[Kernel-packages] [Bug 1829555] Re: nested virtualization w/first level trusty guests has odd MDS behavior

Tue, 21 May 2019 00:01:50 -0700 

Further I realized that I can trigger this with T3.13/Q2.5/B4.15:

trusty-lvl1-mitaka kernel: [  931.946357] kvm [2356]: vcpu0 unhandled rdmsr: 
0x140
trusty-lvl1-mitaka kernel: [  932.236914] kvm [2356]: vcpu0 unhandled rdmsr: 
0x1c9
trusty-lvl1-mitaka kernel: [  932.238337] kvm [2356]: vcpu0 unhandled rdmsr: 
0x1a6
trusty-lvl1-mitaka kernel: [  932.239622] kvm [2356]: vcpu0 unhandled rdmsr: 
0x1a7
trusty-lvl1-mitaka kernel: [  932.240956] kvm [2356]: vcpu0 unhandled rdmsr: 
0x3f6
trusty-lvl1-mitaka kernel: [  932.242179] kvm [2356]: vcpu0 unhandled rdmsr: 
0x3f7
trusty-lvl1-mitaka kernel: [  935.038854] kvm [2356]: vcpu0 unhandled rdmsr: 
0x64e
trusty-lvl1-mitaka kernel: [  935.040086] kvm [2356]: vcpu0 unhandled rdmsr: 
0x34
Which in the guest is a crash
[    0.000000] XSAVE consistency problem, dumping leaves
[    0.000000] WARNING: CPU: 0 PID: 0 at 
/build/linux-3btXxq/linux-4.15.0/arch/x86/kernel/fpu/xstate.c:614 
do_extra_xstate_size_checks+0x303/0x3e6
[    0.000000] Modules linked in:
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.15.0-50-generic 
#54-Ubuntu
[    0.000000] RIP: 0010:do_extra_xstate_size_checks+0x303/0x3e6
[    0.000000] RSP: 0000:ffffffffa6003d50 EFLAGS: 00010086 ORIG_RAX: 
0000000000000000
[    0.000000] RAX: 0000000000000000 RBX: 000000000000000a RCX: ffffffffa60627a8
[    0.000000] RDX: 0000000000000001 RSI: 0000000000000086 RDI: 0000000000000047
[    0.000000] RBP: ffffffffa6003d90 R08: 657661656c20676e R09: 0000000000000007
[    0.000000] R10: ffffffffa625a600 R11: 0000000000000000 R12: 0000000000000100
[    0.000000] R13: 0000000000000340 R14: ffffffffa6003d54 R15: ffffffffa6003d50
[    0.000000] FS:  0000000000000000(0000) GS:ffffffffa627f000(0000) 
knlGS:0000000000000000
[    0.000000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.000000] CR2: ffff88800008a000 CR3: 0000000013d22000 CR4: 00000000000406a0
[    0.000000] Call Trace:
[    0.000000]  ? init_scattered_cpuid_features+0x86/0x110
[    0.000000]  fpu__init_system_xstate+0x183/0x484
[    0.000000]  fpu__init_system+0x213/0x265
[    0.000000]  ? early_init_intel+0x270/0x450
[    0.000000]  early_cpu_init+0x269/0x270
[    0.000000]  ? 0xffffffffa4c00000
[    0.000000]  setup_arch+0xcb/0xc82
[    0.000000]  ? printk+0x52/0x6e
[    0.000000]  start_kernel+0x6d/0x4fd
[    0.000000]  x86_64_start_reservations+0x24/0x26
[    0.000000]  x86_64_start_kernel+0x74/0x77
[    0.000000]  secondary_startup_64+0xa5/0xb0

I can avoid that particular error with a modification like:
  <cpu mode='host-passthrough'>
    <feature policy='disable' name='xsave'/>
  </cpu>

But then another issue shows up ... (and so on)

I eventually got things running (for the tests) with
  <cpu mode='host-model'>
    <model fallback='forbid'/>
    <feature policy='require' name='md-clear'/>
  </cpu>


That might be an issue with xsave and other features in old nested, but this 
further underlines my point on nested being nice but unreliable - at least "in 
the past".

