On Tue, Mar 10, 2020 at 11:48:06 +0100, Christian Ehrhardt wrote:
One of the mitigation methods for TAA[1] is to disable TSX support on the host system. Linux added a mechanism to disable TSX globally through the kernel command line, and many Linux distributions now default to tsx=off. This makes existing CPU models that have HLE and RTM enabled not usable anymore.
Add new versions of all CPU models that have the HLE and RTM features enabled, that can be used when TSX is disabled in the host system.
On systems disabling the features without those types defined in cpu-maps users end up without modern CPU types in the list of usable CPUs to use in the likes of virsh domcapabilities or tools higher in the stack like virt-manager.
This adds: -Cascadelake-Server-noTSX -Icelake-Client-noTSX -Icelake-Server-noTSX -Skylake-Server-noTSX-IBRS -Skylake-Client-noTSX-IBRS
Introduced in QEMU by commit v4.2.0-rc2-3-g9ab2237f19 (function) and commit v4.2.0-rc2-4-g02fa60d101 (names)
References:
[1] TAA, TSX asynchronous Abort: https://software.intel.com/security-software-guidance/insights/deep-dive-int... https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.h...
Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1853200
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com> I just resent this patch (with my Reviewed-by already applied) together with a few additional patches for not using the new noTSX model for host-model CPUs. Jirka