Hello Rafael,
Testing results to share, looks like the exposure of eIBRS into the
Guest is complete. Don't see Bit 5 implemented yet for MDS bit for Arch
Capability.
See below for details and let me know if you need any specific based on
these configuration.
Regards, Ai B.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Tested on Host:- Ubuntu 18.04.1 Kernel 4.15.0-55-generic
#virsh version
Compiled against library: libvirt 4.0.0
Using library: libvirt 4.0.0
Using API: QEMU 4.0.0
Running hypervisor: QEMU 2.11.1
#lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 80
On-line CPU(s) list: 0-79
Thread(s) per core: 2
Core(s) per socket: 20
Socket(s): 2
NUMA node(s): 2
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz
Stepping: 6
CPU MHz: 800.144
CPU max MHz: 2100.0000
CPU min MHz: 800.0000
BogoMIPS: 4200.00
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 1024K
L3 cache: 28160K
NUMA node0 CPU(s): 0-19,40-59
NUMA node1 CPU(s): 20-39,60-79
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx
pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl
xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx
smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe
popcnt aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb
cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow
vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms
invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb
intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc
cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm arat pln pts pku ospke
avx512_vnni md_clear flush_l1d arch_capabilities
#rdmsr 0x10a
2b
qemu:
Installed: (none)
Candidate: 1:2.11+dfsg-1ubuntu7.16~ppa1
Version table:
1:2.11+dfsg-1ubuntu7.16~ppa1 500
500 http://ppa.launchpad.net/rafaeldtinoco/lp1828495/ubuntu bionic/main
amd64 Packages
1:2.11+dfsg-1ubuntu7.15 500
500 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64
Packages
1:2.11+dfsg-1ubuntu7.14 500
500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64
Packages
1:2.11+dfsg-1ubuntu7 500
500 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
#/usr/bin/qemu-system-x86_64 -name guest=vm1,debug-threads=on -S -object
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-2-vm1
/master-key.aes -machine pc-i440fx-2.11,accel=kvm,usb=off,dump-guest-
core=off -cpu host -m 32768 -realtime mlock=off -smp
8,sockets=8,cores=1,threads=1 -uuid ee83a263-89e0-47ca-81a3-9fa41c73b645
-no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-2-vm1/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc
base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet
-no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1
-boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7
-device ich9-usb-
uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5
-device ich9-usb-
uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9
-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -drive
file=/var/images/CentOS-7-x86_64-GenericCloud.qcow2,format=qcow2,if=none,id
=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-
ide0-0-0,id=ide0-0-0,bootindex=1 -netdev
tap,fd=26,id=hostnet0,vhost=on,vhostfd=28 -device virtio-net-
pci,netdev=hostnet0,id=net0,mac=52:54:00:20:26:33,bus=pci.0,addr=0x3
-chardev pty,id=charserial0 -device isa-
serial,chardev=charserial0,id=serial0 -vnc 0.0.0.0:1 -device qxl-
vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2
-device vfio-pci,host=5f:00.0,id=hostdev0,bus=pci.0,addr=0x6 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Quest OS CentOS 7.6 kernel 3.10.0-957.12.2.el7.x86_64
#lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 8
On-line CPU(s) list: 0-7
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 8
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz
Stepping: 6
CPU MHz: 2095.074
BogoMIPS: 4190.14
Virtualization: VT-x
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
L3 cache: 16384K
NUMA node0 CPU(s): 0-7
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm
constant_tsc arch_perfmon rep_good nopl xtopology eagerfpu pni pclmulqdq vmx
ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes
xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ssbd ibrs ibpb
ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1
hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap
clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat pku
ospke avx512_vnni md_clear spec_ctrl arch_capabilities
#rdmsr 0x10a
b
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828495
Title:
[KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.
Status in intel:
New
Status in libvirt package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
In Progress
Status in qemu package in Ubuntu:
Fix Released
Status in libvirt source package in Bionic:
Confirmed
Status in linux source package in Bionic:
Confirmed
Status in qemu source package in Bionic:
Fix Committed
Status in libvirt source package in Cosmic:
Won't Fix
Status in linux source package in Cosmic:
Won't Fix
Status in qemu source package in Cosmic:
Won't Fix
Status in libvirt source package in Disco:
Confirmed
Status in linux source package in Disco:
Confirmed
Status in qemu source package in Disco:
Fix Committed
Status in libvirt source package in Eoan:
Fix Released
Status in linux source package in Eoan:
In Progress
Status in qemu source package in Eoan:
Fix Released
Bug description:
[Impact]
* QEMU does not support IceLake and CascadeLake CPUs specific features.
* Most important feature to be supported is: IA32_ARCH_CAPABILITIES MSR.
* With IA32_ARCH_CAPABILITIES, QEMU is able to advertise HW mitigations:
- Rogue Data Cache Load
- Enhanced IBRS
- RSB Alternate
- L1D flush need on VMENTRY
- speculative Store Bypass
to guests, as described in document:
Intel 336996-Speculative-Execution-Side-Channel-Mitigations.pdf
[Test Case]
* From Original Description:
"""
1. Boot up guest using: -cpu Cascadelake-Server
[root@clx-2s2 yexin]# qemu-system-x86_64 -accel kvm -drive
if=virtio,id=hd,file=/home/x/x,format=qcow2 -m 4096 -smp 4 -cpu
Cascadelake-Server -serial stdio
char device redirected to /dev/pts/3 (label serial0)
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
2. To check CPU ID related to features[FEAT_7_0_EDX]
:CPUID_7_0_EDX_ARCH_CAPABILITIES
Expected Result: Both host and guest's CPUID.07H EDX bit 29 should be
1.
Actual Result:
Host's cpuid: 0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb
ecx=0x00000818 edx=0xbc000000 (EDX bit 29=1)
Guest's cpuid : 0x00000007 0x00: eax=0x00000000 ebx=0xd19f0fb9
ecx=0x00000818 edx=0x84000000 (EDX bit 29=0)
Commit:2bdb76c015df7125783d8394d6339d181cb5bc30
Target Kerned: 5.1
Target Release: 19.10
"""
[Regression Potential]
* Most changes are related to CPU type definitions and its supported
features. They are all based in upstream changes but, for obvious
reasons, backporting and/or cherry-picking those could bring issues.
Biggest concern is breaking something that currently works. Right now,
the parts being changed that could affect other CPU types would be
related to a small refactoring of how the features are organized, and
that would be seen right away when trying to start a new VM after the
package is installed.
* Other tests, related to the features being backported, are being
done by our KVM regression tests, including migration combinations, to
reduce chances that a regression is introduced.
[Other Info]
* N/A
To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1828495/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
