[Kernel-packages] [Bug 1828495] Re: [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.
Hello Rafael, Testing results to share, Bit 5 Arch Capability is verified implemented. See below for details, please feel free to let me know if you need more information. Thanks. Regards, Ai B. +++ Tested on Host:- Ubuntu 18.04.1 Kernel 4.15.0-55-generic #virsh version Compiled against library: libvirt 4.0.0 Using library: libvirt 4.0.0 Using API: QEMU 4.0.0 Running hypervisor: QEMU 2.11.1 #lscpu Architecture:x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 80 On-line CPU(s) list: 0-79 Thread(s) per core: 2 Core(s) per socket: 20 Socket(s): 2 NUMA node(s):2 Vendor ID: GenuineIntel CPU family: 6 Model: 85 Model name: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz Stepping:6 CPU MHz: 800.144 CPU max MHz: 2100. CPU min MHz: 800. BogoMIPS:4200.00 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache:1024K L3 cache:28160K NUMA node0 CPU(s): 0-19,40-59 NUMA node1 CPU(s): 20-39,60-79 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm arat pln pts pku ospke avx512_vnni md_clear flush_l1d arch_capabilities #rdmsr 0x10a 2b qemu: Installed: (none) Candidate: 1:2.11+dfsg-1ubuntu7.17~ppa1 Version table: 1:2.11+dfsg-1ubuntu7.17~ppa1 500 500 http://ppa.launchpad.net/rafaeldtinoco/lp1828495/ubuntu bionic/main amd64 Packages 1:2.11+dfsg-1ubuntu7.15 500 500 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages 1:2.11+dfsg-1ubuntu7.14 500 500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages 1:2.11+dfsg-1ubuntu7 500 500 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages +++ Guest OS CentOS 7.6 kernel 3.10.0-957.12.2.el7.x86_64 #lscpu Architecture: x86_64 CPU op-mode(s):32-bit, 64-bit Byte Order:Little Endian CPU(s):8 On-line CPU(s) list: 0-7 Thread(s) per core:1 Core(s) per socket:1 Socket(s): 8 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family:6 Model: 85 Model name:Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz Stepping: 6 CPU MHz: 2095.074 BogoMIPS: 4190.14 Virtualization:VT-x Hypervisor vendor: KVM Virtualization type: full L1d cache: 32K L1i cache: 32K L2 cache: 4096K L3 cache: 16384K NUMA node0 CPU(s): 0-7 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology eagerfpu pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch ssbd ibrs ibpb ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm mpx avx512f avx512dq rdseed adx smap clflushopt clwb avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 arat pku ospke avx512_vnni md_clear spec_ctrl arch_capabilities #rdmsr 0x10a 2b #./spectre-meltdown-checker.sh Spectre and Meltdown mitigation detection tool v0.42 Checking for vulnerabilities on current system Kernel is Linux 3.10.0-957.12.2.el7.x86_64 #1 SMP Tue May 14 21:24:32 UTC 2019 x86_64 CPU is Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz Hardware check * Hardware support (CPU microcode) for mitigation techniques * Indirect Branch Restricted Speculation (IBRS) * SPEC_CTRL MSR is available: YES * CPU indicates IBRS capability: YES (SPEC_CTRL feature bit) * Indirect Branch Prediction Barrier (IBPB) * PRED_CMD MSR is available: YES * CPU indicates IBPB capability: YES (SPEC_CTRL feature bit) * Single Thread Indirect Branch Predictors (STIBP) * SPEC_CTRL MSR is available: YES * CPU
[Kernel-packages] [Bug 1828495] Re: [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.
Hello Rafael, Testing results to share, looks like the exposure of eIBRS into the Guest is complete. Don't see Bit 5 implemented yet for MDS bit for Arch Capability. See below for details and let me know if you need any specific based on these configuration. Regards, Ai B. +++ Tested on Host:- Ubuntu 18.04.1 Kernel 4.15.0-55-generic #virsh version Compiled against library: libvirt 4.0.0 Using library: libvirt 4.0.0 Using API: QEMU 4.0.0 Running hypervisor: QEMU 2.11.1 #lscpu Architecture:x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 80 On-line CPU(s) list: 0-79 Thread(s) per core: 2 Core(s) per socket: 20 Socket(s): 2 NUMA node(s):2 Vendor ID: GenuineIntel CPU family: 6 Model: 85 Model name: Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz Stepping:6 CPU MHz: 800.144 CPU max MHz: 2100. CPU min MHz: 800. BogoMIPS:4200.00 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache:1024K L3 cache:28160K NUMA node0 CPU(s): 0-19,40-59 NUMA node1 CPU(s): 20-39,60-79 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm arat pln pts pku ospke avx512_vnni md_clear flush_l1d arch_capabilities #rdmsr 0x10a 2b qemu: Installed: (none) Candidate: 1:2.11+dfsg-1ubuntu7.16~ppa1 Version table: 1:2.11+dfsg-1ubuntu7.16~ppa1 500 500 http://ppa.launchpad.net/rafaeldtinoco/lp1828495/ubuntu bionic/main amd64 Packages 1:2.11+dfsg-1ubuntu7.15 500 500 http://cn.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages 1:2.11+dfsg-1ubuntu7.14 500 500 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages 1:2.11+dfsg-1ubuntu7 500 500 http://cn.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages #/usr/bin/qemu-system-x86_64 -name guest=vm1,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-2-vm1 /master-key.aes -machine pc-i440fx-2.11,accel=kvm,usb=off,dump-guest- core=off -cpu host -m 32768 -realtime mlock=off -smp 8,sockets=8,cores=1,threads=1 -uuid ee83a263-89e0-47ca-81a3-9fa41c73b645 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-2-vm1/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb- uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb- uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9 -usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -drive file=/var/images/CentOS-7-x86_64-GenericCloud.qcow2,format=qcow2,if=none,id =drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive- ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=26,id=hostnet0,vhost=on,vhostfd=28 -device virtio-net- pci,netdev=hostnet0,id=net0,mac=52:54:00:20:26:33,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa- serial,chardev=charserial0,id=serial0 -vnc 0.0.0.0:1 -device qxl- vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2 -device vfio-pci,host=5f:00.0,id=hostdev0,bus=pci.0,addr=0x6 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on +++ Quest OS CentOS 7.6 kernel 3.10.0-957.12.2.el7.x86_64 #lscpu Architecture: x86_64 CPU op-mode(s):32-bit, 64-bit Byte Order:Little Endian CPU(s):8 On-line CPU(s) list: 0-7 Thread(s) per core:1 Core(s) per socket:1 Socket(s): 8 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family:6 Model: 85 Model name:Intel(R) Xeon(R) Gold 6230 CPU @ 2.10GHz Stepping: 6 CPU
