Expected results is:
HOST and Guest should enable IA32_ARCH_CAPABILITIES MSR.
MDS_NO is bit 5 of ARCH_CAPABILITIES. Expose this bit to guest.

##cpuid -r
0x00000007 0x00: eax=0x00000000 ebx=0xd19f4fb9 ecx=0x00000818 edx=0x84000000
edx's 29 bit should be 1.

#rdmsr 0x10a -f 5:5
return value should be 1

Actual result is
host works well as expected.
guest not.


Below are details. 

Host
# qemu-system-x86_64 -accel kvm -drive 
if=virtio,id=hd,file=ubuntu-18.04.2-server-amd64.qcow,format=qcow2 -m 4096 -smp 
4 -cpu Cascadelake-Server,+arch-capabilities -serial stdio -redir tcp:2223::22

root@PLY02:~# cpuid -r |more
CPU 0:
   0x00000000 0x00: eax=0x00000016 ebx=0x756e6547 ecx=0x6c65746e edx=0x49656e69
……
   0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb ecx=0x00000818 edx=0xbc000400 

edx is 0xbc000400, 29bit is 1

root@PLY02:~# rdmsr 0x10AH
2b

## 5 bit is 1

Guest

root@test:~# cpuid -r |more
CPU 0:
   0x00000000 0x00: eax=0x0000000d ebx=0x756e6547 ecx=0x6c65746e edx=0x49656e69
   ……
   0x00000007 0x00: eax=0x00000000 ebx=0xd19f4fb9 ecx=0x00000818 edx=0x84000000

## edx's 29 bit is 0

root@PLY02:~# rdmsr 0x10AH
0
## 5 bit is 0


Reason:
If you want to see the features that enumerated by MSR_IA32_ARCH_CAPABILITIES 
in guest with Cascadelake-Server cpu model, just using “-cpu 
Cascadelake-Server,+arch-capabilities” is not enough.
“-cpu Cascadelake-Server,+arch-capabilities” only let guest see 
MSR_IA32_ARCH_CAPABILITIES, but it doesn’t contain any feature enumerated by 
this msr, so the result of rdmsr 0x10a is 0.

If you want to see feature MDS_NO (bit 5) in guest, you should use “-cpu
Cascadelake-Server,+arch-capabilities,+mds_no”.

Further, we get 0x2b (bit 0,1,3,5) when rdmsr 0x10a in host, which means host 
supports “rdctl-no”, “ibrs-all”, “skip-l1dfl-vmentry”, "mds-no".
If we want guest has the same ability as host, not only should we add 
arch_capabilities explicitly, but also add the features list above explicitly. 
Otherwise we cannot see these features in guest.

In a word, it’s all due to current Cascadelake-Server cpu model. It lacks all 
above.
After new version of  Cascadelake-Server added in qemu, we can get rid of all 
these manually adding features annoyance.

Eduardo has sent out  the qemu patch for versioned cpu model and patch 09 of 
which contains new version of Cascadelake Server cpu model. It depends on when 
they are merged.
https://www.mail-archive.com/qemu-devel@nongnu.org/msg627282.html

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1828495

Title:
  [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.

Status in intel:
  New
Status in linux package in Ubuntu:
  In Progress
Status in qemu package in Ubuntu:
  In Progress
Status in linux source package in Bionic:
  Confirmed
Status in qemu source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  Confirmed
Status in qemu source package in Cosmic:
  In Progress
Status in linux source package in Disco:
  Confirmed
Status in qemu source package in Disco:
  In Progress
Status in linux source package in Eoan:
  In Progress
Status in qemu source package in Eoan:
  In Progress

Bug description:
  [Impact]

   * QEMU does not support IceLake and CascadeLake CPUs specific features.
   * Most important feature to be supported is: IA32_ARCH_CAPABILITIES MSR.
   * With IA32_ARCH_CAPABILITIES, QEMU is able to advertise HW mitigations:
     - Rogue Data Cache Load
     - Enhanced IBRS
     - RSB Alternate
     - L1D flush need on VMENTRY
     - speculative Store Bypass
     to guests, as described in document:
     Intel 336996-Speculative-Execution-Side-Channel-Mitigations.pdf

  [Test Case]

   * From Original Description:

  """
  1. Boot up guest using: -cpu Cascadelake-Server

  [root@clx-2s2 yexin]# qemu-system-x86_64 -accel kvm -drive
  if=virtio,id=hd,file=/home/x/x,format=qcow2  -m 4096 -smp 4 -cpu
  Cascadelake-Server -serial stdio

  char device redirected to /dev/pts/3 (label serial0)

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  qemu-system-x86_64: warning: host doesn't support requested feature:
  CPUID.07H:ECX [bit 4]

  2. To check CPU ID related to features[FEAT_7_0_EDX]
  :CPUID_7_0_EDX_ARCH_CAPABILITIES

  Expected Result: Both host and guest's CPUID.07H EDX bit 29 should be
  1.

  Actual Result:

  Host's cpuid: 0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb
  ecx=0x00000818 edx=0xbc000000  (EDX bit 29=1)

  Guest's cpuid : 0x00000007 0x00: eax=0x00000000 ebx=0xd19f0fb9
  ecx=0x00000818 edx=0x84000000 (EDX bit 29=0)

  Commit:2bdb76c015df7125783d8394d6339d181cb5bc30

  Target Kerned: 5.1
  Target Release: 19.10

  """

  [Regression Potential]

   * Most changes are related to CPU type definitions and its supported
  features. They are all based in upstream changes but, for obvious
  reasons, backporting and/or cherry-picking those could bring issues.
  Biggest concern is breaking something that currently works. Right now,
  the parts being changed that could affect other CPU types would be
  related to a small refactoring of how the features are organized, and
  that would be seen right away when trying to start a new VM after the
  package is installed.

   * Other tests, related to the features being backported, are being
  done by our KVM regression tests, including migration combinations, to
  reduce chances that a regression is introduced.

  [Other Info]
   
   * N/A

To manage notifications about this bug go to:
https://bugs.launchpad.net/intel/+bug/1828495/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to