WORKING

This is a comment summarising a bit the statement of work in this bug:

Bellow are the commits (and the merge requests they came from) that I
could identify by the previous comments. Judging by the selected
commits, the intent is to allow MSR supportability to be queried by
guest through CPUID MSR query emulation <-> kvm ioctls interface.
Every feature to be reported has to have its MSR declared for the CPU
type to be used AND the kvm ioctl backend + kernel support (to query
the actual hardware).

(1)

Request is to allow the following features to be reported by QEMU/KVM:

CPUID.(EAX=7H,ECX=0):EDX[26] (Enable/Disable IBRS/IBPB feature flag):

    Enumerates support for indirect branch restricted speculation
    (IBRS) and the indirect branch predictor barrier (IBPB).
    Processors that set this bit support the IA32_SPEC_CTRL MSR and
    the IA32_PRED_CMD MSR. They allow software to set
    IA32_SPEC_CTRL[0] (IBRS) and IA32_PRED_CMD[0] (IBPB).

and

CPUID.(EAX=7H,ECX=0):EDX[29] (IA32_ARCH_CAPABILITIES feature flag)

   Enumerates support for the IA32_ARCH_CAPABILITIES MSR, allowing
   MSR index 10AH to be read:

   - (bit 0) RDCL_NO: not susceptible to rogue data cache
   - (bit 1) IBRS_ALL: processor supports IBRS
   - (bit 2) RSBA: processor supports RSB alternate (retpol off)
   - (bit 3) SKIP_L1DFL_VMENTRY: vm entry don't flush L1D on VM entry
   - (bit 4) SSB_NO: processor not susceptible to spec store bypass

(2)

There is *no current request* to allow following features to be
reported by EAX_7H_ECX_0_EDX QEMU/KVM right now:

* CPUID.(EAX=7H,ECX=0):EDX[27] STIBP support flag.
* CPUID.(EAX=7H,ECX=0):EDX[28] L1D_FLUSH support flag.
* CPUID.(EAX=7H,ECX=0):EDX[31] SSBD support flag.

OBS: I haven't checked patch dependencies yet, not sure if more
patches are needed yet, just realized that SSBD support flag wasn't
being asked to be backported (nor present in 2.11 version, Bionic
version which we are targetting this to). That explains the small
"statement of work" above.

For now the request was fully understood: I'll work tomorrow in a
backport attempt to check if big pieces in between 2.11 and something
around the v3.0.0-152-g8c80c99fcc .. v4.0.0-rc0-2-g014018e19b range
are missing that would require a major refactoring that would not be
possible to be done.

(3)

Possible points of pain:

- arch_capabilities unmigratable flag inside cpu data structure
  (while CPUID was being developed) turned later on into migratable
  later. 

- data structure changes to support MSR based features.

QEMU:

######## MERGE REQUEST

21ee4787e53367590f284915bf4c30c684e65bdf
174a78a8a5c0cf421236fe14efc5559717f050df
bb4928c7cafe50ab2137a0034e350ef1bfa044d9
014018e19b3c54dd1bf5072bc912ceffea40abe8 +
485b1d256bcb0874bcde0223727c159b6837e6f8 +

commit 014018e19b3c54dd1bf5072bc912ceffea40abe8 - v4.0.0-rc0-2-g014018e19b
Author: Eduardo Habkost <ehabk...@redhat.com>
Date:   Fri Jan 25 20:06:06 2019

    i386: Make arch_capabilities migratable

    Now that kvm_arch_get_supported_cpuid() will only return
    arch_capabilities if QEMU is able to initialize the MSR properly,
    we know that the feature is safely migratable.

