Bug#869807: qemu: [regression] unknown CPU feature __kvm_hv_spinlocks after upgrade to +deb9u1

[Christian Seiler]

Package: qemu-system-x86
Version: 1:2.8+dfsg-6+deb9u1
Severity: important
X-Debbugs-Cc: secur...@debian.org
Dear maintainers, dear security team,

after performing the security upgrade to 1:2.8+dfsg-6+deb9u1 a virtual
machine (managed via libvirt) does not start anymore.

Underlying CPU is an Intel Kaby Lake Core i7-7700. VT-x and VT-d are
enabled in the BIOS. Kernel cmdline has intel_iommu=on. Latest
microcode update is installed.

KVM configuration: Machine of guest is set to pc-i440fx-2.8, CPU is set
to Skylake-Client. A PCIe framegrabber card (in x16 slot, but card is
x4 or x8, I don't remember exactly) is passed through to the guest.

With 1:2.8+dfsg-6 the guest boots just fine.

With 1:2.8+dfsg-6+deb9u1 the guest doesn't start properly. In the
journal I can find the following message every time I try to start the
guest:

libvirtd[964]: ...: 984: error : x86FeatureInData:780 : internal error: 
unknown CPU feature __kvm_hv_spinlocks
libvirtd[964]: ...: 964: error : qemuMonitorIO:695 : internal error: End 
of file from qemu monitor

To get this working again I downgraded qemu-kvm, qemu-system-common
and qemu-system-x86 back to 1:2.8+dfsg-6.

The full command that is used to start qemu by libvirt is the
following (UUIDs and MAC addresses censored):

qemu-system-x86_64
-enable-kvm
-name guest=win10,debug-threads=on
-S
-object 
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-4-win10/master-key.aes
-machine pc-i440fx-2.8,accel=kvm,usb=off,vmport=off,dump-guest-core=off
-cpu 
Skylake-Client,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+tsc_adjust,+clflushopt,+pdpe1gb,hv_time,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff
-m 16384
-realtime mlock=off
-smp 4,sockets=4,cores=1,threads=1
-uuid ....
-no-user-config
-nodefaults
-chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-4-win10/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control
-rtc base=localtime,driftfix=slew
-global kvm-pit.lost_tick_policy=delay
-no-hpet
-no-shutdown
-global PIIX4_PM.disable_s3=1
-global PIIX4_PM.disable_s4=1
-boot strict=on
-device nec-usb-xhci,id=usb,bus=pci.0,addr=0x5
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6
-drive 
file=/var/lib/libvirt/images/win10.qcow2,format=qcow2,if=none,id=drive-virtio-disk0
-device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
-drive 
file=/var/lib/libvirt/images/win10_data.qcow2,format=qcow2,if=none,id=drive-virtio-disk1
-device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x9,drive=drive-virtio-disk1,id=virtio-disk1
-drive if=none,id=drive-ide0-0-1,readonly=on
-device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1
-netdev tap,fd=25,id=hostnet0
-device rtl8139,netdev=hostnet0,id=net0,mac=...,bus=pci.0,addr=0x3
-chardev pty,id=charserial0
-device isa-serial,chardev=charserial0,id=serial0
-chardev spicevmc,id=charchannel0,name=vdagent
-device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0
-device usb-tablet,id=input0,bus=usb.0,port=1
-spice 
port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on
-device 
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2
-device intel-hda,id=sound0,bus=pci.0,addr=0x4
-device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0
-chardev spicevmc,id=charredir0,name=usbredir
-device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2
-chardev spicevmc,id=charredir1,name=usbredir
-device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3
-device vfio-pci,host=02:00.0,id=hostdev0,bus=pci.0,addr=0xa
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7
-msg timestamp=on

I did take a look at the patches in the git repository:

https://anonscm.debian.org/cgit/pkg-qemu/qemu.git/log/?id=refs/heads/debian-stretch

But I'm very confused because none of these patches actually touch the
CPU flags or any other part of virtualization.

Regards,
Christian

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages qemu-system-x86 depends on:
ii  ipxe-qemu           1.0.0+git-20161027.b991c67-1
ii  libaio1             0.3.110-3
ii  libasound2          1.1.3-5
ii  libbluetooth3       5.43-2
ii  libbrlapi0.6        5.4-7
ii  libc6               2.24-11+deb9u1
ii  libcacard0          1:2.5.0-3
ii  libfdt1             1.4.2-1
ii  libgcc1             1:6.3.0-18
ii  libglib2.0-0        2.50.3-2
ii  libgnutls30         3.5.8-5+deb9u2
ii  libjpeg62-turbo     1:1.5.1-2
ii  libncursesw5        6.0+20161126-1
ii  libnettle6          3.3-1+b1
ii  libnuma1            2.0.11-2.1
ii  libpixman-1-0       0.34.0-1
ii  libpng16-16         1.6.28-1
ii  libpulse0           10.0-1+deb9u1
ii  libsasl2-2          2.1.27~101-g0780600+dfsg-3
ii  libsdl1.2debian     1.2.15+dfsg1-4
ii  libseccomp2         2.3.1-2.1
ii  libspice-server1    0.12.8-2.1+deb9u1
ii  libtinfo5           6.0+20161126-1
ii  libusb-1.0-0        2:1.0.21-1
ii  libusbredirparser1  0.7.1-1
ii  libvdeplug2         2.3.2+r586-2.1
ii  libx11-6            2:1.6.4-3
ii  libxen-4.8          4.8.1-1+deb9u1
ii  libxenstore3.0      4.8.1-1+deb9u1
ii  qemu-system-common  1:2.8+dfsg-6+deb9u1
ii  seabios             1.10.2-1
ii  zlib1g              1:1.2.8.dfsg-5

Versions of packages qemu-system-x86 recommends:
ii  qemu-utils  1:2.8+dfsg-6+deb9u1

Versions of packages qemu-system-x86 suggests:
ii  kmod              23-2
pn  ovmf              <none>
pn  qemu-block-extra  <none>
pn  samba             <none>
pn  sgabios           <none>
pn  vde2              <none>

-- no debconf information