From: Kashyap Chamarthy <kchamart@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Jiri Denemark <jdenemar@redhat.com>,
qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH for-4.2 1/2] i386: Add new versions of Skylake/Cascadelake/Icelake without TSX
Date: Thu, 21 Nov 2019 12:41:14 +0100 [thread overview]
Message-ID: <20191121114114.GP7032@paraplu> (raw)
In-Reply-To: <20191120164912.32384-2-ehabkost@redhat.com>
On Wed, Nov 20, 2019 at 01:49:11PM -0300, Eduardo Habkost wrote:
> One of the mitigation methods for TAA[1] is to disable TSX
> support on the host system. Linux added a mechanism to disable
> TSX globally through the kernel command line, and many Linux
> distributions now default to tsx=off. This makes existing CPU
> models that have HLE and RTM enabled not usable anymore.
>
> Add new versions of all CPU models that have the HLE and RTM
> features enabled, that can be used when TSX is disabled in the
> host system.
>
> References:
>
> [1] TAA, TSX asynchronous Abort:
> https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
> https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html
>
> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
> ---
FWIW:
Tested-by: Kashyap Chamarthy <kchamart@redhat.com>
Here are _all_ the Cascadelake/Icelake/Skylake variants I see with your
patches applied:
$> ./qemu-system-x86_64 -cpu help | egrep '(Cascadelake.*|Icelake.*|Skylake.*)'
x86 Cascadelake-Server (alias configured by machine type)
x86 Cascadelake-Server-noTSX (alias of Cascadelake-Server-v3)
x86 Cascadelake-Server-v1 Intel Xeon Processor (Cascadelake)
x86 Cascadelake-Server-v2 Intel Xeon Processor (Cascadelake)
x86 Cascadelake-Server-v3 Intel Xeon Processor (Cascadelake)
x86 Icelake-Client (alias configured by machine type)
x86 Icelake-Client-noTSX (alias of Icelake-Client-v2)
x86 Icelake-Client-v1 Intel Core Processor (Icelake)
x86 Icelake-Client-v2 Intel Core Processor (Icelake)
x86 Icelake-Server (alias configured by machine type)
x86 Icelake-Server-noTSX (alias of Icelake-Server-v2)
x86 Icelake-Server-v1 Intel Xeon Processor (Icelake)
x86 Icelake-Server-v2 Intel Xeon Processor (Icelake)
x86 Skylake-Client (alias configured by machine type)
x86 Skylake-Client-IBRS (alias of Skylake-Client-v2)
x86 Skylake-Client-noTSX-IBRS (alias of Skylake-Client-v3)
x86 Skylake-Client-v1 Intel Core Processor (Skylake)
x86 Skylake-Client-v2 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Client-v3 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Server (alias configured by machine type)
x86 Skylake-Server-IBRS (alias of Skylake-Server-v2)
x86 Skylake-Server-noTSX-IBRS (alias of Skylake-Server-v3)
x86 Skylake-Server-v1 Intel Xeon Processor (Skylake)
x86 Skylake-Server-v2 Intel Xeon Processor (Skylake, IBRS)
x86 Skylake-Server-v3 Intel Xeon Processor (Skylake, IBRS)
Test with system QEMU
---------------------
Where `cat system-qemu.sh` is:
#!/usr/bin/env bash
args=(
-display none
-cpu Skylake-Client-IBRS
-no-user-config
-machine q35,accel=kvm
-nodefaults
-m 2048
-serial stdio
-drive file=/export/vm1.qcow2,format=qcow2,if=virtio
)
/usr/bin/qemu-system-x86_64 "${args[@]}"
Run it:
$> ./system-qemu.sh
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.01H:ECX.aes [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rdseed [bit 18]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.adx [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.smap [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000001H:ECX.3dnowprefetch [bit 8]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xsavec [bit 1]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xgetbv1 [bit 2]
[...]
Notice that it is (correctly) complaining about about "hle" and "rtm".
Test with patched QEMU
----------------------
Now, with a QEMU built with your both patches, and using the -noTSX-IBRS
model:
Where `cat patched-qemu.sh` is:
#!/usr/bin/env bash
args=(
-display none
-cpu Skylake-Client-noTSX-IBRS
-no-user-config
-machine q35,accel=kvm
-nodefaults
-m 2048
-serial stdio
-drive file=/export/vm1.qcow2,format=qcow2,if=virtio
)
~/build/qemu/x86_64-softmmu/qemu-system-x86_64 "${args[@]}"
Run it:
$> ./patched-qemu.sh
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.01H:ECX.aes [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rdseed [bit 18]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.adx [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.smap [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000001H:ECX.3dnowprefetch [bit 8]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xsavec [bit 1]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xgetbv1 [bit 2]
[...]
Here it doesn't complain (also correctly so) about "hle" and "rtm",
because the -noTSX-IBRS model disabled them :-)
> target/i386/cpu.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 47 insertions(+)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 296b491607..0267e08612 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -2474,6 +2474,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> }
> },
> + {
> + .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + }
> + },
> { /* end of list */ }
> }
> },
> @@ -2541,6 +2549,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> }
> },
> + {
> + .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + }
> + },
> { /* end of list */ }
> }
> },
> @@ -2608,6 +2624,13 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> },
> },
> + { .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> { /* end of list */ }
> }
> },
> @@ -2665,6 +2688,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
> CPUID_6_EAX_ARAT,
> .xlevel = 0x80000008,
> .model_id = "Intel Core Processor (Icelake)",
> + .versions = (X86CPUVersionDefinition[]) {
> + { .version = 1 },
> + {
> + .version = 2,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> + { /* end of list */ }
> + }
> },
> {
> .name = "Icelake-Server",
> @@ -2723,6 +2758,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
> CPUID_6_EAX_ARAT,
> .xlevel = 0x80000008,
> .model_id = "Intel Xeon Processor (Icelake)",
> + .versions = (X86CPUVersionDefinition[]) {
> + { .version = 1 },
> + {
> + .version = 2,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> + { /* end of list */ }
> + }
> },
> {
> .name = "Denverton",
> --
> 2.21.0
>
--
/kashyap
next prev parent reply other threads:[~2019-11-21 11:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-20 16:49 [PATCH for-4.2 0/2] i386: Add new versions of Skylake/Cascadelake/Icelake without TSX Eduardo Habkost
2019-11-20 16:49 ` [PATCH for-4.2 1/2] " Eduardo Habkost
2019-11-20 17:40 ` Paolo Bonzini
2019-11-20 18:42 ` Eduardo Habkost
2019-11-21 9:16 ` Paolo Bonzini
2019-11-21 11:41 ` Kashyap Chamarthy [this message]
2019-11-20 16:49 ` [PATCH for-4.2 2/2] i386: Add -noTSX aliases for hle=off, rtm=off CPU models Eduardo Habkost
2019-11-21 14:12 ` Kashyap Chamarthy
2019-11-25 14:21 ` Eduardo Habkost
2019-11-25 17:06 ` Kashyap Chamarthy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191121114114.GP7032@paraplu \
--to=kchamart@redhat.com \
--cc=ehabkost@redhat.com \
--cc=jdenemar@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).