    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>
    Message-Id: <20190125220606.4864-3-ehabk...@redhat.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

----

commit 485b1d256bcb0874bcde0223727c159b6837e6f8 - v4.0.0-rc0-1-g485b1d256b
Author: Eduardo Habkost <ehabk...@redhat.com>
Date:   Fri Jan 25 20:06:05 2019

    i386: kvm: Disable arch_capabilities if MSR can't be set

    KVM has two bugs in the handling of MSR_IA32_ARCH_CAPABILITIES:

    1) Linux commit commit 1eaafe91a0df ("kvm: x86:
    IA32_ARCH_CAPABILITIES is always supported") makes
    GET_SUPPORTED_CPUID return arch_capabilities even if running on
    SVM.  This makes "-cpu host,migratable=off" incorrectly expose
    arch_capabilities on CPUID on AMD hosts (where the MSR is not
    emulated by KVM).

    2) KVM_GET_MSR_INDEX_LIST does not return
    MSR_IA32_ARCH_CAPABILITIES if the MSR is not supported by the
    host CPU.  This makes QEMU not initialize the MSR properly at
    kvm_put_msrs() on those hosts.

    Work around both bugs on the QEMU side, by checking if the MSR
    was returned by KVM_GET_MSR_INDEX_LIST before returning the
    feature flag on kvm_arch_get_supported_cpuid().

    This has the unfortunate side effect of making arch_capabilities
    unavailable on hosts without hardware support for the MSR until
    bug #2 is fixed on KVM, but I can't see another way to work
    around bug #1 without that side effect.

    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>
    Message-Id: <20190125220606.4864-2-ehabk...@redhat.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

########

---- possibly just one:

commit b0a1980384fc265d91de7e09aa5fe531a69e6288 - v3.1.0-1228-gb0a1980384
Author: Tao Xu <tao3...@intel.com>
Date:   Thu Dec 27 00:43:03 2018

    i386: Update stepping of Cascadelake-Server

    Update the stepping from 5 to 6, in order that
    the Cascadelake-Server CPU model can support AVX512VNNI
    and MSR based features exposed by ARCH_CAPABILITIES.

    Signed-off-by: Tao Xu <tao3...@intel.com>
    Message-Id: <20181227024304.12182-2-tao3...@intel.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

---- possibly just one:

commit aec5e9c3a94cf8b7920f59bef69a6f426092c4a0 - v3.1.0-rc2-32-gaec5e9c3a9
Author: Bandan Das <b...@redhat.com>
Date:   Mon Nov 26 02:17:28 2018

    kvm: Use KVM_GET_MSR_INDEX_LIST for MSR_IA32_ARCH_CAPABILITIES
    support

    When writing to guest's MSR_IA32_ARCH_CAPABILITIES, check whether
    it's supported in the guest using the KVM_GET_MSR_INDEX_LIST
    ioctl.

    Fixes: d86f963694df27f11b3681ffd225c9362de1b634
    Suggested-by: Eduardo Habkost <ehabk...@redhat.com>
    Tested-by: baldu...@units.it
    Signed-off-by: Bandan Das <b...@redhat.com>
    Message-Id: <jpg4lc4iiav.fsf...@linux.bootlegged.copy>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>


######## MERGE REQUEST:

09b9ee643f90ef95e30e594df2a3c83ccaf75b1f
c7a88b52f62b30c04158eeb07f73e3f72221b6a8
d86f963694df27f11b3681ffd225c9362de1b634 +
07585923485952bf4cb7da563c9f91fecc85d09c +
f57bceb6ab5163ddd6c41ff4344ab8cf28a9c63d +
38bf9e3b6185e6e4e4d50f7ff968676bf92a5bd7
de2e68c902f7b6e438b0fa3cfedd74a06a20704f

----

commit c7a88b52f62b30c04158eeb07f73e3f72221b6a8 - v3.0.0-1662-gc7a88b52f6
Author: Tao Xu <tao3...@intel.com>
Date:   Wed Sep 19 00:11:22 2018

    i386: Add new model of Cascadelake-Server

    New CPU models mostly inherit features from ancestor Skylake-Server,
    while addin new features: AVX512_VNNI, Intel PT.
    SSBD support for speculative execution
    side channel mitigations.

