I re-checked all that you and I found, lets write a List with all that we know if there are patterns.
Host (should not matter, but be rather new) - in my case B4.18 Q2.11 For new qemu I'm using Mitaka. In this case being from https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/mitaka-staging to get those libvirt/qemu with the MDS fixes which are still waiting to be released. The check is like: $ uname -r; cat /sys/devices/system/cpu/vulnerabilities/mds; cat /proc/cpuinfo | grep -e ^bug -e ^flags | grep md An example result would look like a) 4.4.0-148-generic b) Mitigation: Clear CPU buffers; SMT Host state unknown c) flags : [...] md_clear d) bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds a) to verify the kernel level is as expected b) to show what the kernel thinks about the Mitigation status c) check the md_clear in cpu flags d) show bugs the cpu is affected (not present on 3.13) Only if all those above are ok we call it good, otherwise add a comment what fails Test list: lvl 1 kernel T3.13 / T4.4 lvl 2 kernel T3.13 / T4.4 / B4.15 Qemu T2.0 / M2.5 T LVL1 LVL2 Result 01 T3.13 / Q2.0 T3.13 ok 02 T3.13 / Q2.0 T4.4 ok 03 T3.13 / Q2.0 B4.15 full passthrough crashes, md-clear feature not passed 04 T3.13 / Q2.5 T3.13 ok 05 T3.13 / Q2.5 T4.4 ok 06 T3.13 / Q2.5 B4.15 ok 07 T4.4 / Q2.0 T3.13 shows not-affected, md-clear available 08 T4.4 / Q2.0 T4.4 shows not-affected, md-clear available 09 T4.4 / Q2.0 B4.15 shows not-affected, md-clear available 10 T4.4 / Q2.5 T3.13 ok 11 T4.4 / Q2.5 T4.4 ok 12 T4.4 / Q2.5 B4.15 ok Of these testcases we have two fields of errors. #03 : base Trusty with a rather new guest having issues Fix to that seems to be in the kernel as 3.13 -> 4.4 fixes it #07-09: The qemu 2.0 in trusty seems to have issues if used with the HWE 4.4 kernel The fix to that seems to be in a newer qemu as 2.0 -> 2.5 fixes it ** Changed in: qemu (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1829555 Title: nested virtualization w/first level trusty guests has odd MDS behavior Status in linux package in Ubuntu: Confirmed Status in qemu package in Ubuntu: Confirmed Bug description: When nested kvm virtualization is used (with host-passthrough), if the first level guest is a trusty vm, odd behavior is seen in the second level guest: host os: disco/5.0.0-15.16-generic/qemu 1:3.1+dfsg-2ubuntu3.1 contents of /sys/devices/system/cpu/vulnerabilities/mds: Mitigation: Clear CPU buffers; SMT vulnerable 1st level vm: trusty/4.4.0-148.174~14.04.1-generic/qemu 2.0.0+dfsg-2ubuntu1.46 contents of /sys/devices/system/cpu/vulnerabilities/mds: Mitigation: Clear CPU buffers; SMT Host state unknown 2nd level vm: bionic/4.15.0-50.54-generic contents of /sys/devices/system/cpu/vulnerabilities/mds: Not affected This behavior is not seen when the first level guest is a xenial or bionic vm (same bare metal hardware): 1st level vm: bionic/4.15.0-50.54-generic/qemu 1:2.11+dfsg-1ubuntu7.13 contents of /sys/devices/system/cpu/vulnerabilities/mds: Mitigation: Clear CPU buffers; SMT Host state unknown 2nd level vm: bionic/4.15.0-50.54-generic contents of /sys/devices/system/cpu/vulnerabilities/mds: Mitigation: Clear CPU buffers; SMT Host state unknown and: 1st level vm: xenial/4.4.0-148.174-generic/qemu 1:2.5+dfsg-5ubuntu10.39 contents of /sys/devices/system/cpu/vulnerabilities/mds: Mitigation: Clear CPU buffers; SMT Host state unknown 2nd level vm: bionic/4.15.0-50.54-generic contents of /sys/devices/system/cpu/vulnerabilities/mds: Mitigation: Clear CPU buffers; SMT Host state unknown It's not clear whether this is an issue with linux/kvm or qemu in trusty. --- ApportVersion: 2.14.1-0ubuntu3.29 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC0: ubuntu 2239 F.... pulseaudio DistroRelease: Ubuntu 14.04 HibernationDevice: RESUME=UUID=4fa9460d-7ed4-49db-8e22-86a5107d0062 InstallationDate: Installed on 2019-02-14 (92 days ago) InstallationMedia: Ubuntu 14.04.5 LTS "Trusty Tahr" - Release amd64 (20160803) Lsusb: Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub MachineType: QEMU Standard PC (i440FX + PIIX, 1996) Package: qemu 2.0.0+dfsg-2ubuntu1.46 PackageArchitecture: amd64 ProcEnviron: TERM=screen PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 qxldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-148-generic root=UUID=9a35107e-83fa-4010-81e1-235a4ea14fe6 ro quiet splash vt.handoff=7 ProcVersionSignature: User Name 4.4.0-148.174~14.04.1-generic 4.4.177 RelatedPackageVersions: linux-restricted-modules-4.4.0-148-generic N/A linux-backports-modules-4.4.0-148-generic N/A linux-firmware 1.127.24 RfKill: Tags: trusty trusty Uname: Linux 4.4.0-148-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip libvirtd lpadmin plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 04/01/2014 dmi.bios.vendor: SeaBIOS dmi.bios.version: 1.12.0-1 dmi.chassis.type: 1 dmi.chassis.vendor: QEMU dmi.chassis.version: pc-i440fx-bionic dmi.modalias: dmi:bvnSeaBIOS:bvr1.12.0-1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-bionic:cvnQEMU:ct1:cvrpc-i440fx-bionic: dmi.product.name: Standard PC (i440FX + PIIX, 1996) dmi.product.version: pc-i440fx-bionic dmi.sys.vendor: QEMU To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1829555/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp