* [PATCH] docs: qemu-cpu-models: Document '-noTSX' variants and 'mds-no'
@ 2020-01-16 17:36 Kashyap Chamarthy
2020-01-17 13:22 ` Kashyap Chamarthy
2020-01-21 16:45 ` Daniel P. Berrangé
0 siblings, 2 replies; 4+ messages in thread
From: Kashyap Chamarthy @ 2020-01-16 17:36 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini, berrange, ehabkost, Kashyap Chamarthy
- Add the -noTSX variants for CascadeLake and SkyLake.
- Add a note aboute the 'mds-no' MSR. Two confusing things about this:
(1) The 'mds-no' will _not_ show up in the guest's /proc/cpuinfo.
Rather it is used to fill in the guest's sysfs:
sys/devices/system/cpu/vulnerabilities/mds:Not affected
Paolo confirmed on IRC as such.
(2) There are _three_ variants[+] of CascadeLake CPUs, with different
stepping levels: 5, 6, and 7. To quite wikichip.org[*]:
"note that while steppings 6 & 7 are fully mitigated, earlier
stepping 5 is not protected against MSBDS, MLPDS, nor MDSUM"
The above is also indicated in the Intel's manual itself[+], as
indicated by "No" under the three columns of MFBDS, MSBDS, and
MLPDS.
[+] https://software.intel.com/security-software-guidance/insights/processors-affected-microarchitectural-data-sampling
[*] https://en.wikichip.org/wiki/intel/microarchitectures/cascade_lake#Key_changes_from_Skylake
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
---
TODO:
- I think I also need to add a note about 'tsx-ctrl' bit. Here too,
same question as above -- does it show up in /proc/cpuinfo/?
---
docs/qemu-cpu-models.texi | 37 ++++++++++++++++++++++++++++++++++++-
1 file changed, 36 insertions(+), 1 deletion(-)
diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
index f88a1def0d042cc25213259172a648f0a9c514dc..e6c4058e764a81988d6bc97457c668cb0ad2ea37 100644
--- a/docs/qemu-cpu-models.texi
+++ b/docs/qemu-cpu-models.texi
@@ -72,14 +72,30 @@ between machines, if live migration compatibility is required, use the newest
CPU model that is compatible across all desired hosts.
@table @option
+
+@item @code{Cascadelake-Server-noTSX}
+
+Intell Xeon Processor (Cascade Lake, 2019-2020), with "stepping" levels
+6 or 7 only. (The Cascade Lake Xeon processor with @b{stepping 5 is
+vulnerable to MDS variants}; refer below.)
+
+@code{/proc/cpuinfo}.
+
+The @code{mds-no} bit does not show up under @code{/proc/cpuinfo}.
+Rather it shows up under the @code{sysfs}, as
+@code{/sys/devices/system/cpu/vulnerabilities/mds:Not affected}
+
+
@item @code{Skylake-Server}
@item @code{Skylake-Server-IBRS}
+@item @code{Skylake-Server-noTSX-IBRS}
Intel Xeon Processor (Skylake, 2016)
@item @code{Skylake-Client}
@item @code{Skylake-Client-IBRS}
+@item @code{Skylake-Client-noTSX-IBRS}
Intel Core Processor (Skylake, 2015)
@@ -214,9 +230,28 @@ Must be explicitly turned on for all Intel CPU models.
Requires the host CPU microcode to support this feature before it
can be used for guest CPUs.
+
+@item @code{mds-no}
+
+This is an MSR (Model-Specific Register) used by QEMU to indicate that
+the host is @i{not} vulnerable to any of the MDS variants ([MFBDS]
+CVE-2018-12130, [MLPDS] CVE-2018-12127, [MSBDS] CVE-2018-12126).
+
+Note that there are @i{three} versions of Intel's Cascade Lake
+processor, as distinguished by their "stepping" levels 5, 6, and 7. The
+CPU with stepping "5" is @b{vulnerable to MDS variants}; and the CPUs
+with steppings "6" and "7" are @b{not vulnerable} to the above mentioned
+MDS variants. The processor "stepping" is reported in
+@code{/proc/cpuinfo}.
+
+Confusingly, the @code{mds-no} bit does not show up under
+@code{/proc/cpuinfo} inside the guest. Rather the kernel uses it to
+fill in the @code{sysfs}, as
+@code{/sys/devices/system/cpu/vulnerabilities/mds: Not affected},
+assuming the processor is running with stepping 6 or 7.
+
@end table
-
@node preferred_cpu_models_amd_x86
@subsubsection Preferred CPU models for AMD x86 hosts
--
2.21.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] docs: qemu-cpu-models: Document '-noTSX' variants and 'mds-no'
2020-01-16 17:36 [PATCH] docs: qemu-cpu-models: Document '-noTSX' variants and 'mds-no' Kashyap Chamarthy
@ 2020-01-17 13:22 ` Kashyap Chamarthy
2020-01-21 16:45 ` Daniel P. Berrangé
1 sibling, 0 replies; 4+ messages in thread
From: Kashyap Chamarthy @ 2020-01-17 13:22 UTC (permalink / raw)
To: qemu-devel; +Cc: pbonzini, berrange, ehabkost
On Thu, Jan 16, 2020 at 06:36:38PM +0100, Kashyap Chamarthy wrote:
[...]
> (2) There are _three_ variants[+] of CascadeLake CPUs, with different
> stepping levels: 5, 6, and 7. To quite wikichip.org[*]:
s/quite/quote/
>
> "note that while steppings 6 & 7 are fully mitigated, earlier
> stepping 5 is not protected against MSBDS, MLPDS, nor MDSUM"
>
> The above is also indicated in the Intel's manual itself[+], as
> indicated by "No" under the three columns of MFBDS, MSBDS, and
> MLPDS.
>
> [+] https://software.intel.com/security-software-guidance/insights/processors-affected-microarchitectural-data-sampling
> [*] https://en.wikichip.org/wiki/intel/microarchitectures/cascade_lake#Key_changes_from_Skylake
>
> Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> ---
> TODO:
> - I think I also need to add a note about 'tsx-ctrl' bit. Here too,
> same question as above -- does it show up in /proc/cpuinfo/?
While at it ... if I mention 'mds-no', then it would be inconsistent,
and inaccurate, if I don't also mention 'taa-no' IA32_ARCH_CAPABILITIES
MSR bit.
In short, I should mention the following MSR bits, and their use, in
context:
- mds-no
- taa-no
- tsx-ctrl
... while bearing in mind that none (?) of these MSR bits will show up
under /proc/cpuinfo in the guest, rather they're used to populate the
relevant vulnerability file in sysfs
(/sys/devices/system/cpu/vulnerabilities/).
[...]
--
/kashyap
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] docs: qemu-cpu-models: Document '-noTSX' variants and 'mds-no'
2020-01-16 17:36 [PATCH] docs: qemu-cpu-models: Document '-noTSX' variants and 'mds-no' Kashyap Chamarthy
2020-01-17 13:22 ` Kashyap Chamarthy
@ 2020-01-21 16:45 ` Daniel P. Berrangé
2020-01-21 17:59 ` Kashyap Chamarthy
1 sibling, 1 reply; 4+ messages in thread
From: Daniel P. Berrangé @ 2020-01-21 16:45 UTC (permalink / raw)
To: Kashyap Chamarthy; +Cc: pbonzini, qemu-devel, ehabkost
On Thu, Jan 16, 2020 at 06:36:38PM +0100, Kashyap Chamarthy wrote:
> - Add the -noTSX variants for CascadeLake and SkyLake.
>
> - Add a note aboute the 'mds-no' MSR. Two confusing things about this:
>
> (1) The 'mds-no' will _not_ show up in the guest's /proc/cpuinfo.
> Rather it is used to fill in the guest's sysfs:
>
> sys/devices/system/cpu/vulnerabilities/mds:Not affected
>
> Paolo confirmed on IRC as such.
>
> (2) There are _three_ variants[+] of CascadeLake CPUs, with different
> stepping levels: 5, 6, and 7. To quite wikichip.org[*]:
>
> "note that while steppings 6 & 7 are fully mitigated, earlier
> stepping 5 is not protected against MSBDS, MLPDS, nor MDSUM"
>
> The above is also indicated in the Intel's manual itself[+], as
> indicated by "No" under the three columns of MFBDS, MSBDS, and
> MLPDS.
