Public bug reported:
Unlike upstream, the artful kernel uses the scattered CPU bits
arch/x86/kernel/cpu/scattered.c to get the IBRS/IBPB CPUID bits in the
KVM CPUID ioctls(). However, these are not updated when loading new
microcode at run-time. This means that if you boot a system with older
microcode and then use late microcode loading at boot time or later,
then the new features are not exposed to guests. So even though the
host supports the SPEC_CTRL MSR, those bits are masked out in the guest,
even when passing through host CPU capabilities.
Upstream does not have this problem because it uses cpuid_count() which
does a raw cpuid when creating a guest rather than the scattered
features. Two changes are needed - updating scattered features on
microcode reload and using the runtime CPU data rather than the boot
data.
Reproduced on "4.13.0-38-generic #43-Ubuntu SMP Wed Mar 14 15:20:44 UTC
2018". Boot with original vendor microcode, apply new microcode with
"echo 1 > /sys/devices/system/cpu/microcode/reload" and then boot a
guest. With the simple test case below in the guest, see that bits
[27:26] are not set when they are in the host.
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
unsigned int edx;
asm volatile("mov $7, %%eax\n\t"
"mov $0, %%ecx\n\t"
"cpuid\n\t"
"mov %%edx, %0" : "=r"(edx) : : "%edx", "%ecx", "%ebx");
printf("%08x\n", edx);
return 0;
}
Two compile tested patches attached, I have not yet checked other Ubuntu
releases.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Incomplete
** Tags: artful
** Attachment added: "artful patches"
https://bugs.launchpad.net/bugs/1765040/+attachment/5120956/+files/cpuid.tar.gz
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1765040
Title:
Runtime microcode updates do not expose new features completely
Status in linux package in Ubuntu:
Incomplete
Bug description:
Unlike upstream, the artful kernel uses the scattered CPU bits
arch/x86/kernel/cpu/scattered.c to get the IBRS/IBPB CPUID bits in the
KVM CPUID ioctls(). However, these are not updated when loading new
microcode at run-time. This means that if you boot a system with
older microcode and then use late microcode loading at boot time or
later, then the new features are not exposed to guests. So even
though the host supports the SPEC_CTRL MSR, those bits are masked out
in the guest, even when passing through host CPU capabilities.
Upstream does not have this problem because it uses cpuid_count()
which does a raw cpuid when creating a guest rather than the scattered
features. Two changes are needed - updating scattered features on
microcode reload and using the runtime CPU data rather than the boot
data.
Reproduced on "4.13.0-38-generic #43-Ubuntu SMP Wed Mar 14 15:20:44
UTC 2018". Boot with original vendor microcode, apply new microcode
with "echo 1 > /sys/devices/system/cpu/microcode/reload" and then boot
a guest. With the simple test case below in the guest, see that bits
[27:26] are not set when they are in the host.
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
unsigned int edx;
asm volatile("mov $7, %%eax\n\t"
"mov $0, %%ecx\n\t"
"cpuid\n\t"
"mov %%edx, %0" : "=r"(edx) : : "%edx", "%ecx", "%ebx");
printf("%08x\n", edx);
return 0;
}
Two compile tested patches attached, I have not yet checked other Ubuntu
releases.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1765040/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
