
CPU MHz: 2495.312
BogoMIPS: 4990.62
Virtualization: AMD-V
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 512K
L3 cache: 16384K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy svm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves clzero xsaveerptr arat npt nrip_save umip rdpid
Host CPU:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 64
On-line CPU(s) list: 0-63
Thread(s) per core: 2
Core(s) per socket: 32
Socket(s): 1
NUMA node(s): 1
Vendor ID: AuthenticAMD
CPU family: 23
Model: 49
Model name: AMD EPYC 7502P 32-Core Processor
Stepping: 0
CPU MHz: 3337.168
BogoMIPS: 4991.05
Virtualization: AMD-V
L1d cache: 32K
L1i cache: 32K
L2 cache: 512K
L3 cache: 16384K
NUMA node0 CPU(s): 0-63
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate sme ssbd mba sev ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr rdpru wbnoinvd arat npt lbrv svm_lock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif umip rdpid overflow_recov succor smca
Firecracker version: v0.21.2
@jeromegn could you also specify what version of linux kernel are you using ? Both on the guest and on the host ? Thanks !
On this particular host: 5.6.0-050600-generic
, the guest is 4.19.129
built with a default config with these changes:
# Enable dummy network interfaces
CONFIG_DUMMY=y
# Enable VXLAN support as a module
CONFIG_VXLAN=m
# Enable wireguard on newer kernels
CONFIG_WIREGUARD=y
# IPv6 fun
CONFIG_IP6_NF_NAT=y
CONFIG_IP6_NF_TARGET_MASQUERADE=y
CONFIG_NF_NAT_IPV6=y
CONFIG_IP6_NF_IPTABLES=y
# Enable support for soft shutdown of amd64 VMs
# See https://github.com/firecracker-microvm/firecracker/blob/master/docs/api_requests/actions.md#sendctrlaltdel
CONFIG_KEYBOARD_ATKBD=y
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
CONFIG_SERIO_LIBPS2=y
# Make the guest's wall clock not drift
# https://github.com/firecracker-microvm/firecracker/blob/master/FAQ.md#my-guest-wall-clock-is-drifting-how-can-i-fix-it
CONFIG_PTP_1588_CLOCK=y
CONFIG_PTP_1588_CLOCK_KVM=y
# Some patches for keeping network functionalities that Kubernetes needs/might need
CONFIG_IPVLAN=y
CONFIG_IPVTAP=y
CONFIG_TAP=y
CONFIG_IP_VS_MH=m
# Enable /proc/config inside of the VM
# https://superuser.com/questions/287371/obtain-kernel-config-from-currently-running-linux-system
CONFIG_IKCONFIG=y
CONFIG_IKCONFIG_PROC=y
# Misc
CONFIG_ZBUD=y
It looks like KVM_GET_SUPPORTED_CPUID
returns a cpuid that contains the 0xb
leaf on AMD, even though this is an Intel-specific leaf. It looks like a kernel bug, but I am not sure. I have to do some more research.
@jeromegn Would it be acceptable for you to use a different host or guest kernel version ? I am not sure which one is the first release that fixes the issue. Also could you try this firecracker patch please and let us know if it mitigates the problem ?
I upgraded the guest kernel to 4.19.146 and the Firmware bug is gone. I'm not entirely sure which version fixes it though.
hi, I Get the same issue when I run Kali Linux on a VM (using VMware), and I can't seem to find any information online about this error besides this post, and all the fixes are on AMD EPYC, but I have an intel machine, Any suggestions?
My CPU is Raptor Lake, I9 13900HX mobile processor.
@ibrahimrefai2010
Could you give us more information?
lscpu
result on both host and guest@zulinx86
hi, Takahiro
Firecracker version: firecracker: command not found
host kernel version: I'm running windows on the host.
guest kernel version: 6.3.0-kali1-amd64
lscpu on host: N/A (24 core, 32 threads, the rest is the same as the guest)
lscpu on guest:
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Address sizes: 40 bits physical, 48 bits virtual
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Vendor ID: GenuineIntel
Model name: 13th Gen Intel(R) Core(TM) i9-13980HX
CPU family: 6
Model: 183
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 4
Stepping: 1
BogoMIPS: 4838.40
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr s
se sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon nopl tsc_reliable nonstop_tsc cp
uid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx h
ypervisor lahf_lm 3dnowprefetch pti arat
Virtualization features:
Hypervisor vendor: VMware
Virtualization type: full
Caches (sum of all):
L1d: 192 KiB (4 instances)
L1i: 128 KiB (4 instances)
L2: 8 MiB (4 instances)
L3: 144 MiB (4 instances)
NUMA:
NUMA node(s): 1
NUMA node0 CPU(s): 0-3
Vulnerabilities:
Itlb multihit: KVM: Mitigation: VMX unsupported
L1tf: Mitigation; PTE Inversion
Mds: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown
Meltdown: Mitigation; PTI
Mmio stale data: Unknown: No mitigations
Retbleed: Not affected
Spec store bypass: Vulnerable
Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointer sanitization
Spectre v2: Mitigation; Retpolines, STIBP disabled, RSB filling, PBRSB-eIBRS Not affected
Srbds: Not affected
Tsx async abort: Not affected`
more log:
Log starts here.
[0.082336] [Firmware Bug]: CPU1: APIC id mismatch. Firmware: 1 APIC: 2
[0.082336] [Firmware Bug]: CPU2: APIC id mismatch. Firmware: 2 APIC: 4
[0.082336] [Firmware Bug]: CPU3: APIC id mismatch. Firmware: 3 APIC: 6
[7.986536] atkbd serio0: failed to deactivate keyboard on isa0060/serio0
and it ends here.
@ibrahimrefai2010
Thanks for sharing the information, but I need to ask some questions.
Firecracker version: firecracker: command not found
It looks like you don't set up PATH to the place where you have the Firecracker binary. Please find the Firecracker binary file and check the version.
host kernel version: I'm running windows on the host.
As Firecracker uses the Linux KVM, it does not support Windows. How do you execute it on Windows?
guest kernel version: 6.3.0-kali1-amd64
We're supporting 4.14 and 5.10 guest kernels at the moment. https://github.com/firecracker-microvm/firecracker/tree/main#tested-platforms
Could you please test one of these guest kernel versions and see if it is reproducible? As you can see the comment here, the log message depends on the guest kernel version and we don't see it on our tested platforms.
Thanks.
@zulinx86 Hi, Takahiro
How do I execute it on windows? I'm running windows 11 on my host machine and a pre-built kali Linux image on the guest via VMware (https://www.kali.org/get-kali/#kali-virtual-machines)
We're supporting 4.14 and 5.10 guest kernels at the moment. I'll try downgrading into a version that has a 5.10 kernel in it
@ibrahimrefai2010
Thanks for more information!
How do I execute it on windows?
I'm running windows 11 on my host machine and a pre-built kali Linux image on the guest via VMware (https://www.kali.org/get-kali/#kali-virtual-machines)
Does this mean you're using nested virtualized environment, like kali Linux guest on kali Linux host on Windows 11? Firecracker doesn't support and test nested virtualization at the moment, so we would appreciate if you could understand in advance that our help here would be best effort.
We're supporting 4.14 and 5.10 guest kernels at the moment.
I'll try downgrading into a version that has a 5.10 kernel in it
Thanks for your cooperation!
When booting Linux you get the following warning: "[Firmware Bug]: CPU1: APIC id mismatch". The cause is that we don't set the APIC ID in the extended topology with CPUID.