(Upgraded to 2.2 on KVM) panic: CPU0 does not support X87 or SSE:1



  • So I invoked auto-update on my pfsense 2.15 to 2.2.

    I did read the change logs and known issue but didn't see anything that pertain to my setup.

    After it was done it rebooted and now it panics at boot and stops, I've tried safemode, single user mode, verbose mode and unable to boot it. Lucky I made backups before proceeding, might take me two hours to restore the network.

    But here's what it's says

    
    Booting...
    KDB: debugger backends: ddb
    KDB: current backend: ddb
    panic: CPU0 does not support X87 or SSE: 1
    cpuid = 0
    KDB: enter: panic
    [ thread pid 0 tid 0 ]
    Stopped at kdb_enter+0x3e:movq $0,kdb_why
    db>
    
    

    KVM HOST:
    O/S: Centos 6.5
    KVM version: qemu-kvm-0.12.1.2-2.415.el6_5.4.x86_64
    Xeon 1230

    FLAGS:

    fpu		: yes
    fpu_exception	: yes
    cpuid level	: 13
    wp		: yes
    flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid
    
    

    Guest:
    Copied host CPU configurations.
    virtio for disk and network.
    5 nics.

    I suspect that my KVM version might be too old.
    But can anyone explain to me what pfsense is trying to tell me?



  • Well disabling xsave flag in KVM got the thing to boot but then the guest crashes at some point in the pfsense boot.

    Googling reveals that this is a bug in qemu-kvm and my kernel version 2.6.32

    http://lists.freebsd.org/pipermail/freebsd-amd64/2013-February/015136.html

    xsave cpuid exposing bug
    https://lists.gnu.org/archive/html/qemu-devel/2014-02/msg04140.html

    freebsd 10 kernel trap 12
    https://www.urbas.eu/freebsd-10-and-profitbricks/

    I'm gonna have to try the last one and see what happens.

    EDIT: last one works.
    Also found out if I switch all virtio nic to e1000, the guest doesn't crash. But that's useless, since I need the improved virtio for better performance between lans that go through pfsense.

    I do 106MB/s transfers using SMB from host to server through a switch on LAN1. But when I need to transfer from a host on LAN2 to server on LAN1 the only thing that connects them both is pfsense, and speed is just anywhere between 15 to 30MB/s transfers.

    As you can see, I have a need for speed.



  • How would I use in a a multiple vlan macvtap?
    do I do it on macvtap or the vlan?

    Example
    eth1.100
    or
    macvtap0



  • But I have it working like that.

    I just modprobe 8021q on the host, then setup the network scripts to setup vlans for the hardware on the host. After that use virt-manager or virsh to create bridges using macvtap to those vlan interfaces. I set up a nic tied to each vlan. In my case I have 6. Wan, Lan, Lan2, DMZ, LTSP, Carp.

    I've been using it like this for past 3 years. The only issue was slow transfer speeds from Lan to Lan2 which have to pass through pfsesne guest.



  • Disable PV? Like what use e1000 nics? The problem persist there too.



  • Well this is what I ended up doing.

    Did a fresh new VM, set with bsd 8.x preconfig.
    Copied host cpu configurations and disabled xsave feature
    Did virtIO on the disk/5G image
    Got rid of all the nics.
    Did pci-passthrough of eth1 on the host to VM.
    Then did vlan setup from pfsense side.

    Result LAN to LAN2 50MB/s which is what I expected. Both interfaces pushing about 400Mbit/s according to the pfsense traffic graphs, which would stature a single gigabit link.

    Eh, it's much better than what it was before; and now I'm running 2.2.