fix(vmm): Updates T2S and T2CL templates with RRSBA bit change #3907
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zulinx86
force-pushed
the
rrsba
branch
2 times, most recently
from
e4ff717 to
2762938
Compare
kalyazin
reviewed
Jul 3, 2023
kalyazin
previously approved these changes
Jul 3, 2023
Contributor
Author
|
fixed a test failure of test_feat_parity_msr_arch_cap. |
zulinx86
added
the
Status: Awaiting review
pb8o
reviewed
Jul 3, 2023
We updated the fingerprint files in PR firecracker-microvm#3813, since Intel microcode release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA (bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already in place which is eIBRS. Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests should not get impacted by this change. However, it has a role to inform softwares whether the part has the RRSBA behavior. The T2S template has set it to 0 explicitly before, but this commit changes to set it to 1 so that guest kernels and applications can know that the processor has the RRSBA behavior. The reason why it sets the bit to 1 instead of passing through it from the host is that it aims to provide the ability to securely migrate snapshots between Intel Skylake and Intel CascadeLake. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
We updated the fingerprint files in PR firecracker-microvm#3813, since Intel microcode release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA (bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already in place which is eIBRS. Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests should not get impacted by this change. However, it has a role to inform softwares whether the part has the RRSBA behavior. The T2CL template has set the RRSBA bit to 0 explicitly before, but this commit changes to pass through the bit from the host so that guest kernels and applications can know that the processor has the RRSBA behavior. The reason why it passes through the bit from the host opposed to the T2S template is that the T2CL template is not designed to allow snapshot migration between different CPU models. In addition to the RRSBA bit, this comit also changes to pass through the RSBA bit, as it is safer to let guest know these informative bits of the host CPU than to overwrite them with templates. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
pb8o
approved these changes
Jul 3, 2023
kalyazin
approved these changes
Jul 3, 2023
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each host CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit gathers MSR baseline files for combinations of (host CPU, host kernel, guest kernel). Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each host CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit gathers MSR baseline files for combinations of (host CPU, host kernel, guest kernel). Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each host CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit gathers MSR baseline files for combinations of (host CPU, host kernel, guest kernel). Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each host CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit gathers MSR baseline files for combinations of (host CPU, host kernel, guest kernel). Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each host CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit gathers MSR baseline files for combinations of (host CPU, host kernel, guest kernel). Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
4 tasks
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each host CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit gathers MSR baseline files for combinations of (host CPU, host kernel, guest kernel). Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 4, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
that referenced
this pull request
Jul 5, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR #3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 5, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
5 tasks
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 5, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
This was referenced Jul 5, 2023
zulinx86
added a commit
to zulinx86/firecracker
that referenced
this pull request
Jul 5, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
ShadowCurse
pushed a commit
to ShadowCurse/firecracker
that referenced
this pull request
Jul 26, 2023
Previously all the static CPU templates had not passed through MSRs from the host, so we did not need to have MSR baseline files for each CPU model. With PR firecracker-microvm#3907, the T2CL template passes through IA32_ARCH_CAPABILITIES.{RSBA/RRSBA} which results in difference of the MSR value between different CPU models. This commit enables MSR baselines for all the combinations of (host CPU, host kernel, guest kernel). Actual baseline regathering will be done in a successive commit. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note that this PR will be backported into all the supported versions. The commits are intentionally split into two to make it easier to backport.
Changes
Reason
We updated the fingerprint files in PR #3813, since Intel microcode
release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA
(bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already
in place which is eIBRS.
Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode
regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests
should not get impacted by default with this change. However, it has
a role to inform softwares whether the part has the RRSBA behavior.
License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following
Developer Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.PR Checklist
[ ] If a specific issue led to this PR, this PR closes the issue.[ ] Any required documentation changes (code and docs) are included in this PR.[ ] API changes follow the Runbook for Firecracker API changes.CHANGELOG.md.[ ] NewTODOs link to an issue.rust-vmm.