    Note:

    On Cascadelake, some capabilities (RDCL_NO, IBRS_ALL, RSBA,
    SKIP_L1DFL_VMENTRY and SSB_NO) are enumerated by MSR.
    These features rely on MSR based feature support patch.
    Will be added later after that patch's in.
    http://lists.nongnu.org/archive/html/qemu-devel/2018-09/msg00074.html

    Signed-off-by: Tao Xu <tao3...@intel.com>
    Message-Id: <20180919031122.28487-2-tao3...@intel.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

----

commit d86f963694df27f11b3681ffd225c9362de1b634 - v3.0.0-1661-gd86f963694
Author: Robert Hoo <robert...@linux.intel.com>
Date:   Mon Oct 15 01:47:25 2018

    x86: define a new MSR based feature word --
FEATURE_WORDS_ARCH_CAPABILITIES

    Note RSBA is specially treated -- no matter host support it or not, qemu
    pretends it is supported.

    Signed-off-by: Robert Hoo <robert...@linux.intel.com>
    Message-Id: <1539578845-37944-4-git-send-email-robert...@linux.intel.com>
    [ehabkost: removed automatic enabling of RSBA]
    Reviewed-by: Eduardo Habkost <ehabk...@redhat.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

----

commit 07585923485952bf4cb7da563c9f91fecc85d09c - v3.0.0-1660-g0758592348
Author: Robert Hoo <robert...@linux.intel.com>
Date:   Mon Oct 15 01:47:24 2018

    x86: Data structure changes to support MSR based features

    Add FeatureWordType indicator in struct FeatureWordInfo.
    Change feature_word_info[] accordingly.
    Change existing functions that refer to feature_word_info[] accordingly.

    Signed-off-by: Robert Hoo <robert...@linux.intel.com>
    Message-Id: <1539578845-37944-3-git-send-email-robert...@linux.intel.com>
    [ehabkost: fixed hvf_enabled() case]
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

----

commit f57bceb6ab5163ddd6c41ff4344ab8cf28a9c63d - v3.0.0-1659-gf57bceb6ab
Author: Robert Hoo <robert...@linux.intel.com>
Date:   Mon Oct 15 01:47:23 2018

    kvm: Add support to KVM_GET_MSR_FEATURE_INDEX_LIST and KVM_GET_MSRS
system ioctl

    Add kvm_get_supported_feature_msrs() to get supported MSR feature index 
list.
    Add kvm_arch_get_supported_msr_feature() to get each MSR features value.

    Signed-off-by: Robert Hoo <robert...@linux.intel.com>
    Message-Id: <1539578845-37944-2-git-send-email-robert...@linux.intel.com>
    Reviewed-by: Eduardo Habkost <ehabk...@redhat.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>


######## MERGE REQUEST:

7210a02c58572b2686a3a8d610c6628f87864aed
7f710c32bb893c68b931c68265f0427c032eb7f4
8a11c62da9146dd89aee98947e6bd831e65a970d +
59a80a19ca31a6fff9fdbb6b4cf55a5a0767c3bc
5131dc433df54b37e8e918d8fba7fe10344e7a7b
3fc7c73139d2d38ae80c3b0bc963b1ac1555924c +
8c80c99fcceabd0708a5a83f08577e778c9419f5 +
2544e9e4aa2bcef8ac069057a681a5ff37a23e49

----

commit 8a11c62da9146dd89aee98947e6bd831e65a970d - v3.0.0-156-g8a11c62da9
Author: Robert Hoo <robert...@linux.intel.com>
Date:   Thu Jul 5 06:09:58 2018

    i386: Add new CPU model Icelake-{Server,Client}

    New CPU models mostly inherit features from ancestor Skylake,
    while addin new features: UMIP, New Instructions ( PCONIFIG
    (server only), WBNOINVD, AVX512_VBMI2, GFNI, AVX512_VNNI,
    VPCLMULQDQ, VAES, AVX512_BITALG), Intel PT and 5-level paging
    (Server only). As well as IA32_PRED_CMD, SSBD support for
    speculative execution side channel mitigations.

    Note:
    For 5-level paging, Guest physical address width can be
    configured, with parameter "phys-bits". Unless explicitly
    specified, we still use its default value, even for
    Icelake-Server cpu model. At present, hold on expose
    IA32_ARCH_CAPABILITIES to guest, as 1) This MSR actually presents
    more than 1 'feature', maintainers are considering expanding
    current features presentation of only CPUIDs to MSR bits; 2) a
    reasonable default value for MSR_IA32_ARCH_CAPABILITIES needs to
    settled first. These 2 are actully beyond Icelake CPU model
    itself but fundamental. So split these work apart and do it
    later.
    https://lists.gnu.org/archive/html/qemu-devel/2018-07/msg00774.html
    https://lists.gnu.org/archive/html/qemu-devel/2018-07/msg00796.html

    Signed-off-by: Robert Hoo <robert...@linux.intel.com>
    Message-Id: <1530781798-183214-6-git-send-email-robert...@linux.intel.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

----

commit 3fc7c73139d2d38ae80c3b0bc963b1ac1555924c - v3.0.0-153-g3fc7c73139
Author: Robert Hoo <robert...@linux.intel.com>
Date:   Thu Jul 5 06:09:55 2018

    i386: Add CPUID bit and feature words for IA32_ARCH_CAPABILITIES MSR

    Support of IA32_PRED_CMD MSR already be enumerated by same CPUID bit as
    SPEC_CTRL.

    At present, mark CPUID_7_0_EDX_ARCH_CAPABILITIES unmigratable, per Paolo's
    comment.

    Signed-off-by: Robert Hoo <robert...@linux.intel.com>
    Message-Id: <1530781798-183214-3-git-send-email-robert...@linux.intel.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>    

----

commit 8c80c99fcceabd0708a5a83f08577e778c9419f5 - v3.0.0-152-g8c80c99fcc
Author: Robert Hoo <robert...@linux.intel.com>
Date:   Thu Jul 5 06:09:54 2018

    i386: Add new MSR indices for IA32_PRED_CMD and
    IA32_ARCH_CAPABILITIES

    IA32_PRED_CMD MSR gives software a way to issue commands that
    affect the state of indirect branch predictors. Enumerated by
    CPUID.(EAX=7H,ECX=0):EDX[26]. IA32_ARCH_CAPABILITIES MSR
    enumerates architectural features of RDCL_NO and IBRS_ALL.
    Enumerated by CPUID.(EAX=07H, ECX=0):EDX[29].

    https://software.intel.com/sites/default/files/managed/c5/
    63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf

    Signed-off-by: Robert Hoo <robert...@linux.intel.com>
    Message-Id: <1530781798-183214-2-git-send-email-robert...@linux.intel.com>
    Signed-off-by: Eduardo Habkost <ehabk...@redhat.com>

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828495

Title:
  [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.

Status in intel:
  New
Status in linux package in Ubuntu:
  Confirmed
Status in qemu package in Ubuntu:
  Triaged

Bug description:
  This is a bug.

  Test Environment:

  Repro Steps:

  1. Boot up guest using: -cpu Cascadelake-Server

  [root@clx-2s2 yexin]# qemu-system-x86_64 -accel kvm -drive
  if=virtio,id=hd,file=/home/x/x,format=qcow2  -m 4096 -smp 4 -cpu
  Cascadelake-Server -serial stdio

  char device redirected to /dev/pts/3 (label serial0)

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  2. To check CPU ID related to features[FEAT_7_0_EDX]
  :CPUID_7_0_EDX_ARCH_CAPABILITIES

  Expected Result: Both host and guest's CPUID.07H EDX bit 29 should be
  1.

  Actual Result:

  Host's cpuid: 0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb
  ecx=0x00000818 edx=0xbc000000  (EDX bit 29=1)

  Guest's cpuid : 0x00000007 0x00: eax=0x00000000 ebx=0xd19f0fb9
  ecx=0x00000818 edx=0x84000000 (EDX bit 29=0)

  Commit:2bdb76c015df7125783d8394d6339d181cb5bc30

  Target Kerned: 5.1
  Target Release: 19.10

To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1828495/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to