Test results from comment #4 have been reviewed and discussed. I updated
the "[Where problems could occur]" section accordingly. TL;DR => All
looking good!
** Description changed:
[Impact]
According to AMD's Speculative Return Stack Overflow whitepaper the
hypervisor should synthesize the value of IBPB_BRTYPE and SBPB CPUID
bits to the guest.
Support for this is already present in noble kernel with commit
e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be
("KVM: x86: Add IBPB_BRTYPE support").
Add support in QEMU to expose the bits to the guest OS.
[Test Plan]
- * First of all we'll (and have in advance) run general regression tests
- * Qemu shall show to be aware of the new flags
- #qemu-system-x86_64 -cpu ? | grep -E 'sbpb|ibpb-brtype'
- gfni hle ht hypervisor ia64 ibpb ibpb-brtype ibrs ibrs-all ibs intel-pt
- sbdr-ssdp-no sbpb sep serialize sgx sgx-aex-notify sgx-debug sgx-edeccssa
- * host:
- # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
- Mitigation: Safe RET
+ * First of all we'll (and have in advance) run general regression tests
+ * Qemu shall show to be aware of the new flags
+ #qemu-system-x86_64 -cpu ? | grep -E 'sbpb|ibpb-brtype'
+ gfni hle ht hypervisor ia64 ibpb ibpb-brtype ibrs ibrs-all ibs intel-pt
+ sbdr-ssdp-no sbpb sep serialize sgx sgx-aex-notify sgx-debug sgx-edeccssa
+ * host:
+ # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
+ Mitigation: Safe RET
- * before (guest):
- $ cpuid -l 0x80000021 -1 -r
- 0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
- ^
- $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
- Vulnerable: Safe RET, no microcode
+ * before (guest):
+ $ cpuid -l 0x80000021 -1 -r
+ 0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
+ ^
+ $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
+ Vulnerable: Safe RET, no microcode
- * after (guest) with CPU flags added:
- $ cpuid -l 0x80000021 -1 -r
- 0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
- ^
- $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
- Mitigation: Safe RET
+ * after (guest) with CPU flags added:
+ $ cpuid -l 0x80000021 -1 -r
+ 0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000
edx=0x00000000
+ ^
+ $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
+ Mitigation: Safe RET
[Where problems could occur]
- * None to be expected as these flags are not (yet) included in any
+ * None to be expected as these flags are not (yet) included in any
predefined CPU model
+
+ * Synthesizing the value of IBPB_BRTYPE and SBPB CPUID bits to the guest
could have side-effects when migrating guests between fixed<->unfixed systems.
Therefore, we executed the lengthy Server-team regression tests on two
different testflinger machines that have the affected chipset, using a PPA
build:
+ - AMD ROME, fleep/Noble: https://pastebin.canonical.com/p/VS374ffdN6/
+ - AMD Milan, ziptoad/Oracular: https://pastebin.canonical.com/p/XhQnyPQxG9/
+
+ => Test results are looking good and only showed failures on
+ focal->jammy cross-test migrations (which we didn't touch with this SRU)
+ and some other, unsupported edge cases (e.g. noble->jammy & jammy->focal
+ downgrade migrations). Therefore, we do not expect any side-effects from
+ this SRU upload! See details in:
+ https://code.launchpad.net/~slyon/ubuntu/+source/qemu/+git/qemu/+merge/483036
---
Relevant patches needed for qemu 8.2 in noble:
target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest:
*
https://gitlab.com/qemu-project/qemu/-/commit/0701abbf9880b5ab1cf44e0caa6ad173aec840e7.patch
target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit:
*
https://gitlab.com/qemu-project/qemu/-/commit/9c882ad4dc96f658ff9f92b88b3749d0398e6fa2.patch
target/i386: Expose bits related to SRSO vulnerability
*
https://gitlab.com/qemu-project/qemu/-/commit/2ec282b8eaaddf5c136f7566b5f61d80288a2065.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2101944
Title:
Expose bits related to SRSO vulnerability
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2101944/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
