2019-08-20 07:43:20 |
Christian Ehrhardt |
bug |
|
|
added bug |
2019-08-20 07:43:30 |
Christian Ehrhardt |
bug task added |
|
qemu (Ubuntu) |
|
2019-08-20 07:43:37 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Bionic |
|
2019-08-20 07:43:37 |
Christian Ehrhardt |
bug task added |
|
qemu (Ubuntu Bionic) |
|
2019-08-20 07:43:37 |
Christian Ehrhardt |
bug task added |
|
libvirt (Ubuntu Bionic) |
|
2019-08-20 07:43:44 |
Christian Ehrhardt |
libvirt (Ubuntu): status |
New |
Fix Released |
|
2019-08-20 07:43:46 |
Christian Ehrhardt |
qemu (Ubuntu): status |
New |
Fix Released |
|
2019-08-20 07:43:48 |
Christian Ehrhardt |
libvirt (Ubuntu Bionic): status |
New |
Triaged |
|
2019-08-20 07:43:50 |
Christian Ehrhardt |
libvirt (Ubuntu Bionic): importance |
Undecided |
Medium |
|
2019-08-20 07:43:53 |
Christian Ehrhardt |
qemu (Ubuntu Bionic): importance |
Undecided |
Medium |
|
2019-08-20 07:43:56 |
Christian Ehrhardt |
qemu (Ubuntu Bionic): status |
New |
Triaged |
|
2019-08-20 07:43:58 |
Christian Ehrhardt |
qemu (Ubuntu Bionic): assignee |
|
Christian Ehrhardt (paelzer) |
|
2019-08-20 07:43:59 |
Christian Ehrhardt |
libvirt (Ubuntu Bionic): assignee |
|
Christian Ehrhardt (paelzer) |
|
2019-08-21 11:22:31 |
Christian Ehrhardt |
description |
Newer AMD FW/Chips can provide better ssbd mitigations than the initial virt-ssbd which was already backports as part of the security CVEs back when spectre appeared.
The faster mode is described in a document attached to:
https://bugzilla.kernel.org/show_bug.cgi?id=199889
In addition via the amd-no-ssb flag chips can declare that they are unaffected and no mitigationas are needed.
libvirt
commit ver subject
2625722c 4.6 cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)
Qemu:
a764f3f7 3.0 i386: define the AMD 'amd-ssbd' CPUID feature bit
254790a9 3.0 i386: Define AMD's no SSB mitigation needed.
Given that I'd expect Rome chips usage to rise and those have some of them set it makes sense to backport that to the latest LTS at least. Users are already "secure" without that but it will help to get less of a performance hit due to better (or not needed) mitigations.
Since the code already is in libvirt 4.6 and qemu 3.0 this is already in recent Ubuntu releases (>=Disco) and only about the SRU.
To be combined with the libvirt backports for the intel counterpart in bug 1828495 which needs some pre-work in Eoan at first. |
[Impact]
* After the initial fixes relates to Spectre were urgent and sometimes
crude there are more and more refined/improved fixes available now.
For details see
124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf
attached to https://bugzilla.kernel.org/show_bug.cgi?id=199889
* This small change makes those new CPU flags known to libvirt/qemu to
pass them to the guests if wanted.
[Test Case]
* On a system with those flags (newer AMD chips + Firmware updates)
- "virsh capabilities" should report the amd[-no]-ssbd flag
- if also the qemu update is available "virsh domcapabilities" should
list it.
- A guest started as host-model should add the feature to the guest
definition
- The guest should receive the flags (that is hard to see as they are
not in e.g. /proc/cpuinfo, might need some kernel poking)
[Regression Potential]
* This makes flags known and some modes will detect and pass all flags to
the guest (e.g. host-model). Due to that a non patched target might not
know about (that is common and ok through those upgrades).
* More interesting (but still preferred to not patching it) is a guest
that handles the use of the mitigation "wrong". Imagine a guest had not
got the flag passed before the fix, now gets it and enables whatever
mitigation that implies. If this mitigation is broken a formerly
working guest would fail. Again this is a common concept through
upgrades of the virt stack which is the reason why usually higher level
apps check the capabilities initially and then model the features.
Those will not change through an upgrade, only new e.g. host-model
guest starts will model it with the new code which then will contain
the new flags.
[Other Info]
* n/a
---
Newer AMD FW/Chips can provide better ssbd mitigations than the initial virt-ssbd which was already backports as part of the security CVEs back when spectre appeared.
The faster mode is described in a document attached to:
https://bugzilla.kernel.org/show_bug.cgi?id=199889
In addition via the amd-no-ssb flag chips can declare that they are unaffected and no mitigationas are needed.
libvirt
commit ver subject
2625722c 4.6 cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)
Qemu:
a764f3f7 3.0 i386: define the AMD 'amd-ssbd' CPUID feature bit
254790a9 3.0 i386: Define AMD's no SSB mitigation needed.
Given that I'd expect Rome chips usage to rise and those have some of them set it makes sense to backport that to the latest LTS at least. Users are already "secure" without that but it will help to get less of a performance hit due to better (or not needed) mitigations.
Since the code already is in libvirt 4.6 and qemu 3.0 this is already in recent Ubuntu releases (>=Disco) and only about the SRU.
To be combined with the libvirt backports for the intel counterpart in bug 1828495 which needs some pre-work in Eoan at first. |
|
2019-08-22 08:24:27 |
Christian Ehrhardt |
qemu (Ubuntu Bionic): status |
Triaged |
In Progress |
|
2019-08-22 08:24:29 |
Christian Ehrhardt |
libvirt (Ubuntu Bionic): status |
Triaged |
In Progress |
|
2019-08-27 09:38:59 |
Robie Basak |
qemu (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2019-08-27 09:39:01 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-08-27 09:39:04 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
2019-08-27 09:39:06 |
Robie Basak |
tags |
|
verification-needed verification-needed-bionic |
|
2019-08-28 07:39:38 |
Christian Ehrhardt |
tags |
verification-needed verification-needed-bionic |
verification-done verification-done-bionic |
|
2019-09-05 10:51:38 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2019-09-05 10:51:35 |
Launchpad Janitor |
qemu (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2019-09-12 15:44:55 |
Robie Basak |
libvirt (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2019-09-12 15:44:56 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2019-09-12 15:45:00 |
Robie Basak |
tags |
verification-done verification-done-bionic |
verification-needed verification-needed-bionic |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2017-5715 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2017-5753 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2017-5754 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-12126 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-12127 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-12130 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-3615 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-3620 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-3639 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-3640 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2018-3646 |
|
2019-09-13 08:09:59 |
Christian Ehrhardt |
cve linked |
|
2019-11091 |
|
2019-09-13 08:10:16 |
Christian Ehrhardt |
tags |
verification-needed verification-needed-bionic |
verification-done verification-done-bionic |
|
2019-09-19 09:13:59 |
Launchpad Janitor |
libvirt (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|