From 46e0fbea116e4a1c29cf462394b29cd5c3328c76 Mon Sep 17 00:00:00 2001 From: Takahiro Itazuri Date: Mon, 3 Jul 2023 09:14:16 +0000 Subject: [PATCH 1/2] fix(vmm): Set IA32_ARCH_CAPABILITIES.RRSBA to 1 with T2S We updated the fingerprint files in PR #3813, since Intel microcode release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA (bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already in place which is eIBRS. Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests should not get impacted by this change. However, it has a role to inform softwares whether the part has the RRSBA behavior. The T2S template has set it to 0 explicitly before, but this commit changes to set it to 1 so that guest kernels and applications can know that the processor has the RRSBA behavior. The reason why it sets the bit to 1 instead of passing through it from the host is that it aims to provide the ability to securely migrate snapshots between Intel Skylake and Intel CascadeLake. Signed-off-by: Takahiro Itazuri --- CHANGELOG.md | 2 ++ resources/tests/static_cpu_templates/t2s.json | 2 +- src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2s.rs | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 017c9879174..9193d29a353 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,8 @@ thread due to a misconfiguration of the `api_event_fd`. - Fixed CPUID leaf 0x1 to disable perfmon and debug feature on x86 host. - Fixed passing through cache information from host in CPUID leaf 0x80000006. +- Fixed the T2S CPU template to set the RRSBA bit of the IA32_ARCH_CAPABILITIES + MSR to 1 in accordance with an Intel microcode update. ## [1.3.0] diff --git a/resources/tests/static_cpu_templates/t2s.json b/resources/tests/static_cpu_templates/t2s.json index fe9d2024681..d1fee0f0ee8 100644 --- a/resources/tests/static_cpu_templates/t2s.json +++ b/resources/tests/static_cpu_templates/t2s.json @@ -90,7 +90,7 @@ "msr_modifiers": [ { "addr": "0x10a", - "bitmap": "0b0000000000000000000000000000000000000000000000000000110001001100" + "bitmap": "0b0000000000000000000000000000000000000000000010000000110001001100" } ] } diff --git a/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2s.rs b/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2s.rs index 6f2b56cc0cb..293419ad321 100644 --- a/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2s.rs +++ b/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2s.rs @@ -259,7 +259,7 @@ pub fn t2s() -> CustomCpuTemplate { addr: 0x10a, bitmap: RegisterValueFilter { filter: 0b1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111, - value: 0b0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_1100_0100_1100, + value: 0b0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_1000_0000_1100_0100_1100, }, }], } From 8a554871deb342d0d5bd9157069c887e30f53d63 Mon Sep 17 00:00:00 2001 From: Takahiro Itazuri Date: Mon, 3 Jul 2023 09:37:32 +0000 Subject: [PATCH 2/2] fix(vmm): Pass through IA32_ARCH_CAPABILITIES.{RSBA,RRSBA} with T2CL We updated the fingerprint files in PR #3813, since Intel microcode release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA (bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already in place which is eIBRS. Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests should not get impacted by this change. However, it has a role to inform softwares whether the part has the RRSBA behavior. The T2CL template has set the RRSBA bit to 0 explicitly before, but this commit changes to pass through the bit from the host so that guest kernels and applications can know that the processor has the RRSBA behavior. The reason why it passes through the bit from the host opposed to the T2S template is that the T2CL template is not designed to allow snapshot migration between different CPU models. In addition to the RRSBA bit, this comit also changes to pass through the RSBA bit, as it is safer to let guest know these informative bits of the host CPU than to overwrite them with templates. Signed-off-by: Takahiro Itazuri --- CHANGELOG.md | 3 +++ resources/tests/static_cpu_templates/t2cl.json | 2 +- src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2cl.rs | 6 +++++- tests/integration_tests/functional/test_feat_parity.py | 2 ++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9193d29a353..f459cf63d18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,9 @@ - Fixed passing through cache information from host in CPUID leaf 0x80000006. - Fixed the T2S CPU template to set the RRSBA bit of the IA32_ARCH_CAPABILITIES MSR to 1 in accordance with an Intel microcode update. +- Fixed the T2CL CPU template to pass through the RSBA and RRSBA bits of the + IA32_ARCH_CAPABILITIES MSR from the host in accordance with an Intel microcode + update. ## [1.3.0] diff --git a/resources/tests/static_cpu_templates/t2cl.json b/resources/tests/static_cpu_templates/t2cl.json index 96e7e641909..6236cdb09c6 100644 --- a/resources/tests/static_cpu_templates/t2cl.json +++ b/resources/tests/static_cpu_templates/t2cl.json @@ -90,7 +90,7 @@ "msr_modifiers": [ { "addr": "0x10a", - "bitmap": "0b0000000000000000000000000000000000000000000000000000000011101011" + "bitmap": "0b00000000000000000000000000000000000000000000x0000000000011101x11" } ] } diff --git a/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2cl.rs b/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2cl.rs index 405ea654e47..d296d94a0d7 100644 --- a/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2cl.rs +++ b/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2cl.rs @@ -243,6 +243,8 @@ pub fn t2cl() -> CustomCpuTemplate { // - Bit 00: RDCL_NO (Intel SDM) / Reserved (AMD APM) // - Bit 01: IBRS_ALL (Intel SDM) / Reserved (AMD APM) // - Bit 02: RSBA (Intel SDM) / Reserved (AMD APM) + // This bit is passed-through intentionally. + // See https://github.com/firecracker-microvm/firecracker/pull/3907 // - Bit 03: SKIP_L1DFL_VMENTRY (Intel SDM) / Reserved (AMD APM) // - Bit 04: SSB_NO (Intel SDM) / Reserved (AMD APM) // - Bit 05: MDS_NO (Intel SDM) / Reserved (AMD APM) @@ -260,6 +262,8 @@ pub fn t2cl() -> CustomCpuTemplate { // - Bit 17: FB_CLEAR (Intel SDM) / Reserved (AMD APM) // - Bit 18: FB_CLEAR_CTRL (Intel SDM) / Reserved (AMD APM) // - Bit 19: RRSBA (Intel SDM) / Reserved (AMD APM) + // This is bit passed-through intentionally. + // See https://github.com/firecracker-microvm/firecracker/pull/3907 // - Bit 20: BHI_NO (Intel SDM) / Reserved (AMD APM) // - Bit 21: XAPIC_DISABLE_STATUS (Intel SDM) / Reserved (AMD APM) // - Bit 22: Reserved (Intel SDM) / Reserved (AMD APM) @@ -269,7 +273,7 @@ pub fn t2cl() -> CustomCpuTemplate { RegisterModifier { addr: 0x10a, bitmap: RegisterValueFilter { - filter: 0b1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111, + filter: 0b1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_0111_1111_1111_1111_1011, value: 0b0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_1110_1011, }, }, diff --git a/tests/integration_tests/functional/test_feat_parity.py b/tests/integration_tests/functional/test_feat_parity.py index 7185b135558..a8c9e0cb519 100644 --- a/tests/integration_tests/functional/test_feat_parity.py +++ b/tests/integration_tests/functional/test_feat_parity.py @@ -249,6 +249,8 @@ def test_feat_parity_msr_arch_cap(vm): (1 << 6) | # IF_PSCHANGE_MC_NO (1 << 7) # TSX_CTRL ) + if global_props.cpu_codename == "INTEL_CASCADELAKE": + expected |= (1 << 19) # RRSBA # fmt: on assert actual == expected, f"{actual=:#x} != {expected=:#x}" elif cpu_template == "T2A":