RFC: guest INTEL GDS mitigation status on patched host

From: Jinpu Wang <jinpu.wang@ionos.com>
To: qemu-devel <qemu-devel@nongnu.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	tao1.su@linux.intel.com, xiaoyao.li@intel.com,
	Yu Zhang <yu.zhang@ionos.com>
Subject: RFC: guest INTEL GDS mitigation status on patched host
Date: Fri, 11 Aug 2023 15:12:12 +0200	[thread overview]
Message-ID: <CAMGffEmG6TNq0n3+4OJAgXc8J0OevY60KHZekXCBs3LoK9vehA@mail.gmail.com> (raw)

Hi folks on the list:

I'm testing the latest Downfall cpu vulnerability mitigation. what I
notice is when both host and guest are using patched kernel +
microcode eg kernel 5.15.125 +  intel-microcode 20230808 on affected
server eg Icelake server.

The mitigation status inside guest is:

Vulnerabilities:
  Gather data sampling:  Unknown: Dependent on hyp
                         ervisor status
-----------------------------------> this one.
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Vulnerable: Clear CPU buf
                         fers attempted, no microc
                         ode; SMT Host state unkno
                         wn
  Retbleed:              Not affected
  Spec rstack overflow:  Not affected
  Spec store bypass:     Mitigation; Speculative S
                         tore Bypass disabled via
                         prctl and seccomp
  Spectre v1:            Mitigation; usercopy/swap
                         gs barriers and __user po
                         inter sanitization
  Spectre v2:            Mitigation; Enhanced IBRS
                         , IBPB conditional, RSB f
                         illing, PBRSB-eIBRS SW se
                         quence
  Srbds:                 Not affected
  Tsx async abort:       Not affected

According to kernel commit below
commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7
Author: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Date:   Wed Jul 12 19:43:14 2023 -0700

    KVM: Add GDS_NO support to KVM

    Gather Data Sampling (GDS) is a transient execution attack using
    gather instructions from the AVX2 and AVX512 extensions. This attack
    allows malicious code to infer data that was previously stored in
    vector registers. Systems that are not vulnerable to GDS will set the
    GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
    guests that may think they are on vulnerable systems that are, in
    fact, not affected. Guests that are running on affected hosts where
    the mitigation is enabled are protected as if they were running
    on an unaffected system.

    On all hosts that are not affected or that are mitigated, set the
    GDS_NO bit.

    Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
    Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
    Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>

KVM also has the support of GDS_NO, but seems qemu side doesn't pass
the info to guest, that's why it is unknown. IMO qemu should pass
GDS_NO if the host is already patched.

Is Intel or anyone already working on the qemu patch? I know it's not
a must, but good to do.

Thx!
Jinpu Wang @ IONOS Cloud