[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From faro...@br.ibm.com 2019-09-03 19:45 EDT--- I ran the tests mentioned in launchpad comment #40 on a DD2.3 witherspoon machine with GA firmware. Aside from the issue caused by the missing kernel patch, QEMU behaved as expected. One thing of note is that the following firmware features are disabled: ibm,opal/fw-features/fw-bcctrl-serialized ibm,opal/fw-features/fw-count-cache-disabled which means that 'cap-ibs=fixed-ibs' and 'cap-ibs=fixed-ccd' are always refused by KVM in this machine. I attached the test results as qemu-dd2.3-sanity.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From mranw...@us.ibm.com 2019-08-30 12:17 EDT--- >From -proposed - 5.0.0-27. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From mranw...@us.ibm.com 2019-08-30 00:57 EDT--- I did confirm it on bionic as a kernel issue - I could recreate the error on bionic with the bionic proposed qemu and the disco kernel (and additionally with an older bionic kernel, too). I wasn't able to get a setup for disco to confirm it working, or get the exact patch needed yet. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From mranw...@us.ibm.com 2019-08-29 03:08 EDT--- Sorry, my machine had a hw issue, but Satheesh made a DD 2.3 available with a fresh disco install. I had trouble with the disco qemu, though: root@ws-g48-2d81-host:~# /usr/bin/qemu-system-ppc64le --version QEMU emulator version 3.1.0 (Debian 1:3.1+dfsg-2ubuntu3.4) For either cap-ccf-assist=off or cap-ccf-assist=on qemu doesn't start: qemu-system-ppc64le: Requested safe indirect branch capability level not supported by kvm, try cap-ibs=broken So maybe we're missing a patch, here or in the kernel, for disco. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From mranw...@us.ibm.com 2019-08-27 12:42 EDT--- I tested this out with the same verification checks as above and got the same results. The summary is that the mitigations are detected correctly in the guest and the migrations works when it should, warns when it should, and fails when it should. ii qemu-block-extra:ppc64el 1:2.11+dfsg-1ubuntu7.18 ppc64el extra block backend modules for qemu-system and qemu-utils ii qemu-kvm 1:2.11+dfsg-1ubuntu7.18 ppc64el QEMU Full virtualization on x86 hardware ii qemu-system-common 1:2.11+dfsg-1ubuntu7.18 ppc64el QEMU full system emulation binaries (common files) ii qemu-system-ppc1:2.11+dfsg-1ubuntu7.18 ppc64el QEMU full system emulation binaries (ppc) ii qemu-utils 1:2.11+dfsg-1ubuntu7.18 ppc64el QEMU utilities No migration: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on count-cache-flush: hardware assisted flush sequence enabled max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off count-cache-flush: full software flush sequence enabled. max-cpu-compat=power9,cap-ibs=broken count-cache-flush: software flush disabled. Migrations: Source: max-cpu-compat=power9,cap-ibs=broken Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Worked w/warning: qemu-system-ppc64le: warning: cap-ibs lower level (0) in incoming stream than on destination (1) count-cache-flush: software flush disabled. Source: max-cpu-compat=power9,cap-ibs=broken Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Worked w/warning: count-cache-flush: software flush disabled. qemu-system-ppc64le: warning: cap-ibs lower level (0) in incoming stream than on destination (1) qemu-system-ppc64le: warning: cap-ccf-assist lower level (0) in incoming stream than on destination (1) count-cache-flush: software flush disabled. Source: max-cpu-compat=power9,cap-ibs=broken Target: max-cpu-compat=power9,cap-ibs=broken Worked count-cache-flush: software flush disabled. Set 2: Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Worked count-cache-flush: full software flush sequence enabled. Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Worked w/warning count-cache-flush: full software flush sequence enabled. qemu-system-ppc64le: warning: cap-ccf-assist lower level (0) in incoming stream than on destination (1) Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Target: max-cpu-compat=power9,cap-ibs=broken Failed: qemu-system-ppc64le: cap-ibs higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: error while loading state for instance 0x0 of device 'spapr' qemu-system-ppc64le: load of migration failed: Invalid argument Third set: Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Worked count-cache-flush: hardware assisted flush sequence enabled Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Failed: qemu-system-ppc64le: cap-ccf-assist higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: error while loading state for instance 0x0 of device 'spapr' qemu-system-ppc64le: load of migration failed: Invalid argument Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Target: max-cpu-compat=power9,cap-ibs=broken Failed: qemu-system-ppc64le: cap-ibs higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: cap-ccf-assist higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: error while loading state for instance 0x0 of device 'spapr' qemu-system-ppc64le: load of migration failed: Invalid argument -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From sura...@au1.ibm.com 2019-08-22 04:00 EDT--- Michael, sounds like the correct approach to take -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From mranw...