NACK: [SRU][Trusty][Xenial][PATCH] Fix for LP:#1764956

Gavin Guo gavin.guo at canonical.com
Mon Nov 26 14:55:49 UTC 2018


Hi Juerg,

On Fri, Nov 23, 2018 at 5:14 PM Juerg Haefliger
<juerg.haefliger at canonical.com> wrote:
>
> Thanks for this Gavin!
>
> I recognize the problem and as discussed yesterday, I need to
> investigate some more. It seems we're missing a couple of patches to
> make IBRS (and probably IBPB) passthrough work correctly. So rather than
> patching this up I prefer to backport the relevant commits.
>
> After taking a quick peek, it seems we're missing (or at least
> partially) the following (from linux-stable):
>
> fc00dde96099 KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
> e5a83419c957 KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
> 755502f810c6 KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
> 7013129a4034 KVM/x86: Add IBPB support
>
> And probably more plus whatever is needed for our runtime controls (from
> your patch).

Agree, I'll also look into the patches for future compatibility
issues. Thank you for the time looking into this. :)

>
>
> ...Juerg
>
>
> On Thu, 22 Nov 2018 22:09:31 +0800
> Gavin Guo <gavin.guo at canonical.com> wrote:
>
> > BugLink: https://launchpad.net/bugs/1764956
> >
> > [Impact]
> > the IBRS would be mistakenly enabled in the host when the switching
> > from an IBRS-enabled VM and that causes the performance overhead in
> > the host. The other condition could also mistakenly disables the IBRS
> > in VM when context-switching from the host. And this could be
> > considered a CVE host.
> >
> > [Fix]
> > The patch fixes the logic inside the x86_virt_spec_ctrl that it checks
> > the ibrs_enabled and _or_ the hostval with the SPEC_CTRL_IBRS as the
> > x86_spec_ctrl_base by default is zero. Because the upstream
> > implementation is not equal to the Xenial's implementation. Upstream
> > doesn't use the IBRS as the formal fix. So, by default, it's zero.
> >
> > On the other hand, after the VM exit, the SPEC_CTRL register also
> > needs to be saved manually by reading the SPEC_CTRL MSR as the MSR
> > intercept is disabled by default in the hardware_setup(v4.4) and
> > vmx_init(v3.13). The access to SPEC_CTRL MSR in VM is direct and
> > doesn't trigger a trap. So, the vmx_set_msr() function isn't called.
> >
> > The v3.13 kernel hasn't been tested. However, the patch can be viewed
> > at:
> > http://kernel.ubuntu.com/git/gavinguo/ubuntu-trusty-amd64.git/log/?h=sf00191076-sru
> >
> > The v4.4 patch:
> > http://kernel.ubuntu.com/git/gavinguo/ubuntu-xenial.git/log/?h=sf00191076-spectre-v2-regres-backport-juerg
> >
> > [Test]
> >
> > The patch has been tested on the 4.4.0-140.166 and works fine.
> >
> > The reproducing environment:
> > Guest kernel version: 4.4.0-138.164
> > Host kernel version: 4.4.0-140.166
> >
> > (host IBRS, guest IBRS)
> >
> > - 1). (0, 1).
> > The case can be reproduced by the following instructions:
> > guest$ echo 1 | sudo tee /proc/sys/kernel/ibrs_enabled
> > 1
> >
> > <Several minutes later...>
> >
> > host$ cat /proc/sys/kernel/ibrs_enabled
> > 0
> > host$ for i in {0..55}; do sudo rdmsr 0x48 -p $i; done
> > 11111111111111000000000000000000010010100000000000000000
> >
> > Some of the IBRS bit inside the SPEC_CTRL MSR are mistakenly
> > enabled.
> >
> > host$ taskset -c 5 stress-ng -c 1 --cpu-ops 2500
> > stress-ng: info:  [11264] defaulting to a 86400 second run per
> > stressor stress-ng: info:  [11264] dispatching hogs: 1 cpu
> > stress-ng: info:  [11264] cache allocate: default cache size: 35840K
> > stress-ng: info:  [11264] successful run completed in 33.48s
> >
> > The host kernel didn't notice the IBRS bit is enabled. So, the
> > situation is the same as "echo 2 > /proc/sys/kernel/ibrs_enabled" in
> > the host. And running the stress-ng is a pure userspace CPU capability
> > calculation. So, the performance downgrades to about 1/3. Without the
> > IBRS enabled, it needs about 10s.
> >
> > - 2). (1, 1) disables IBRS in host -> (0, 1) actually it becomes (0,
> > 0). The guest IBRS has been mistakenly disabled.
> >
> > guest$ echo 2 | sudo tee /proc/sys/kernel/ibrs_enabled
> > guest$ for i in {0..55}; do sudo rdmsr 0x48 -p $i; done
> > 11111111111111111111111111111111111111111111111111111111
> >
> > host$ echo 2 | sudo tee /proc/sys/kernel/ibrs_enabled
> > host$ for i in {0..55}; do sudo rdmsr 0x48 -p $i; done
> > 11111111111111111111111111111111111111111111111111111111
> > host$ echo 0 | sudo tee /proc/sys/kernel/ibrs_enabled
> > host$ for i in {0..55}; do sudo rdmsr 0x48 -p $i; done
> > 00000000000000000000000000000000000000000000000000000000
> >
> > guest$ for i in {0..55}; do sudo rdmsr 0x48 -p $i; done
> > 00000000000000000000000000000000000000000000000000000000
> >
> > Gavin Guo (1):
> >   UBUNTU: SAUCE: x86/speculation: Fix the IBRS synchronization
> >
> >  arch/x86/kernel/cpu/bugs.c |  7 +++++++
> >  arch/x86/kvm/vmx.c         | 37 +++++++++++++++++++++++++++++++++++++
> >  2 files changed, 44 insertions(+)
> >
>



More information about the kernel-team mailing list