From: bugzilla-daemon@kernel.org
To: kvm@vger.kernel.org
Subject: [Bug 215969] New: Guest deploying TAA mitigation on (not affected) ICX host
Date: Thu, 12 May 2022 05:07:14 +0000 [thread overview]
Message-ID: <bug-215969-28872@https.bugzilla.kernel.org/> (raw)
https://bugzilla.kernel.org/show_bug.cgi?id=215969
Bug ID: 215969
Summary: Guest deploying TAA mitigation on (not affected) ICX
host
Product: Virtualization
Version: unspecified
Kernel Version: v5.18-rc3
Hardware: Intel
OS: Linux
Tree: Mainline
Status: NEW
Severity: high
Priority: P1
Component: kvm
Assignee: virtualization_kvm@kernel-bugs.osdl.org
Reporter: pawan.kumar.gupta@linux.intel.com
Regression: No
On a hardware that enumerates TAA_NO (i.e. not affected by TSX Async Abort
(TAA)), a certain guest/host configuration can result in guest enumerating TAA
vulnerability and unnecessarily deploying MD_CLEAR(CPU buffer clear)
mitigation.
Icelake Server has TAA_NO and supports MSR TSX_CTRL, and by default linux
disables TSX feature, resetting CPUID.RTM at host bootup.
Currently KVM hides TAA_NO from guests when host has CPUID.RTM=0. Because KVM
also exports MSR TSX_CTRL to guests, a guest with "tsx=on" cmdline parameter
would enable TSX feature, setting X86_FEATURE_RTM.
taa_select_mitigation() with X86_FEATURE_RTM=1 and TAA_NO=0, deploys Clear CPU
buffers mitigation.
A probable fix is to export TAA_NO to guests. Alternately, KVM can choose not
to export MSR TSX_CTRL.
Guests anyways can't use MSR TSX_CTRL to enable TSX, but I think it was
exported to guest to support some migration scenarios:
https://lore.kernel.org/lkml/20210129101912.1857809-1-pbonzini@redhat.com/
---
Setup info:
ICX HOST configuration:
Vendor ID: GenuineIntel
CPU family: 6
Model: 106
Model name: Intel(R) Xeon(R) Platinum 8360Y CPU @ 2.40GHz
Stepping: 6
Vulnerability Mds: Not affected
Vulnerability Tsx async abort: Not affected
//TSX feature flag not present on host
$ grep rtm /proc/cpuinfo
$
GUEST info:
Launch kvm/qemu guest with "-cpu host" and guest kernel parameter "tsx=on"
"rtm" shows up in /proc/cpuinfo
# rdmsr -a 0x122
0
0
0
0
// Guest sysfs shows mitigation being deployed.
[root@vm-fedora-35 ~]# grep .
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort
Mitigation: Clear CPU buffers; SMT Host state unknown
Thanks,
Pawan
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
reply other threads:[~2022-05-12 5:07 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-215969-28872@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox