[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH for-4.2 1/2] i386: Add new versions of Skylake/Cascadelake/Ic
|
From: |
Kashyap Chamarthy |
|
Subject: |
Re: [PATCH for-4.2 1/2] i386: Add new versions of Skylake/Cascadelake/Icelake without TSX |
|
Date: |
Thu, 21 Nov 2019 12:41:14 +0100 |
|
User-agent: |
Mutt/1.12.1 (2019-06-15) |
On Wed, Nov 20, 2019 at 01:49:11PM -0300, Eduardo Habkost wrote:
> One of the mitigation methods for TAA[1] is to disable TSX
> support on the host system. Linux added a mechanism to disable
> TSX globally through the kernel command line, and many Linux
> distributions now default to tsx=off. This makes existing CPU
> models that have HLE and RTM enabled not usable anymore.
>
> Add new versions of all CPU models that have the HLE and RTM
> features enabled, that can be used when TSX is disabled in the
> host system.
>
> References:
>
> [1] TAA, TSX asynchronous Abort:
>
> https://software.intel.com/security-software-guidance/insights/deep-dive-intel-transactional-synchronization-extensions-intel-tsx-asynchronous-abort
>
> https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html
>
> Signed-off-by: Eduardo Habkost <address@hidden>
> ---
FWIW:
Tested-by: Kashyap Chamarthy <address@hidden>
Here are _all_ the Cascadelake/Icelake/Skylake variants I see with your
patches applied:
$> ./qemu-system-x86_64 -cpu help | egrep
'(Cascadelake.*|Icelake.*|Skylake.*)'
x86 Cascadelake-Server (alias configured by machine type)
x86 Cascadelake-Server-noTSX (alias of Cascadelake-Server-v3)
x86 Cascadelake-Server-v1 Intel Xeon Processor (Cascadelake)
x86 Cascadelake-Server-v2 Intel Xeon Processor (Cascadelake)
x86 Cascadelake-Server-v3 Intel Xeon Processor (Cascadelake)
x86 Icelake-Client (alias configured by machine type)
x86 Icelake-Client-noTSX (alias of Icelake-Client-v2)
x86 Icelake-Client-v1 Intel Core Processor (Icelake)
x86 Icelake-Client-v2 Intel Core Processor (Icelake)
x86 Icelake-Server (alias configured by machine type)
x86 Icelake-Server-noTSX (alias of Icelake-Server-v2)
x86 Icelake-Server-v1 Intel Xeon Processor (Icelake)
x86 Icelake-Server-v2 Intel Xeon Processor (Icelake)
x86 Skylake-Client (alias configured by machine type)
x86 Skylake-Client-IBRS (alias of Skylake-Client-v2)
x86 Skylake-Client-noTSX-IBRS (alias of Skylake-Client-v3)
x86 Skylake-Client-v1 Intel Core Processor (Skylake)
x86 Skylake-Client-v2 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Client-v3 Intel Core Processor (Skylake, IBRS)
x86 Skylake-Server (alias configured by machine type)
x86 Skylake-Server-IBRS (alias of Skylake-Server-v2)
x86 Skylake-Server-noTSX-IBRS (alias of Skylake-Server-v3)
x86 Skylake-Server-v1 Intel Xeon Processor (Skylake)
x86 Skylake-Server-v2 Intel Xeon Processor (Skylake, IBRS)
x86 Skylake-Server-v3 Intel Xeon Processor (Skylake, IBRS)
Test with system QEMU
---------------------
Where `cat system-qemu.sh` is:
#!/usr/bin/env bash
args=(
-display none
-cpu Skylake-Client-IBRS
-no-user-config
-machine q35,accel=kvm
-nodefaults
-m 2048
-serial stdio
-drive file=/export/vm1.qcow2,format=qcow2,if=virtio
)
/usr/bin/qemu-system-x86_64 "${args[@]}"
Run it:
$> ./system-qemu.sh
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.01H:ECX.aes [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.hle [bit 4]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.rtm [bit 11]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.rdseed [bit 18]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.adx [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.smap [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.80000001H:ECX.3dnowprefetch [bit 8]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.0DH:EAX.xsavec [bit 1]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.0DH:EAX.xgetbv1 [bit 2]
[...]
Notice that it is (correctly) complaining about about "hle" and "rtm".
Test with patched QEMU
----------------------
Now, with a QEMU built with your both patches, and using the -noTSX-IBRS
model:
Where `cat patched-qemu.sh` is:
#!/usr/bin/env bash
args=(
-display none
-cpu Skylake-Client-noTSX-IBRS
-no-user-config
-machine q35,accel=kvm
-nodefaults
-m 2048
-serial stdio
-drive file=/export/vm1.qcow2,format=qcow2,if=virtio
)
~/build/qemu/x86_64-softmmu/qemu-system-x86_64 "${args[@]}"
Run it:
$> ./patched-qemu.sh
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.01H:ECX.aes [bit 25]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.rdseed [bit 18]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.adx [bit 19]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.07H:EBX.smap [bit 20]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.80000001H:ECX.3dnowprefetch [bit 8]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.0DH:EAX.xsavec [bit 1]
qemu-system-x86_64: warning: host doesn't support requested feature:
CPUID.0DH:EAX.xgetbv1 [bit 2]
[...]
Here it doesn't complain (also correctly so) about "hle" and "rtm",
because the -noTSX-IBRS model disabled them :-)
> target/i386/cpu.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 47 insertions(+)
>
> diff --git a/target/i386/cpu.c b/target/i386/cpu.c
> index 296b491607..0267e08612 100644
> --- a/target/i386/cpu.c
> +++ b/target/i386/cpu.c
> @@ -2474,6 +2474,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> }
> },
> + {
> + .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + }
> + },
> { /* end of list */ }
> }
> },
> @@ -2541,6 +2549,14 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> }
> },
> + {
> + .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + }
> + },
> { /* end of list */ }
> }
> },
> @@ -2608,6 +2624,13 @@ static X86CPUDefinition builtin_x86_defs[] = {
> { /* end of list */ }
> },
> },
> + { .version = 3,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> { /* end of list */ }
> }
> },
> @@ -2665,6 +2688,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
> CPUID_6_EAX_ARAT,
> .xlevel = 0x80000008,
> .model_id = "Intel Core Processor (Icelake)",
> + .versions = (X86CPUVersionDefinition[]) {
> + { .version = 1 },
> + {
> + .version = 2,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> + { /* end of list */ }
> + }
> },
> {
> .name = "Icelake-Server",
> @@ -2723,6 +2758,18 @@ static X86CPUDefinition builtin_x86_defs[] = {
> CPUID_6_EAX_ARAT,
> .xlevel = 0x80000008,
> .model_id = "Intel Xeon Processor (Icelake)",
> + .versions = (X86CPUVersionDefinition[]) {
> + { .version = 1 },
> + {
> + .version = 2,
> + .props = (PropValue[]) {
> + { "hle", "off" },
> + { "rtm", "off" },
> + { /* end of list */ }
> + },
> + },
> + { /* end of list */ }
> + }
> },
> {
> .name = "Denverton",
> --
> 2.21.0
>
--
/kashyap