[regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel: meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)

Bug #1765429 reported by bugproxy on 2018-04-19
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
The Ubuntu-power-systems project
Critical
Canonical Kernel Team
linux (Ubuntu)
Undecided
Ubuntu on IBM Power Systems Bug Triage
Bionic
Undecided
Ubuntu on IBM Power Systems Bug Triage

Bug Description

---Problem Description---
4.15.0-17-generic #18-Ubuntu introduces newer knob to control enabling rfi_flush to mitigate meltdown/spectre which is set to disable by default for guest instead of enable.

#cat /sys/kernel/debug/powerpc/rfi_flush
0 --------------------------------------------------------------NOK

Expected:
/sys/kernel/debug/powerpc/rfi_flush should be 1 bydefault if guest has the capability to mitigate.

---uname output---
Linux ubuntu 4.15.0-17-generic #18-Ubuntu SMP Mon Apr 16 21:16:36 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux

---Additional Hardware Info---
power9 boston 2.2 (pvr 004e 1202), power8 tuleta 2.1 (pvr 004b 0201)

Machine Type = power9 boston 2.2 (pvr 004e 1202), power8 tuleta 2.1 (pvr 004b 0201)

---Steps to Reproduce---
Pre-requite:
FW version-
power9 boston: SUPERMICRO-P9DSU-V1.10-20180413-imp (that supports mitigation)
power8 tuleta: fips861/b0320a_1812.861 (that supports mitigation)
Host: 4.15.0-17-generic #18-Ubuntu
qemu: 1:2.11+dfsg-1ubuntu6

Guest: 4.15.0-17-generic #18-Ubuntu

Results of Power9 Host:
++++++++++++++++++

1) Boot a ubuntu 18.04 guest with latest kernel(4.15.0-17-generic #18) with pseries-bionic-sxxm machine type, it boots with "no flush" i.e /sys/kernel/debug/powerpc/rfi_flush = 0 which leads to below failure in (l1d flush - syscall) unit test for meltdown.

# make tests
=========
Machine details from dmesg:
dmesg | grep -e 'pSeries machine' -e 'OPAL detected' -e rfi-fixups -e rfi-flush
[ 0.000000] Using pSeries machine description
[ 0.000000] rfi-flush: fallback displacement flush available
[ 0.000000] rfi-flush: ori type flush available
[ 0.000000] rfi-flush: mttrig type flush available
[ 0.000000] rfi-flush: patched 9 locations (no flush)
=========
Running tests...
Testing mitigation for spectre (ii. indirect branch prediction)... PASS (20000071 branches, 10000006 branch misses)
Testing mitigation for meltdown (l1d flush - syscall)... FAIL (132523 misses, 192000000 expected) [10/10 failures]
Testing mitigation for meltdown (l1d flush - userspace)... SKIP (!power8)
# uname -a
Linux ubuntu 4.15.0-17-generic #18-Ubuntu SMP Mon Apr 16 21:16:36 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux

2) Once we enable rfi_flush i.e. /sys/kernel/debug/powerpc/rfi_flush = 1 manually the tests are passing fine,
#echo 1 > /sys/kernel/debug/powerpc/rfi_flush
# cat /sys/kernel/debug/powerpc/rfi_flush
1
# make tests
=========
Machine details from dmesg:
dmesg | grep -e 'pSeries machine' -e 'OPAL detected' -e rfi-fixups -e rfi-flush
[ 0.000000] Using pSeries machine description
[ 0.000000] rfi-flush: fallback displacement flush available
[ 0.000000] rfi-flush: ori type flush available
[ 0.000000] rfi-flush: mttrig type flush available
[ 0.000000] rfi-flush: patched 9 locations (no flush)
[ 1502.627548] rfi-flush: patched 9 locations (ori+mttrig type flush)
=========
Running tests...
Testing mitigation for spectre (ii. indirect branch prediction)... PASS (20000074 branches, 10000010 branch misses)
Testing mitigation for meltdown (l1d flush - syscall)... PASS (196010325 misses, 192000000 expected) [10/10 pass]
Testing mitigation for meltdown (l1d flush - userspace)... SKIP (!power8)

Results of Power8 Host:
+++++++++++++++++++
1)
#cat /sys/kernel/debug/powerpc/rfi_flush
0

# make tests
=========
Machine details from dmesg:
dmesg | grep -e 'pSeries machine' -e 'OPAL detected' -e rfi-fixups -e rfi-flush
[ 0.000000] Using pSeries machine description
[ 0.000000] rfi-flush: fallback displacement flush available
[ 0.000000] rfi-flush: patched 9 locations (no flush)
=========
Running tests...
Testing mitigation for spectre (ii. indirect branch prediction)... PASS (20000066 branches, 10000010 branch misses)
Testing mitigation for meltdown (l1d flush - syscall)... FAIL (150100 misses, 192000000 expected) [10/10 failures]
Testing mitigation for meltdown (l1d flush - userspace)... SKIP (!power8)

2)
#echo 1 > /sys/kernel/debug/powerpc/rfi_flush
#cat /sys/kernel/debug/powerpc/rfi_flush
1

# make tests
=========
Machine details from dmesg:
dmesg | grep -e 'pSeries machine' -e 'OPAL detected' -e rfi-fixups -e rfi-flush
[ 0.000000] Using pSeries machine description
[ 0.000000] rfi-flush: fallback displacement flush available
[ 0.000000] rfi-flush: patched 9 locations (no flush)
[ 243.736201] rfi-flush: patched 9 locations (fallback displacement flush)
=========
Running tests...
Testing mitigation for spectre (ii. indirect branch prediction)... PASS (20000054 branches, 10000008 branch misses)
Testing mitigation for meltdown (l1d flush - syscall)... PASS (195105463 misses, 192000000 expected) [10/10 pass]
Testing mitigation for meltdown (l1d flush - userspace)... SKIP (!power8)

# uname -a
Linux ubuntu 4.15.0-17-generic #18-Ubuntu SMP Mon Apr 16 21:16:36 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux

== Breno Leitao ==
Patch sent to the mailing list already:

https://lists.ubuntu.com/archives/kernel-team/2018-April/091789.html

CVE References

bugproxy (bugproxy) on 2018-04-19
tags: added: architecture-ppc64le bugnameltc-166922 severity-critical targetmilestone-inin1804
Changed in ubuntu:
assignee: nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage)
affects: ubuntu → linux (Ubuntu)
Changed in ubuntu-power-systems:
importance: Undecided → Critical
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
tags: added: triage-g
Changed in linux (Ubuntu Bionic):
status: New → Fix Committed
Changed in ubuntu-power-systems:
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (35.7 KiB)

This bug was fixed in the package linux - 4.15.0-19.20

---------------
linux (4.15.0-19.20) bionic; urgency=medium

  * linux: 4.15.0-19.20 -proposed tracker (LP: #1766021)

  * Kernel 4.15.0-15 breaks Dell PowerEdge 12th Gen servers (LP: #1765232)
    - Revert "blk-mq: simplify queue mapping & schedule with each possisble CPU"
    - Revert "genirq/affinity: assign vectors to all possible CPUs"

linux (4.15.0-18.19) bionic; urgency=medium

  * linux: 4.15.0-18.19 -proposed tracker (LP: #1765490)

  * [regression] Ubuntu 18.04:[4.15.0-17-generic #18] KVM Guest Kernel:
    meltdown: rfi/fallback displacement flush not enabled bydefault (kvm)
    (LP: #1765429)
    - powerpc/pseries: Fix clearing of security feature flags

  * signing: only install a signed kernel (LP: #1764794)
    - [Packaging] update to Debian like control scripts
    - [Packaging] switch to triggers for postinst.d postrm.d handling
    - [Packaging] signing -- switch to raw-signing tarballs
    - [Packaging] signing -- switch to linux-image as signed when available
    - [Config] signing -- enable Opal signing for ppc64el
    - [Packaging] printenv -- add signing options

  * [18.04 FEAT] Sign POWER host/NV kernels (LP: #1696154)
    - [Packaging] signing -- add support for signing Opal kernel binaries

  * Please cherrypick s390 unwind fix (LP: #1765083)
    - s390/compat: fix setup_frame32

  * Ubuntu 18.04 installer does not detect any IPR based HDD/RAID array [S822L]
    [ipr] (LP: #1751813)
    - d-i: move ipr to storage-core-modules on ppc64el

  * drivers/gpu/drm/bridge/adv7511/adv7511.ko missing (LP: #1764816)
    - SAUCE: (no-up) rename the adv7511 drm driver to adv7511_drm

  * Miscellaneous Ubuntu changes
    - [Packaging] Add linux-oem to rebuild test blacklist.

linux (4.15.0-17.18) bionic; urgency=medium

  * linux: 4.15.0-17.18 -proposed tracker (LP: #1764498)

  * Eventual OOM with profile reloads (LP: #1750594)
    - SAUCE: apparmor: fix memory leak when duplicate profile load

linux (4.15.0-16.17) bionic; urgency=medium

  * linux: 4.15.0-16.17 -proposed tracker (LP: #1763785)

  * [18.04] [bug] CFL-S(CNP)/CNL GPIO testing failed (LP: #1757346)
    - [Config]: Set CONFIG_PINCTRL_CANNONLAKE=y

  * [Ubuntu 18.04] USB Type-C test failed on GLK (LP: #1758797)
    - SAUCE: usb: typec: ucsi: Increase command completion timeout value

  * Fix trying to "push" an already active pool VP (LP: #1763386)
    - SAUCE: powerpc/xive: Fix trying to "push" an already active pool VP

  * hisi_sas: Revert and replace SAUCE patches w/ upstream (LP: #1762824)
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: export device table of v3 hw to
      userspace"
    - Revert "UBUNTU: SAUCE: scsi: hisi_sas: config for hip08 ES"
    - scsi: hisi_sas: modify some register config for hip08
    - scsi: hisi_sas: add v3 hw MODULE_DEVICE_TABLE()

  * Realtek card reader - RTS5243 [VEN_10EC&DEV_5260] (LP: #1737673)
    - misc: rtsx: Move Realtek Card Reader Driver to misc
    - updateconfigs for Realtek Card Reader Driver
    - misc: rtsx: Add support for RTS5260
    - misc: rtsx: Fix symbol clashes

  * Mellanox [mlx5] [bionic] UBSAN: Undefined behaviour in
    ./include/linux/net_dim.h (LP: #1...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Changed in ubuntu-power-systems:
status: Fix Committed → Fix Released

------- Comment From <email address hidden> 2018-04-30 02:13 EDT-------
Tested on 4.15.0-20-generic and issue is found fixed.

Power9 Guest:
# cat /sys/kernel/debug/powerpc/rfi_flush
1

# dmesg|grep rfi
[ 0.000000] rfi-flush: fallback displacement flush available
[ 0.000000] rfi-flush: ori type flush available
[ 0.000000] rfi-flush: mttrig type flush available
[ 0.000000] rfi-flush: patched 9 locations (ori+mttrig type flush)

Power8 Guest:
# cat /sys/kernel/debug/powerpc/rfi_flush
1
#dmesg|grep rfi
[ 0.000000] rfi-flush: fallback displacement flush available
[ 0.000000] rfi-flush: patched 9 locations (fallback displacement flush)

Regards,
-Satheesh

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers