Hello Rafael,
Testing results to share, Bit 5 Arch Capability is verified implemented.
See below for details, please feel free to let me know if you need more
information.
Thanks.
Regards, Ai B.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Tested on Host:- Ubuntu 18.04.1 Kernel 4.15.0-55-generic
#virsh version
Compiled against library: libvirt 4.0.0
Using library: libvirt 4.0.0
Using API: QEMU 4.0.0
Running hypervisor: QEMU 2.11.1
#lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 80
On-line CPU(s) list: 0-79
Thread(s) per core: 2
Core(s) per socket: 20
Socket(s): 2
NUMA node(s): 2
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz
Stepping: 6
CPU MHz: 800.144
CPU max MHz: 2100.0000
CPU min MHz: 800.0000
BogoMIPS: 4200.00
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 1024K
L3 cache: 28160K
NUMA node0 CPU(s): 0-19,40-59
NUMA node1 CPU(s): 20-39,60-79
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx
pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl
xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx
smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe
popcnt aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb
cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow
vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms
invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb
intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc
cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm arat pln pts pku ospke
avx512_vnni md_clear flush_l1d arch_capabilities
#rdmsr 0x10a
2b
qemu:
Installed: (none)
Candidate: 1:2.11+dfsg-1ubuntu7.17~ppa1
Version table:
1:2.11+dfsg-1ubuntu7.17~ppa1 500
500 http://ppa.launchpad.net/rafaeldtinoco/lp1828495/ubuntu bionic/main
amd64 Packages
1:2.11+dfsg-1ubuntu7.15 500
500 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64
Packages
1:2.11+dfsg-1ubuntu7.14 500
500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64
Packages
1:2.11+dfsg-1ubuntu7 500
500 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Guest OS CentOS 7.6 kernel 3.10.0-957.12.2.el7.x86_64
#lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 8
On-line CPU(s) list: 0-7
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 8
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 85
Model name: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz
Stepping: 6
CPU MHz: 2095.074
BogoMIPS: 4190.14
Virtualization: VT-x
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
L3 cache: 16384K
NUMA node0 CPU(s): 0-7
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm
constant_tsc arch_perfmon rep_good nopl xtopology eagerfpu pni pclmulqdq vmx
ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes
xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ssbd ibrs ibpb
ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1
hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap
clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat pku
ospke avx512_vnni md_clear spec_ctrl arch_capabilities
#rdmsr 0x10a
2b
#./spectre-meltdown-checker.sh
Spectre and Meltdown mitigation detection tool v0.42
Checking for vulnerabilities on current system
Kernel is Linux 3.10.0-957.12.2.el7.x86_64 #1 SMP Tue May 14 21:24:32 UTC 2019
x86_64
CPU is Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz
Hardware check
* Hardware support (CPU microcode) for mitigation techniques
* Indirect Branch Restricted Speculation (IBRS)
* SPEC_CTRL MSR is available: YES
* CPU indicates IBRS capability: YES (SPEC_CTRL feature bit)
* Indirect Branch Prediction Barrier (IBPB)
* PRED_CMD MSR is available: YES
* CPU indicates IBPB capability: YES (SPEC_CTRL feature bit)
* Single Thread Indirect Branch Predictors (STIBP)
* SPEC_CTRL MSR is available: YES
* CPU indicates STIBP capability: NO
* Speculative Store Bypass Disable (SSBD)
* CPU indicates SSBD capability: YES (Intel SSBD)
* L1 data cache invalidation
* FLUSH_CMD MSR is available: NO
* CPU indicates L1D flush capability: NO
* Microarchitecture Data Sampling
* VERW instruction is available: YES (MD_CLEAR feature bit)
* Enhanced IBRS (IBRS_ALL)
* CPU indicates ARCH_CAPABILITIES MSR availability: YES
* ARCH_CAPABILITIES MSR advertises IBRS_ALL capability: YES
* CPU explicitly indicates not being vulnerable to Meltdown/L1TF (RDCL_NO):
YES
* CPU explicitly indicates not being vulnerable to Variant 4 (SSB_NO): NO
* CPU/Hypervisor indicates L1D flushing is not necessary on this system: YES
* Hypervisor indicates host CPU might be vulnerable to RSB underflow (RSBA):
NO
* CPU explicitly indicates not being vulnerable to Microarchitectural Data
Sampling (MDS_NO): YES
* CPU supports Software Guard Extensions (SGX): NO
* CPU microcode is known to cause stability problems: NO (model 0x55 family
0x6 stepping 0x6 ucode 0x1 cpuid 0x50656)
* CPU microcode is the latest known available version: NO (latest version
is 0x4000024 dated 2019/04/07 according to builtin MCExtractor DB v112 -
2019/05/22)
* CPU vulnerability to the speculative execution attack variants
* Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass): YES
* Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):
YES
* Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):
NO
* Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read): YES
* Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass): YES
* Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault): NO
* Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault): NO
* Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault): NO
* Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data
sampling (MSBDS)): NO
* Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer
data sampling (MFBDS)): NO
* Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data
sampling (MLPDS)): NO
* Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling
uncacheable memory (MDSUM)): NO
CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Load fences,
__user pointer sanitization)
* Kernel has array_index_mask_nospec: YES (1 occurrence(s) found of x86 64
bits array_index_mask_nospec())
* Kernel has the Red Hat/Ubuntu patch: YES
* Kernel has mask_nospec64 (arm64): NO
> STATUS: NOT VULNERABLE (Mitigation: Load fences, __user pointer
> sanitization)
CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
* Mitigated according to the /sys interface: YES (Mitigation: Enhanced IBRS,
