nested virtualization w/first level trusty guests has odd MDS behavior
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
qemu (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
When nested kvm virtualization is used (with host-passthrough), if the first level guest is a trusty vm, odd behavior is seen in the second level guest:
host os:
disco/
contents of /sys/devices/
Mitigation: Clear CPU buffers; SMT vulnerable
1st level vm:
trusty/
contents of /sys/devices/
Mitigation: Clear CPU buffers; SMT Host state unknown
2nd level vm:
bionic/
contents of /sys/devices/
Not affected
This behavior is not seen when the first level guest is a xenial or bionic vm (same bare metal hardware):
1st level vm:
bionic/
contents of /sys/devices/
Mitigation: Clear CPU buffers; SMT Host state unknown
2nd level vm:
bionic/
contents of /sys/devices/
Mitigation: Clear CPU buffers; SMT Host state unknown
and:
1st level vm:
xenial/
contents of /sys/devices/
Mitigation: Clear CPU buffers; SMT Host state unknown
2nd level vm:
bionic/
contents of /sys/devices/
Mitigation: Clear CPU buffers; SMT Host state unknown
It's not clear whether this is an issue with linux/kvm or qemu in trusty.
---
ApportVersion: 2.14.1-0ubuntu3.29
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/
DistroRelease: Ubuntu 14.04
HibernationDevice: RESUME=
InstallationDate: Installed on 2019-02-14 (92 days ago)
InstallationMedia: Ubuntu 14.04.5 LTS "Trusty Tahr" - Release amd64 (20160803)
Lsusb:
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
Package: qemu 2.0.0+dfsg-
PackageArchitec
ProcEnviron:
TERM=screen
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 qxldrmfb
ProcKernelCmdLine: BOOT_IMAGE=
ProcVersionSign
RelatedPackageV
linux-
linux-
linux-firmware 1.127.24
RfKill:
Tags: trusty trusty
Uname: Linux 4.4.0-148-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: 1.12.0-1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.
dmi.modalias: dmi:bvnSeaBIOS:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.
dmi.sys.vendor: QEMU
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1829555
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.