>
> [+] https://software.intel.com/security-software-guidance/insights/processors-affected-microarchitectural-data-sampling
> [*] https://en.wikichip.org/wiki/intel/microarchitectures/cascade_lake#Key_changes_from_Skylake
>
> Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
> ---
> TODO:
> - I think I also need to add a note about 'tsx-ctrl' bit. Here too,
> same question as above -- does it show up in /proc/cpuinfo/?
> ---
> docs/qemu-cpu-models.texi | 37 ++++++++++++++++++++++++++++++++++++-
> 1 file changed, 36 insertions(+), 1 deletion(-)
>
> diff --git a/docs/qemu-cpu-models.texi b/docs/qemu-cpu-models.texi
> index f88a1def0d042cc25213259172a648f0a9c514dc..e6c4058e764a81988d6bc97457c668cb0ad2ea37 100644
> --- a/docs/qemu-cpu-models.texi
> +++ b/docs/qemu-cpu-models.texi
> @@ -72,14 +72,30 @@ between machines, if live migration compatibility is required, use the newest
> CPU model that is compatible across all desired hosts.
>
> @table @option
> +
> +@item @code{Cascadelake-Server-noTSX}
Also needs
@item @code{Cascadelake-Server}
> +
> +Intell Xeon Processor (Cascade Lake, 2019-2020), with "stepping" levels
s/Intell/Intel/
s/-2020// as we only need the initial year of introduction IMHO.
> +6 or 7 only. (The Cascade Lake Xeon processor with @b{stepping 5 is
> +vulnerable to MDS variants}; refer below.)
> +
> +@code{/proc/cpuinfo}.
> +
> +The @code{mds-no} bit does not show up under @code{/proc/cpuinfo}.
> +Rather it shows up under the @code{sysfs}, as
> +@code{/sys/devices/system/cpu/vulnerabilities/mds:Not affected}
We already talk about this later on we I thin kwe can trim the
/proc/cpinfo bit
> @item @code{Skylake-Server}
> @item @code{Skylake-Server-IBRS}
> +@item @code{Skylake-Server-noTSX-IBRS}
>
> Intel Xeon Processor (Skylake, 2016)
>
>
> @item @code{Skylake-Client}
> @item @code{Skylake-Client-IBRS}
> +@item @code{Skylake-Client-noTSX-IBRS}
>
> Intel Core Processor (Skylake, 2015)
>
> @@ -214,9 +230,28 @@ Must be explicitly turned on for all Intel CPU models.
>
> Requires the host CPU microcode to support this feature before it
> can be used for guest CPUs.
> +
> +@item @code{mds-no}
> +
> +This is an MSR (Model-Specific Register) used by QEMU to indicate that
> +the host is @i{not} vulnerable to any of the MDS variants ([MFBDS]
> +CVE-2018-12130, [MLPDS] CVE-2018-12127, [MSBDS] CVE-2018-12126).
> +
> +Note that there are @i{three} versions of Intel's Cascade Lake
> +processor, as distinguished by their "stepping" levels 5, 6, and 7. The
> +CPU with stepping "5" is @b{vulnerable to MDS variants}; and the CPUs
> +with steppings "6" and "7" are @b{not vulnerable} to the above mentioned
> +MDS variants. The processor "stepping" is reported in
> +@code{/proc/cpuinfo}.
> +
> +Confusingly, the @code{mds-no} bit does not show up under
> +@code{/proc/cpuinfo} inside the guest. Rather the kernel uses it to
> +fill in the @code{sysfs}, as
> +@code{/sys/devices/system/cpu/vulnerabilities/mds: Not affected},
> +assuming the processor is running with stepping 6 or 7.
I think we can simplify this a little - we don't need to talk
about CPU steppings - the user simply needs to know whether the
sysfs file reports vulnerable or not.
So perhaps this text:
Recommended to inform the guest OS that the host is @i{not]
vulnerable to any of the MDS variants ([MFBDS]
CVE-2018-12130, [MLPDS] CVE-2018-12127, [MSBDS] CVE-2018-12126).
This is a MSR feature rather than a CPUID feature, so will not
appear in the Linux @code{/proc/cpuinfo} in the host or guest.
It should only be enabled for VMs if the host reports
@code{Not affected} in the
@code{/sys/devices/system/cpu/vulnerabilities/mds} file.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] docs: qemu-cpu-models: Document '-noTSX' variants and 'mds-no'
2020-01-21 16:45 ` Daniel P. Berrangé
@ 2020-01-21 17:59 ` Kashyap Chamarthy
0 siblings, 0 replies; 4+ messages in thread
From: Kashyap Chamarthy @ 2020-01-21 17:59 UTC (permalink / raw)
To: Daniel P. Berrangé; +Cc: pbonzini, qemu-devel, ehabkost
On Tue, Jan 21, 2020 at 04:45:08PM +0000, Daniel P. Berrangé wrote:
> On Thu, Jan 16, 2020 at 06:36:38PM +0100, Kashyap Chamarthy wrote:
[...]
> > @table @option
> > +
> > +@item @code{Cascadelake-Server-noTSX}
>
> Also needs
>
> @item @code{Cascadelake-Server}
Will add.
> > +
> > +Intell Xeon Processor (Cascade Lake, 2019-2020), with "stepping" levels
>
> s/Intell/Intel/
>
> s/-2020// as we only need the initial year of introduction IMHO.
Will do. (I wasn't sure, hence I put both years :-))
> > +6 or 7 only. (The Cascade Lake Xeon processor with @b{stepping 5 is
> > +vulnerable to MDS variants}; refer below.)
> > +
> > +@code{/proc/cpuinfo}.
> > +
> > +The @code{mds-no} bit does not show up under @code{/proc/cpuinfo}.
> > +Rather it shows up under the @code{sysfs}, as
> > +@code{/sys/devices/system/cpu/vulnerabilities/mds:Not affected}
>
> We already talk about this later on we I thin kwe can trim the
> /proc/cpinfo bit
True, will remove this redundancy.
[...]
> > +@item @code{mds-no}
> > +
> > +This is an MSR (Model-Specific Register) used by QEMU to indicate that
> > +the host is @i{not} vulnerable to any of the MDS variants ([MFBDS]
> > +CVE-2018-12130, [MLPDS] CVE-2018-12127, [MSBDS] CVE-2018-12126).
> > +
> > +Note that there are @i{three} versions of Intel's Cascade Lake
> > +processor, as distinguished by their "stepping" levels 5, 6, and 7. The
> > +CPU with stepping "5" is @b{vulnerable to MDS variants}; and the CPUs
> > +with steppings "6" and "7" are @b{not vulnerable} to the above mentioned
> > +MDS variants. The processor "stepping" is reported in
> > +@code{/proc/cpuinfo}.
> > +
> > +Confusingly, the @code{mds-no} bit does not show up under
> > +@code{/proc/cpuinfo} inside the guest. Rather the kernel uses it to
> > +fill in the @code{sysfs}, as
> > +@code{/sys/devices/system/cpu/vulnerabilities/mds: Not affected},
> > +assuming the processor is running with stepping 6 or 7.
>
> I think we can simplify this a little - we don't need to talk
> about CPU steppings - the user simply needs to know whether the
> sysfs file reports vulnerable or not.
>
> So perhaps this text:
>
> Recommended to inform the guest OS that the host is @i{not]
> vulnerable to any of the MDS variants ([MFBDS]
> CVE-2018-12130, [MLPDS] CVE-2018-12127, [MSBDS] CVE-2018-12126).
>
> This is a MSR feature rather than a CPUID feature, so will not
> appear in the Linux @code{/proc/cpuinfo} in the host or guest.
>
> It should only be enabled for VMs if the host reports
> @code{Not affected} in the
> @code{/sys/devices/system/cpu/vulnerabilities/mds} file.
Your phrasing is indeed simpler and more to-the-point; will incorporate
it.
I'll also add similar sections about the other two MSRs: 'taa-no' and
'tsx-ctrl' (as mentioned here:
https://lists.nongnu.org/archive/html/qemu-devel/2020-01/msg03685.html).
Thanks for the careful review.
--
/kashyap
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-01-21 18:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-16 17:36 [PATCH] docs: qemu-cpu-models: Document '-noTSX' variants and 'mds-no' Kashyap Chamarthy
2020-01-17 13:22 ` Kashyap Chamarthy
2020-01-21 16:45 ` Daniel P. Berrangé
2020-01-21 17:59 ` Kashyap Chamarthy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.