IBPB)
* Mitigation 1
* Kernel is compiled with IBRS support: YES
* IBRS enabled and active: UNKNOWN
* Kernel is compiled with IBPB support: YES
* IBPB enabled and active: YES
* Mitigation 2
* Kernel has branch predictor hardening (arm): NO
* Kernel compiled with retpoline option: YES
* Retpoline is enabled: NO
* Kernel supports RSB filling: NO
> STATUS: NOT VULNERABLE (IBRS + IBPB are mitigating the vulnerability)
CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports Page Table Isolation (PTI): YES
* PTI enabled and active: NO
* Reduced performance impact of PTI: YES (CPU supports INVPCID, performance
impact of PTI will be greatly reduced)
* Running as a Xen PV DomU: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
CVE-2018-3640 aka 'Variant 3a, rogue system register read'
* CPU microcode mitigates the vulnerability: YES
> STATUS: NOT VULNERABLE (your CPU microcode mitigates the vulnerability)
CVE-2018-3639 aka 'Variant 4, speculative store bypass'
* Mitigated according to the /sys interface: YES (Mitigation: Speculative
Store Bypass disabled via prctl and seccomp)
* Kernel supports disabling speculative store bypass (SSB): YES (found in
/proc/self/status)
* SSB mitigation is enabled and active: YES (per-thread through prctl)
* SSB mitigation currently active for selected processes: NO (no process
found using SSB mitigation through prctl)
> STATUS: NOT VULNERABLE (Mitigation: Speculative Store Bypass disabled via
> prctl and seccomp)
CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
* CPU microcode mitigates the vulnerability: N/A
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports PTE inversion: YES (found in kernel image)
* PTE inversion enabled and active: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
* Information from the /sys interface: Not affected
* This system is a host running a hypervisor: YES
* Mitigation 1 (KVM)
* EPT is disabled: NO
* Mitigation 2
* L1D flush is supported by kernel: YES (found flush_l1d in kernel image)
* L1D flush enabled: NO
* Hardware-backed L1D flush supported: NO (flush will be done in software,
this is slower)
* Hyper-Threading (SMT) is enabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling
(MSBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in
/proc/cpuinfo)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling
(MFBDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in
/proc/cpuinfo)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in
/proc/cpuinfo)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory
(MDSUM)'
* Mitigated according to the /sys interface: YES (Not affected)
* Kernel supports using MD_CLEAR mitigation: YES (md_clear found in
/proc/cpuinfo)
* Kernel mitigation is enabled and active: NO
* SMT is either mitigated or disabled: NO
> STATUS: NOT VULNERABLE (your CPU vendor reported your CPU model as not
> vulnerable)
> SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK
CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK
CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK
CVE-2019-11091:OK
Need more detailed information about mitigation options? Use --explain
A false sense of security is worse than no security at all, see --disclaimer
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828495
Title:
[KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.
Status in intel:
New
Status in libvirt package in Ubuntu:
Fix Released
Status in linux package in Ubuntu:
In Progress
Status in qemu package in Ubuntu:
Fix Released
Status in libvirt source package in Bionic:
Confirmed
Status in linux source package in Bionic:
Confirmed
Status in qemu source package in Bionic:
Fix Committed
Status in libvirt source package in Cosmic:
Won't Fix
Status in linux source package in Cosmic:
Won't Fix
Status in qemu source package in Cosmic:
Won't Fix
Status in libvirt source package in Disco:
Confirmed
Status in linux source package in Disco:
Confirmed
Status in qemu source package in Disco:
Fix Released
Status in libvirt source package in Eoan:
Fix Released
Status in linux source package in Eoan:
In Progress
Status in qemu source package in Eoan:
Fix Released
Bug description:
[Impact]
* QEMU does not support IceLake and CascadeLake CPUs specific features.
* Most important feature to be supported is: IA32_ARCH_CAPABILITIES MSR.
* With IA32_ARCH_CAPABILITIES, QEMU is able to advertise HW mitigations:
- Rogue Data Cache Load
- Enhanced IBRS
- RSB Alternate
- L1D flush need on VMENTRY
- speculative Store Bypass
to guests, as described in document:
Intel 336996-Speculative-Execution-Side-Channel-Mitigations.pdf
[Test Case]
* From Original Description:
"""
1. Boot up guest using: -cpu Cascadelake-Server
[root@clx-2s2 yexin]# qemu-system-x86_64 -accel kvm -drive
if=virtio,id=hd,file=/home/x/x,format=qcow2 -m 4096 -smp 4 -cpu
Cascadelake-Server -serial stdio
char device redirected to /dev/pts/3 (label serial0)
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:ECX [bit 4]
2. To check CPU ID related to features[FEAT_7_0_EDX]
:CPUID_7_0_EDX_ARCH_CAPABILITIES
Expected Result: Both host and guest's CPUID.07H EDX bit 29 should be
1.
Actual Result:
Host's cpuid: 0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb
ecx=0x00000818 edx=0xbc000000 (EDX bit 29=1)
Guest's cpuid : 0x00000007 0x00: eax=0x00000000 ebx=0xd19f0fb9
ecx=0x00000818 edx=0x84000000 (EDX bit 29=0)
Commit:2bdb76c015df7125783d8394d6339d181cb5bc30
Target Kerned: 5.1
Target Release: 19.10
"""
[Regression Potential]
* Most changes are related to CPU type definitions and its supported
features. They are all based in upstream changes but, for obvious
reasons, backporting and/or cherry-picking those could bring issues.
Biggest concern is breaking something that currently works. Right now,
the parts being changed that could affect other CPU types would be
related to a small refactoring of how the features are organized, and
that would be seen right away when trying to start a new VM after the
package is installed.
* Other tests, related to the features being backported, are being
done by our KVM regression tests, including migration combinations, to
reduce chances that a regression is introduced.
[Other Info]
* N/A
To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1828495/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
