starting VMs causing retpoline4 to reboot

Bug #1747507 reported by Bryan Quigley on 2018-02-05
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Critical
Andy Whitcroft
Artful
Undecided
Unassigned

Bug Description

Using 4.13.0-33.36~retpoline4 kernel test kernel from ppa https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/spectre/.

CPU: AMD Ryzen 7 1700 Eight-Core Processor
Ubuntu: 17.10.

Steps to reproduce (has occurred both times I tried it):
1. Just run kvm with no options (or virsh start <> or start VM from GUI)
Machine reboots

Going back to 4.13.0-32 has virsh working again. qemu-system-x86_64 command works fine unless you use the enable kvm command.

Changed in linux (Ubuntu):
status: New → Confirmed
description: updated
description: updated
Bryan Quigley (bryanquigley) wrote :

Might be related, might not. This is displayed before the reboot.

host doesn't support requested feature: CPUID.01H:ECX.vmx [bit 5]

I did downgrade from the testing qemu packages, maybe that changed my VMs, but that still shouldn't cause a host reboot (or kvm with no options).

Andy Whitcroft (apw) wrote :

That feature bit warning is normal. Occurs benignly in most VM starts. I have tested this on an Intel system and am not seeing any issues with VMs so the issue must be AMD specific at least.

Stefan Bader (smb) wrote :

I saw similar issues on an older AMD (Opteron) box. With retpoline4 it was a hang but when I used a test version of what we currently have on master-next I got a reboot as well. The fault seems to happen very quickly, so there is not even output on a serial console.

Checking /sys/devices/system/cpu/vulnerabilities/spectre_v2 I got (not sure I remember the exact phrase) "full AMD retpoline". Then I tried booting with spectre_v2=off. That allows the VM guest to boot, so this can be isolated to the AMD spectre_v2 mitigation.

Stefan Bader (smb) wrote :

Booting with spectre_v2=retpoline,generic results in "Full generic retpoline" and also reboots when trying to start a KVM guest.

Andy Whitcroft (apw) on 2018-02-06
Changed in linux (Ubuntu):
assignee: nobody → Andy Whitcroft (apw)
importance: Undecided → Critical
status: Confirmed → In Progress
Bryan Quigley (bryanquigley) wrote :

Tried disabling some BIOS settings including trusted computing and hyperthreading which didn't have any effect.
Tried getting more info with linux-crashdump but it doesn't seem to work.
I am currently running with no kvm issues with mainline v4.15.1 and Full AMD retpoline.

Andy Whitcroft (apw) wrote :

Ok tracked this down to an issue with the RSB stuffer. I have applied a group of upstream fixes in this area and this has resolved the lockups in my testing. Could you do a final confirmation with the below kernel to make sure this also fixes your issues:

    http://people.canonical.com/~apw/lp1747507-artful/

Please report any testing back here.

Bryan Quigley (bryanquigley) wrote :

This bug appears fixed with that kernel, thanks!

Changed in linux (Ubuntu Artful):
status: New → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-artful' to 'verification-done-artful'. If the problem still exists, change the tag 'verification-needed-artful' to 'verification-failed-artful'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-artful
Bryan Quigley (bryanquigley) wrote :

This is fixed with Linux desktop 4.13.0-35-generic #39-Ubuntu SMP Mon Feb 12 11:06:39 UTC 2018

tags: added: verification-done-artful
removed: verification-needed-artful
Launchpad Janitor (janitor) wrote :
Download full text (20.1 KiB)

This bug was fixed in the package linux - 4.13.0-36.40

---------------
linux (4.13.0-36.40) artful; urgency=medium

  * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010)

  * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set

linux (4.13.0-35.39) artful; urgency=medium

  * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)

  * CVE-2017-5715 (Spectre v2 Intel)
    - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
    - SAUCE: turn off IBRS when full retpoline is present
    - [Packaging] retpoline files must be sorted
    - [Packaging] pull in retpoline files

linux (4.13.0-34.37) artful; urgency=medium

  * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)

  * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
    - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices

  * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
    (LP: #1747090)
    - KVM: s390: wire up bpb feature

  * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
    - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until
      online"

  * CVE-2017-5715 (Spectre v2 Intel)
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - SAUCE: turn off IBPB when full retpoline is present

  * Artful 4.13 fixes for tun (LP: #1748846)
    - tun: call dev_get_valid_name() before register_netdevice()
    - tun: allow positive return values on dev_get_valid_name() call
    - tun/tap: sanitize TUNSETSNDBUF input

  * boot failure on AMD Raven + WestonXT (LP: #1742759)
    - SAUCE: drm/amdgpu: add atpx quirk handling (v2)

linux (4.13.0-33.36) artful; urgency=low

  * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)

  [ Stefan Bader ]
  * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
    (Spectre v2 retpoline)
    - x86/retpoline: Fill RSB on context switch for affected CPUs
    - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
    - x86/retpol...

Changed in linux (Ubuntu Artful):
status: Fix Committed → Fix Released
Bryan Quigley (bryanquigley) wrote :

@Andy Whitcroft (apw), just want to confirm that this doesn't need to be tracked further. Everything seems to work fine in Bionic. Thanks!

Changed in linux (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments