From: bugzilla-daemon@kernel.org
To: kvm@vger.kernel.org
Subject: [Bug 215969] New: Guest deploying TAA mitigation on (not affected) ICX host
Date: Thu, 12 May 2022 05:07:14 +0000 [thread overview]
Message-ID: <bug-215969-28872@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=215969
Bug ID: 215969
Summary: Guest deploying TAA mitigation on (not affected) ICX
host
Product: Virtualization
Version: unspecified
Kernel Version: v5.18-rc3
Hardware: Intel
OS: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: kvm
Assignee: virtualization_kvm@kernel-bugs.osdl.org
Reporter: pawan.kumar.gupta@linux.intel.com
Regression: No
On a hardware that enumerates TAA_NO (i.e. not affected by TSX Async Abort
(TAA)), a certain guest/host configuration can result in guest enumerating TAA
vulnerability and unnecessarily deploying MD_CLEAR(CPU buffer clear)
mitigation.
Icelake Server has TAA_NO and supports MSR TSX_CTRL, and by default linux
disables TSX feature, resetting CPUID.RTM at host bootup.
Currently KVM hides TAA_NO from guests when host has CPUID.RTM=0. Because KVM
also exports MSR TSX_CTRL to guests, a guest with "tsx=on" cmdline parameter
would enable TSX feature, setting X86_FEATURE_RTM.
taa_select_mitigation() with X86_FEATURE_RTM=1 and TAA_NO=0, deploys Clear CPU
buffers mitigation.
A probable fix is to export TAA_NO to guests. Alternately, KVM can choose not
to export MSR TSX_CTRL.
Guests anyways can't use MSR TSX_CTRL to enable TSX, but I think it was
exported to guest to support some migration scenarios:
https://lore.kernel.org/lkml/20210129101912.1857809-1-pbonzini@redhat.com/
---
Setup info:
ICX HOST configuration:
Vendor ID: GenuineIntel
CPU family: 6
Model: 106
Model name: Intel(R) Xeon(R) Platinum 8360Y CPU @ 2.40GHz
Stepping: 6
Vulnerability Mds: Not affected
Vulnerability Tsx async abort: Not affected
//TSX feature flag not present on host
$ grep rtm /proc/cpuinfo
$
GUEST info:
Launch kvm/qemu guest with "-cpu host" and guest kernel parameter "tsx=on"
"rtm" shows up in /proc/cpuinfo
# rdmsr -a 0x122
0
0
0
0
// Guest sysfs shows mitigation being deployed.
[root@vm-fedora-35 ~]# grep .
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
Mitigation: Clear CPU buffers; SMT Host state unknown
Thanks,
Pawan
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
reply other threads:[~2022-05-12 5:07 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-215969-28872@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.