Some updates to libvirt: - we already have ssbd/md-clear through security updates - rdctl-no, ibrs-all, skip-l1dfl-vmentry, mds-no are part of c8ec678f cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features - arch_capabilities itself comes in 511df17a
There are also updates to the cascade/icelake cpu types. They related to the qemu commits, but not necessary for the feature support itself. Yet having those named types recognized would be nice to have along the qemu feature backports (If they cause trouble we will skip them). 2878278c cpu_map: Add Cascadelake-Server CPU model 5cae1f47 cpu_map: Use and install Icelake model definitions 993d85ae cpu_map: Add Icelake CPU models We have not backported any of the features associated with: 98130811 cpu_map: Add features for Icelake CPUs Further there also is stibp in: eb1b551d cpu: Add support for "stibp" x86_64 feature But that isn't the preferred way to mititgate anyway and hence isn't backported in qemu for now, see https://lwn.net/Articles/773118/ for some details. OTOH it would not really hurt to "detect" those properly, that does not mean they would be used on a qemu not supporting them. And having them reduces some context noise, as above we will try to backport but if those cause trouble we might skip them. All the pacthes above have some context/series they need on top. There also were some file renaming actions, so this needs quite some effort to have the backports stay sane. We have to check that and create a full list of dependent changes. Some of the changes realize that qemu can't always present what it can support in older versions (unavailable-features probing). So host-model woudl skip them, but the core code for that is in qemu since 2016. I have not found a unavailable-features-MSR patch for qemu - but if there is one this might be needed. The list above extended by some context patches that we might need creates this overall list that might be a good start: (further indent being context to main changes) 8eb4a89f qemu: Forbid MSR features with old QEMU 2674d00e qemu: Drop MSR features from host-model with old QEMU c8ec678f cpu_map: Introduce IA32_ARCH_CAPABILITIES MSR features bcfed7f1 cpu_x86: Introduce virCPUx86FeatureFilter*MSR b8e086a5 cpu_x86: Turn virCPUx86DataIteratorInit into a function 4e6f58b8 conf: Introduce virCPUDefCheckFeatures 4a0f604d cpu_map: Distribute x86_Cascadelake-Server.xml 2878278c cpu_map: Add Cascadelake-Server CPU model 511df17a cpu_map: Add support for arch-capabilities feature eb1b551d cpu: Add support for "stibp" x86_64 feature 5cae1f47 cpu_map: Use and install Icelake model definitions 993d85ae cpu_map: Add Icelake CPU models 98130811 cpu_map: Add features for Icelake CPUs -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1828495 Title: [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. Status in intel: New Status in libvirt package in Ubuntu: Fix Released Status in linux package in Ubuntu: In Progress Status in qemu package in Ubuntu: Fix Released Status in libvirt source package in Bionic: Confirmed Status in linux source package in Bionic: Confirmed Status in qemu source package in Bionic: In Progress Status in libvirt source package in Cosmic: Won't Fix Status in linux source package in Cosmic: Won't Fix Status in qemu source package in Cosmic: Won't Fix Status in libvirt source package in Disco: Confirmed Status in linux source package in Disco: Confirmed Status in qemu source package in Disco: In Progress Status in libvirt source package in Eoan: Fix Released Status in linux source package in Eoan: In Progress Status in qemu source package in Eoan: Fix Released Bug description: [Impact] * QEMU does not support IceLake and CascadeLake CPUs specific features. * Most important feature to be supported is: IA32_ARCH_CAPABILITIES MSR. * With IA32_ARCH_CAPABILITIES, QEMU is able to advertise HW mitigations: - Rogue Data Cache Load - Enhanced IBRS - RSB Alternate - L1D flush need on VMENTRY - speculative Store Bypass to guests, as described in document: Intel 336996-Speculative-Execution-Side-Channel-Mitigations.pdf [Test Case] * From Original Description: """ 1. Boot up guest using: -cpu Cascadelake-Server [root@clx-2s2 yexin]# qemu-system-x86_64 -accel kvm -drive if=virtio,id=hd,file=/home/x/x,format=qcow2 -m 4096 -smp 4 -cpu Cascadelake-Server -serial stdio char device redirected to /dev/pts/3 (label serial0) qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:ECX [bit 4] 2. To check CPU ID related to features[FEAT_7_0_EDX] :CPUID_7_0_EDX_ARCH_CAPABILITIES Expected Result: Both host and guest's CPUID.07H EDX bit 29 should be 1. Actual Result: Host's cpuid: 0x00000007 0x00: eax=0x00000000 ebx=0xd39ffffb ecx=0x00000818 edx=0xbc000000 (EDX bit 29=1) Guest's cpuid : 0x00000007 0x00: eax=0x00000000 ebx=0xd19f0fb9 ecx=0x00000818 edx=0x84000000 (EDX bit 29=0) Commit:2bdb76c015df7125783d8394d6339d181cb5bc30 Target Kerned: 5.1 Target Release: 19.10 """ [Regression Potential] * Most changes are related to CPU type definitions and its supported features. They are all based in upstream changes but, for obvious reasons, backporting and/or cherry-picking those could bring issues. Biggest concern is breaking something that currently works. Right now, the parts being changed that could affect other CPU types would be related to a small refactoring of how the features are organized, and that would be seen right away when trying to start a new VM after the package is installed. * Other tests, related to the features being backported, are being done by our KVM regression tests, including migration combinations, to reduce chances that a regression is introduced. [Other Info] * N/A To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1828495/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
