On Fri, Mar 06, 2020 at 09:41:43 +0100, Christian Ehrhardt wrote:
One of the mitigation methods for TAA[1] is to disable TSX
support on the host system. Linux added a mechanism to disable
TSX globally through the kernel command line, and many Linux
distributions now default to tsx=off. This makes existing CPU
models that have HLE and RTM enabled not usable anymore.
Add new versions of all CPU models that have the HLE and RTM
features enabled, that can be used when TSX is disabled in the
host system.
On systems disabling the features without those types defined
in cpu-maps users end up without modern CPU types in the list
of usable CPUs to use in the likes of virsh domcapabilities
or tools higher in the stack like virt-manager.
This adds:
-Cascadelake-Server-noTSX
-Icelake-Client-noTSX
-Icelake-Server-noTSX
-Skylake-Server-noTSX-IBRS
-Skylake-Client-noTSX-IBRS
Introduced in QEMU by commit v4.2.0-rc2-3-g9ab2237f19 (function)
and commit v4.2.0-rc2-4-g02fa60d101 (names)
References:
[1] TAA, TSX asynchronous Abort:
https://software.intel.com/security-software-guidance/insights/deep-dive-...
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abor...
Fixes:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1853200
Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com>
---
src/cpu_map/Makefile.inc.am | 5 ++
src/cpu_map/index.xml | 5 ++
src/cpu_map/x86_Cascadelake-Server-noTSX.xml | 78 ++++++++++++++++
src/cpu_map/x86_Icelake-Client-noTSX.xml | 81 +++++++++++++++++
src/cpu_map/x86_Icelake-Server-noTSX.xml | 90 +++++++++++++++++++
src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml | 73 +++++++++++++++
src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml | 75 ++++++++++++++++
7 files changed, 407 insertions(+)
create mode 100644 src/cpu_map/x86_Cascadelake-Server-noTSX.xml
create mode 100644 src/cpu_map/x86_Icelake-Client-noTSX.xml
create mode 100644 src/cpu_map/x86_Icelake-Server-noTSX.xml
create mode 100644 src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml
create mode 100644 src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml
...
diff --git a/src/cpu_map/x86_Cascadelake-Server-noTSX.xml
b/src/cpu_map/x86_Cascadelake-Server-noTSX.xml
new file mode 100644
index 0000000000..4a979739e2
--- /dev/null
+++ b/src/cpu_map/x86_Cascadelake-Server-noTSX.xml
@@ -0,0 +1,78 @@
+<cpus>
+ <model name='Cascadelake-Server'>
'Cascadelake-Server-noTSX'
...
diff --git a/src/cpu_map/x86_Icelake-Client-noTSX.xml
b/src/cpu_map/x86_Icelake-Client-noTSX.xml
new file mode 100644
index 0000000000..4feb9cef2d
--- /dev/null
+++ b/src/cpu_map/x86_Icelake-Client-noTSX.xml
@@ -0,0 +1,81 @@
+<cpus>
+ <model name='Icelake-Client'>
'Icelake-Client-noTSX'
...
diff --git a/src/cpu_map/x86_Icelake-Server-noTSX.xml
b/src/cpu_map/x86_Icelake-Server-noTSX.xml
new file mode 100644
index 0000000000..76ae713a4d
--- /dev/null
+++ b/src/cpu_map/x86_Icelake-Server-noTSX.xml
@@ -0,0 +1,90 @@
+<cpus>
+ <model name='Icelake-Server'>
'Icelake-Server-noTSX'
...
diff --git a/src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml
b/src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml
new file mode 100644
index 0000000000..5fa4a733c6
--- /dev/null
+++ b/src/cpu_map/x86_Skylake-Client-noTSX-IBRS.xml
@@ -0,0 +1,73 @@
+<cpus>
+ <model name='Skylake-Client-IBRS'>
'Skylake-Client-noTSX-IBRS'
...
diff --git a/src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml
b/src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml
new file mode 100644
index 0000000000..cb65474767
--- /dev/null
+++ b/src/cpu_map/x86_Skylake-Server-noTSX-IBRS.xml
@@ -0,0 +1,75 @@
+<cpus>
+ <model name='Skylake-Server-IBRS'>
'Skylake-Server-noTSX-IBRS'
...
Running make check would reveal all these issues because every single
test which involves parsing the cpu_map was failing due to multiple
definitions of the same CPU model.
And since this patch is adding several CPU models which are already
supported by QEMU since 4.2.0, you need to update several existing test
files for domaincapstest too. You can use
VIR_TEST_REGENERATE_OUTPUT=1 tests/domaincapstest
to regenerate the files. Just make sure you review the changes before
adding them to this commit.
Regenerating the test files will also be needed for cputest because I
just pushed the "cputest: Add data for Intel(R) Core(TM) i7-8550U CPU
without TSX". Doing so will nicely show that the computed host CPU model
(in x86_64-cpuid-Core-i7-8550U-host.xml file) is
Skylake-Client-noTSX-IBRS rather than Broadwell-noTSX-IBRS.
However, the CPU used for host-model (and reported in domain
capabilities) as shown in x86_64-cpuid-Core-i7-8550U-guest.xml and
x86_64-cpuid-Core-i7-8550U-json.xml will change from Skylake-Client-IBRS
to Skylake-Client-noTSX-IBRS. As I said in my previous reply to this
patch, I think these two CPU definitions should keep using the old
Skylake-Client-IBRS model to make sure any domain with host-model CPU
will always use the CPU models without noTSX for better compatibility
between current and future version of libvirt. This change should be in
a separate patch, but in single series with the current patch.
Jirka