RFC: guest INTEL GDS mitigation status on patched host

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RFC: guest INTEL GDS mitigation status on patched host

From:	Jinpu Wang
Subject:	RFC: guest INTEL GDS mitigation status on patched host
Date:	Fri, 11 Aug 2023 15:12:12 +0200

Hi folks on the list:

I'm testing the latest Downfall cpu vulnerability mitigation. what I
notice is when both host and guest are using patched kernel +
microcode eg kernel 5.15.125 +  intel-microcode 20230808 on affected
server eg Icelake server.

The mitigation status inside guest is:

Vulnerabilities:
  Gather data sampling:  Unknown: Dependent on hyp
                         ervisor status
-----------------------------------> this one.
  Itlb multihit:         Not affected
  L1tf:                  Not affected
  Mds:                   Not affected
  Meltdown:              Not affected
  Mmio stale data:       Vulnerable: Clear CPU buf
                         fers attempted, no microc
                         ode; SMT Host state unkno
                         wn
  Retbleed:              Not affected
  Spec rstack overflow:  Not affected
  Spec store bypass:     Mitigation; Speculative S
                         tore Bypass disabled via
                         prctl and seccomp
  Spectre v1:            Mitigation; usercopy/swap
                         gs barriers and __user po
                         inter sanitization
  Spectre v2:            Mitigation; Enhanced IBRS
                         , IBPB conditional, RSB f
                         illing, PBRSB-eIBRS SW se
                         quence
  Srbds:                 Not affected
  Tsx async abort:       Not affected

According to kernel commit below
commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7
Author: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Date:   Wed Jul 12 19:43:14 2023 -0700

    KVM: Add GDS_NO support to KVM

    Gather Data Sampling (GDS) is a transient execution attack using
    gather instructions from the AVX2 and AVX512 extensions. This attack
    allows malicious code to infer data that was previously stored in
    vector registers. Systems that are not vulnerable to GDS will set the
    GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM
    guests that may think they are on vulnerable systems that are, in
    fact, not affected. Guests that are running on affected hosts where
    the mitigation is enabled are protected as if they were running
    on an unaffected system.

    On all hosts that are not affected or that are mitigated, set the
    GDS_NO bit.

    Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
    Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
    Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>

KVM also has the support of GDS_NO, but seems qemu side doesn't pass
the info to guest, that's why it is unknown. IMO qemu should pass
GDS_NO if the host is already patched.

Is Intel or anyone already working on the qemu patch? I know it's not
a must, but good to do.

Thx!
Jinpu Wang @ IONOS Cloud

[Prev in Thread]

Current Thread

[Next in Thread]

RFC: guest INTEL GDS mitigation status on patched host, Jinpu Wang <=
- [PATCH] target/i386: Export GDS_NO bit to guests, Pawan Gupta, 2023/08/11
  - Re: [PATCH] target/i386: Export GDS_NO bit to guests, Daniel Sneddon, 2023/08/11
- Re: RFC: guest INTEL GDS mitigation status on patched host, Jinpu Wang, 2023/08/14

Prev by Date: Re: [PATCH] virtio: don't zero out memory region cache for indirect descriptors
Next by Date: [PATCH 0/4] Generate x86 cpu features
Previous by thread: [PATCH trivial] qemu-img: omit errno value in error message
Next by thread: [PATCH] target/i386: Export GDS_NO bit to guests
Index(es):
- Date
- Thread