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1829555

Title:
  nested virtualization w/first level trusty guests has odd MDS behavior

Status in linux package in Ubuntu:
  Confirmed
Status in qemu package in Ubuntu:
  New

Bug description:
  When nested kvm virtualization is used (with host-passthrough), if the
  first level guest is a trusty vm, odd behavior is seen in the second
  level guest:

    host os:
    disco/5.0.0-15.16-generic/qemu 1:3.1+dfsg-2ubuntu3.1
    contents of /sys/devices/system/cpu/vulnerabilities/mds:
       Mitigation: Clear CPU buffers; SMT vulnerable

    1st level vm:
    trusty/4.4.0-148.174~14.04.1-generic/qemu 2.0.0+dfsg-2ubuntu1.46
    contents of /sys/devices/system/cpu/vulnerabilities/mds:
      Mitigation: Clear CPU buffers; SMT Host state unknown

    2nd level vm:
    bionic/4.15.0-50.54-generic
    contents of /sys/devices/system/cpu/vulnerabilities/mds:
      Not affected

  This behavior is not seen when the first level guest is a xenial or
  bionic vm (same bare metal hardware):

    1st level vm:
    bionic/4.15.0-50.54-generic/qemu 1:2.11+dfsg-1ubuntu7.13
    contents of /sys/devices/system/cpu/vulnerabilities/mds:
      Mitigation: Clear CPU buffers; SMT Host state unknown

    2nd level vm:
    bionic/4.15.0-50.54-generic
    contents of /sys/devices/system/cpu/vulnerabilities/mds:
      Mitigation: Clear CPU buffers; SMT Host state unknown

  and:

    1st level vm:
    xenial/4.4.0-148.174-generic/qemu 1:2.5+dfsg-5ubuntu10.39
    contents of /sys/devices/system/cpu/vulnerabilities/mds:
      Mitigation: Clear CPU buffers; SMT Host state unknown

    2nd level vm:
    bionic/4.15.0-50.54-generic
    contents of /sys/devices/system/cpu/vulnerabilities/mds:
      Mitigation: Clear CPU buffers; SMT Host state unknown

  It's not clear whether this is an issue with linux/kvm or qemu in trusty.
  --- 
  ApportVersion: 2.14.1-0ubuntu3.29
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  ubuntu     2239 F.... pulseaudio
  DistroRelease: Ubuntu 14.04
  HibernationDevice: RESUME=UUID=4fa9460d-7ed4-49db-8e22-86a5107d0062
  InstallationDate: Installed on 2019-02-14 (92 days ago)
  InstallationMedia: Ubuntu 14.04.5 LTS "Trusty Tahr" - Release amd64 (20160803)
  Lsusb:
   Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd 
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
   Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
  Package: qemu 2.0.0+dfsg-2ubuntu1.46
  PackageArchitecture: amd64
  ProcEnviron:
   TERM=screen
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 qxldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-148-generic 
root=UUID=9a35107e-83fa-4010-81e1-235a4ea14fe6 ro quiet splash vt.handoff=7
  ProcVersionSignature: User Name 4.4.0-148.174~14.04.1-generic 4.4.177
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-148-generic N/A
   linux-backports-modules-4.4.0-148-generic  N/A
   linux-firmware                             1.127.24
  RfKill:
   
  Tags:  trusty trusty
  Uname: Linux 4.4.0-148-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirtd lpadmin plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 04/01/2014
  dmi.bios.vendor: SeaBIOS
  dmi.bios.version: 1.12.0-1
  dmi.chassis.type: 1
  dmi.chassis.vendor: QEMU
  dmi.chassis.version: pc-i440fx-bionic
  dmi.modalias: 
dmi:bvnSeaBIOS:bvr1.12.0-1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-bionic:cvnQEMU:ct1:cvrpc-i440fx-bionic:
  dmi.product.name: Standard PC (i440FX + PIIX, 1996)
  dmi.product.version: pc-i440fx-bionic
  dmi.sys.vendor: QEMU

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1829555/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to