@us.ibm.com 2019-08-21 18:53 EDT--- It was IBM bugzilla status, I'll move it all back. I took a look at the new bugs - 180734 and 180735. The first (180734) I can recreate on my system if I do it exactly (or nearly so) as you do - the status shows paused (postmigrate) and it's no longer responsive.. With my setup with more options it works fine for me. I have yet figured out which option triggers the change for me. When I use my original options and directly to qemu-system-ppc64 it doesn't crash. It is an invalid migration - going from workaround to broken should fail. I get a similar warning message when I try it - but then the source remains active. Here's what I was originally using: /usr/bin/qemu-system-ppc64le -m 20480 -smp 32,maxcpus=32,sockets=4,cores=8,threads=1 -object memory-backend-ram,id=ram-node0,size=10737418240 -numa node,nodeid=0,cpus=0-7,memdev=ram-node0 -object memory-backend-ram,id=ram-node1,size=10737418240 -numa node,nodeid=1,cpus=8-15,memdev=ram-node1 -realtime mlock=off -rtc base=utc -no-shutdown -boot strict=on -msg timestamp=on -device qemu-xhci,id=usb,bus=pci.0 -device spapr-vscsi,id=scsi0,reg=0x2000 -drive file=/home/ubuntu/u1804-root.qcow2.snap0.radix0,format=qcow2,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1,iommu_platform=off,disable-legacy=on -drive file=/home/ubuntu/secondary.qcow2,format=qcow2,if=none,id=drive-virtio-disk1 -device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk1,id=virtio-disk1 -drive if=none,id=drive-scsi0-0-0-0,readonly=on -device scsi-cd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 -netdev user,id=hostnet0,hostfwd=tcp:127.0.0.1:-:22 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:66:32:28,bus=pci.0 -device virtio-balloon-pci,id=balloon0,bus=pci.0 -monitor unix:/tmp/mdroth-vm0-hmp.sock,server,nowait -nographic -vnc none -L /usr/share/qemu/ -machine pseries-bionic-sxxm,accel=kvm,usb=off,dump-guest-core=off,max-cpu-compat=power9,cap-ibs=workaround The second (180735) is a feature request. It seems like we should move forward with the SRU now and fix bug 180734 as there becomes a fix available - it doesn't look like there is one now. Suraj/Satheesh - you agree? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From drbr...@us.ibm.com 2019-08-21 11:25 EDT--- Is this ready to move out of Reopened state and to submitted or verified or something? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From sathe...@in.ibm.com 2019-08-21 08:29 EDT--- (In reply to comment #28) > Thanks for doign that Test Michael. > It is a lot of text so I'll summarize (e.g. for the SRU team later): > Section "No migration" > => mitigation in the guest is detected correctly > Section with migrations has three elements: > => source == target config -> migration works > => source older than target config -> migration works with warning > => source newer than target config -> migration fails > > That is exactly as predicted/expected which means we can go on with this as > an SRU. Have tested and raised two issues One is on migration: Migration from cap-ibs=workaround -> cap-ibs=broken crashes guest rather to fail the migration gracefully. expected the source guest continue to be in running state after the migration failure, but the guest crashes at destination and leaves the guest in source in paused state. Raised Bug 180734 for the same. Another is on usability of the hardware assisted flush(cap-ccf-assist=on), right now it has be set explicity in qemu-cmdline though we have HW support, but other layers like libvirt etc will not know about it. So it is not possible for user to set the capability though underlying HW is capable. Raised Bug 180735 for the same. Regards, -Satheesh -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1832622] Comment bridged from LTC Bugzilla
--- Comment From mranw...@us.ibm.com 2019-08-21 03:21 EDT--- I did testing on this and got the same results. The different scenarios are listed here and all match up with original results. I tested with 1:2.11+dfsg-1ubuntu7.18~ppa1 . No migration: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on: count-cache-flush: hardware assisted flush sequence enabled max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off: count-cache-flush: full software flush sequence enabled. max-cpu-compat=power9,cap-ibs=broken: count-cache-flush: software flush disabled. First set: Source: max-cpu-compat=power9,cap-ibs=broken Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Result: worked w/warning: qemu-system-ppc64le: warning: cap-ibs lower level (0) in incoming stream than on destination (1) Source: max-cpu-compat=power9,cap-ibs=broken Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Result: worked w/warning: qemu-system-ppc64le: warning: cap-ibs lower level (0) in incoming stream than on destination (1) qemu-system-ppc64le: warning: cap-ccf-assist lower level (0) in incoming stream than on destination (1) Source: max-cpu-compat=power9,cap-ibs=broken Target: max-cpu-compat=power9,cap-ibs=broken Result: worked Second set: Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Result: worked Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Result: worked w/warning qemu-system-ppc64le: warning: cap-ccf-assist lower level (0) in incoming stream than on destination (1) [0.00] count-cache-flush: full software flush sequence enabled. Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Target: max-cpu-compat=power9,cap-ibs=broken Result: fail qemu-system-ppc64le: cap-ibs higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: error while loading state for instance 0x0 of device 'spapr' qemu-system-ppc64le: load of migration failed: Invalid argument Third set: Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Result: worked count-cache-flush: hardware assisted flush sequence enabled Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Target: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=off Result: fail qemu-system-ppc64le: cap-ccf-assist higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: error while loading state for instance 0x0 of device 'spapr' qemu-system-ppc64le: load of migration failed: Invalid argument Source: max-cpu-compat=power9,cap-ibs=workaround,cap-ccf-assist=on Target: max-cpu-compat=power9,cap-ibs=broken Result: fail qemu-system-ppc64le: cap-ibs higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: cap-ccf-assist higher level (1) in incoming stream than on destination (0) qemu-system-ppc64le: error while loading state for instance 0x0 of device 'spapr' qemu-system-ppc64le: load of migration failed: Invalid argument -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832622 Title: QEMU - count cache flush Spectre v2 mitigation (CVE) (required for POWER9 DD2.3) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1832622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
