Expected results is: HOST and Guest should enable IA32_ARCH_CAPABILITIES MSR. MDS_NO is bit 5 of ARCH_CAPABILITIES. Expose this bit to guest.
##cpuid -r 0x00000007 0x00: eax=0x00000000 ebx=0xd19f4fb9 ecx=0x00000818 edx=0x84000000 edx's 29 bit should be 1. #rdmsr 0x10a -f 5:5 return value should be 1 Actual result is host works well as expected. guest not. Below are details. Host # qemu-system-x86_64 -accel kvm -drive if=virtio,id=hd,file=ubuntu-18.04.2-server-amd64.qcow,format=qcow2 -m 4096 -smp 4 -cpu Cascadelake-Server,+arch-capabilities -serial stdio -redir tcp:2223::22 root@PLY02:~# cpuid -r |more CPU 0: 0x00000000 0x00: eax=0x00000016 ebx=0x756e6547 ecx=0x6c65746e edx=0x49656e69 …… 0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb ecx=0x00000818 edx=0xbc000400 edx is 0xbc000400, 29bit is 1 root@PLY02:~# rdmsr 0x10AH 2b ## 5 bit is 1 Guest root@test:~# cpuid -r |more CPU 0: 0x00000000 0x00: eax=0x0000000d ebx=0x756e6547 ecx=0x6c65746e edx=0x49656e69 …… 0x00000007 0x00: eax=0x00000000 ebx=0xd19f4fb9 ecx=0x00000818 edx=0x84000000 ## edx's 29 bit is 0 root@PLY02:~# rdmsr 0x10AH 0 ## 5 bit is 0 Reason: If you want to see the features that enumerated by MSR_IA32_ARCH_CAPABILITIES in guest with Cascadelake-Server cpu model, just using “-cpu Cascadelake-Server,+arch-capabilities” is not enough. “-cpu Cascadelake-Server,+arch-capabilities” only let guest see MSR_IA32_ARCH_CAPABILITIES, but it doesn’t contain any feature enumerated by this msr, so the result of rdmsr 0x10a is 0. If you want to see feature MDS_NO (bit 5) in guest, you should use “-cpu Cascadelake-Server,+arch-capabilities,+mds_no”. Further, we get 0x2b (bit 0,1,3,5) when rdmsr 0x10a in host, which means host supports “rdctl-no”, “ibrs-all”, “skip-l1dfl-vmentry”, "mds-no". If we want guest has the same ability as host, not only should we add arch_capabilities explicitly, but also add the features list above explicitly. Otherwise we cannot see these features in guest. In a word, it’s all due to current Cascadelake-Server cpu model. It lacks all above. After new version of Cascadelake-Server added in qemu, we can get rid of all these manually adding features annoyance. Eduardo has sent out the qemu patch for versioned cpu model and patch 09 of which contains new version of Cascadelake Server cpu model. It depends on when they are merged. https://www.mail-archive.com/qemu-devel@nongnu.org/msg627282.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1828495 Title: [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. Status in intel: New Status in linux package in Ubuntu: In Progress Status in qemu package in Ubuntu: In Progress Status in linux source package in Bionic: Confirmed Status in qemu source package in Bionic: In Progress Status in linux source package in Cosmic: Confirmed Status in qemu source package in Cosmic: In Progress Status in linux source package in Disco: Confirmed Status in qemu source package in Disco: In Progress Status in linux source package in Eoan: In Progress Status in qemu source package in Eoan: In Progress Bug description: [Impact] * QEMU does not support IceLake and CascadeLake CPUs specific features. * Most important feature to be supported is: IA32_ARCH_CAPABILITIES MSR. * With IA32_ARCH_CAPABILITIES, QEMU is able to advertise HW mitigations: - Rogue Data Cache Load - Enhanced IBRS - RSB Alternate - L1D flush need on VMENTRY - speculative Store Bypass to guests, as described in document: Intel 336996-Speculative-Execution-Side-Channel-Mitigations.pdf [Test Case] * From Original Description: """ 1. Boot up guest using: -cpu Cascadelake-Server [root@clx-2s2 yexin]# qemu-system-x86_64 -accel kvm -drive if=virtio,id=hd,file=/home/x/x,format=qcow2 -m 4096 -smp 4 -cpu Cascadelake-Server -serial stdio char device redirected to /dev/pts/3 (label serial0) qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] 2. To check CPU ID related to features[FEAT_7_0_EDX] :CPUID_7_0_EDX_ARCH_CAPABILITIES Expected Result: Both host and guest's CPUID.07H EDX bit 29 should be 1. Actual Result: Host's cpuid: 0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb ecx=0x00000818 edx=0xbc000000 (EDX bit 29=1) Guest's cpuid : 0x00000007 0x00: eax=0x00000000 ebx=0xd19f0fb9 ecx=0x00000818 edx=0x84000000 (EDX bit 29=0) Commit:2bdb76c015df7125783d8394d6339d181cb5bc30 Target Kerned: 5.1 Target Release: 19.10 """ [Regression Potential] * Most changes are related to CPU type definitions and its supported features. They are all based in upstream changes but, for obvious reasons, backporting and/or cherry-picking those could bring issues. Biggest concern is breaking something that currently works. Right now, the parts being changed that could affect other CPU types would be related to a small refactoring of how the features are organized, and that would be seen right away when trying to start a new VM after the package is installed. * Other tests, related to the features being backported, are being done by our KVM regression tests, including migration combinations, to reduce chances that a regression is introduced. [Other Info] * N/A To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1828495/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp