From: Kashyap Chamarthy <kchamart@redhat.com>
To: Eduardo Habkost <ehabkost@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Jiri Denemark <jdenemar@redhat.com>,
qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH for-4.2 1/2] i386: Add new versions of Skylake/Cascadelake/Icelake without TSX
Date: Thu, 21 Nov 2019 12:41:14 +0100 [thread overview]
Message-ID: <20191121114114.GP7032@paraplu> (raw)
In-Reply-To: <20191120164912.32384-2-ehabkost@redhat.com>
On Wed, Nov 20, 2019 at 01:49:11PM -0300, Eduardo Habkost wrote:
> One of the mitigation methods for TAA[1] is to disable TSX
> support on the host system. Linux added a mechanism to disable
> TSX globally through the kernel command line, and many Linux
> distributions now default to tsx=off. This makes existing CPU
> models that have HLE and RTM enabled not usable anymore.
>
> Add new versions of all CPU models that have the HLE and RTM
> features enabled, that can be used when TSX is disabled in the
> host system.
>
> References:
>
> [1] TAA, TSX asynchronous Abort:
> https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
> https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html
>
> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
> ---
FWIW:
Tested-by: Kashyap Chamarthy <kchamart@redhat.com>
Here are _all_ the Cascadelake/Icelake/Skylake variants I see with your
patches applied:
$> ./qemu-system-x86_64 -cpu help | egrep '(Cascadelake.*|Icelake.*|Skylake.*)'
x86 Cascadelake-Server (alias configured by machine type)
x86 Cascadelake-Server-noTSX (alias of Cascadelake-Server-v3)
x86 Cascadelake-Server-v1 Intel Xeon Processor (Cascadelake)
x86 Cascadelake-Server-v2 Intel Xeon Processor (Cascadelake)
x86 Cascadelake-Server-v3 Intel Xeon Processor (Cascadelake)
x86 Icelake-Client (alias configured by machine type)
x86 Icelake-Client-noTSX (alias of Icelake-Client-v2)
x86 Icelake-Client-v1 Intel Core Processor (Icelake)
x86 Icelake-Client-v2 Intel Core Processor (Icelake)
x86 Icelake-Server (alias configured by machine type)
x86 Icelake-Server-noTSX (alias of Icelake-Server-v2)
x86 Icelake-Server-v1 Intel Xeon Processor (Icelake)
x86 Icelake-Server-v2 Intel Xeon Processor (Icelake)
x86 Skylake-Client (alias configured by machine type)
x86 Skylake-Client-IBRS (alias of Skylake-Client-v2)
x86 Skylake-Client-noTSX-IBRS (alias of Skylake-Client-v3)
x86 Skylake-Client-v1 Intel Core Processor (Skylake)
x86 Skylake-Client-v2 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Client-v3 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Server (alias configured by machine type)
x86 Skylake-Server-IBRS (alias of Skylake-Server-v2)
x86 Skylake-Server-noTSX-IBRS (alias of Skylake-Server-v3)
x86 Skylake-Server-v1 Intel Xeon Processor (Skylake)
x86 Skylake-Server-v2 Intel Xeon Processor (Skylake, IBRS)
x86 Skylake-Server-v3 Intel Xeon Processor (Skylake, IBRS)
Test with system QEMU
---------------------
Where `cat system-qemu.sh` is:
#!/usr/bin/env bash
args=(
-display none
-cpu Skylake-Client-IBRS
-no-user-config
-machine q35,accel=kvm
-nodefaults
-m 2048
-serial stdio
-drive file=/export/vm1.qcow2,format=qcow2,if=virtio
)
/usr/bin/qemu-system-x86_64 "${args[@]}"
Run it:
$> ./system-qemu.sh
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.01H:ECX.aes [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.hle [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rdseed [bit 18]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.adx [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.smap [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000001H:ECX.3dnowprefetch [bit 8]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xsavec [bit 1]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xgetbv1 [bit 2]
[...]
Notice that it is (correctly) complaining about about "hle" and "rtm".
Test with patched QEMU
----------------------
Now, with a QEMU built with your both patches, and using the -noTSX-IBRS
model:
Where `cat patched-qemu.sh` is:
#!/usr/bin/env bash
args=(
-display none
-cpu Skylake-Client-noTSX-IBRS
-no-user-config
-machine q35,accel=kvm
-nodefaults
-m 2048
-serial stdio
-drive file=/export/vm1.qcow2,format=qcow2,if=virtio
)
~/build/qemu/x86_64-softmmu/qemu-system-x86_64 "${args[@]}"
Run it:
$> ./patched-qemu.sh
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.01H:ECX.aes [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.rdseed [bit 18]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.adx [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.07H:EBX.smap [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.80000001H:ECX.3dnowprefetch [bit 8]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xsavec [bit 1]
qemu-system-x86_64: warning: host doesn't support requested feature: CPUID.0DH:EAX.xgetbv1 [bit 2]
[...]
Here it doesn't complain (also correctly so) about "hle" and "rtm",
because the -noTSX-IBRS model disabled them :-)
> target/i386/cpu.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 47 insertions(+)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 296b491607..0267e08612 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -2474,6 +2474,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> }
> },
> + {
> + .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + }
> + },
> { /* end of list */ }
> }
> },
> @@ -2541,6 +2549,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> }
> },
> + {
> + .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + }
> + },
> { /* end of list */ }
> }
> },
> @@ -2608,6 +2624,13 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> },
> },
> + { .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> { /* end of list */ }
> }
> },
> @@ -2665,6 +2688,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
> CPUID_6_EAX_ARAT,
> .xlevel = 0x80000008,
> .model_id = "Intel Core Processor (Icelake)",
> + .versions = (X86CPUVersionDefinition[]) {
> + { .version = 1 },
> + {
> + .version = 2,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> + { /* end of list */ }
> + }
> },
> {
> .name = "Icelake-Server",
> @@ -2723,6 +2758,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
> CPUID_6_EAX_ARAT,
> .xlevel = 0x80000008,
> .model_id = "Intel Xeon Processor (Icelake)",
> + .versions = (X86CPUVersionDefinition[]) {
> + { .version = 1 },
> + {
> + .version = 2,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> + { /* end of list */ }
> + }
> },
> {
> .name = "Denverton",
> --
> 2.21.0
>
--
/kashyap
next prev parent reply other threads:[~2019-11-21 11:42 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-20 16:49 [PATCH for-4.2 0/2] i386: Add new versions of Skylake/Cascadelake/Icelake without TSX Eduardo Habkost
2019-11-20 16:49 ` [PATCH for-4.2 1/2] " Eduardo Habkost
2019-11-20 17:40 ` Paolo Bonzini
2019-11-20 18:42 ` Eduardo Habkost
2019-11-21 9:16 ` Paolo Bonzini
2019-11-21 11:41 ` Kashyap Chamarthy [this message]
2019-11-20 16:49 ` [PATCH for-4.2 2/2] i386: Add -noTSX aliases for hle=off, rtm=off CPU models Eduardo Habkost
2019-11-21 14:12 ` Kashyap Chamarthy
2019-11-25 14:21 ` Eduardo Habkost
2019-11-25 17:06 ` Kashyap Chamarthy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191121114114.GP7032@paraplu \
--to=kchamart@redhat.com \
--cc=ehabkost@redhat.com \
--cc=jdenemar@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.