Bug 1767612

Summary: RHEL-7 Anaconda mistakenly adding "spectre_v2=retpoline" to Cascade Lake systems.
Product: Red Hat Enterprise Linux 7 Reporter: Joe Mario <jmario>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED WONTFIX QA Contact: Release Test Team <release-test-team-automation>
Severity: high Docs Contact: Sharon Moroney <smoroney>
Priority: high    
Version: 7.8CC: dshaks, jstodola, longman, natashba, smoroney, ttracy
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
.RHEL 7.7 and later installations add `spectre_v2=retpoline` to Intel Cascade Lake systems  RHEL 7.7 and later installations add the `spectre_v2=retpoline` kernel parameter to Intel Cascade Lake systems, and as a consequence, system performance is affected. To work around this problem and ensure the best performance, complete the following steps. . Remove the kernel boot parameter on Intel Cascade Lake systems: + ---- # grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT ---- + . Reboot the system: + ---- # reboot ----
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-16 11:16:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Joe Mario 2019-10-31 19:32:10 UTC 
Description of problem:
The RHEL-7.7 and newer anaconda installer mistakenly adds "spectre_v2=retpoline" to Cascade Lake systems.  This can cause a performance slowdown.

I am the source of the this anaconda bug because we gave the anaconda team incomplete information for detecting only Skylake cpus.

BZ 1659626 is only meant for Skylake systems.  That is because on Cascade Lake systems, the spectre_v2 CVE is fixed in hardware.

I specified in BZ 1659626 what cpu FAMILY values to look for to detect Skylake CPUs.  The anaconda change from that BZ worked very well on the intended Skylake systems.  All good so far.

However, then Cascade Lake systems came out as a follow-on to Skylake systems.  Fresh RHEL-7.* installs do not need "spectre_v2=retpoline" added to the kernel command line.

Unfortunately, Cascade Lake uses the same cpu FAMILY ids as Skylake.  As a result anaconda is adding "spectre_v2=retpoline" to Cascade Lake installs.  This prevents letting the cpu do it faster in hardware.

Version-Release number of selected component (if applicable):
This is a bug in the RHEL-7.7 and 7.8 anaconda installer.  It is not a bug in any earlier version of RHEL.  It's not applicable to RHEL-8.

To reproduce this:
1) Do a fresh install of RHEL-7.8 or 7.8 on a Cascade Lake system.
2) Look at /proc/cmdline.  The presence of "spectre_v2=retpoline" will be there.  It should not.  It only should be there for Skylake systems.


Additional info:
Per BZ 1659626, the suggested fix is as follows:

Cpus after Skylake have a hardware flag called ibrs_enhanced, which means spectre_v2 is fixed in hardware.

The installer can look at the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file for the string: "Enhanced IBRS".  If that string exists, then the cpu is a Cascade Lake cpu and there is no need to add anything to the kernel boot line.

Therefore:
Instead of the current logic to detect Skylake cpus, which is:
   if (the cpu FAMILY is a SKYLAKE family cpu)
       then add "spectre_v2=retpoline" flag

Change it to only add the flag if it's a Skylake cpu and if "Enhanced IBRS" exists in the spectre_v2 vulnerabilities file:
   if (the cpu FAMILY is a SKYLAKE family cpu && 
      !strstr(str, "Enhanced IBRS"))
       add "spectre_v2=retpoline" flag
Comment 1 Joe Mario 2020-03-10 15:36:17 UTC 
Just curious if there's any update on this BZ?
It would help us understand what to tell customers.

Thank you.
Joe Mario
Comment 5 Joe Mario 2020-03-13 15:38:23 UTC 
Hi Jan:
Your suggested text looks good to me.
Thank you.
Joe
Comment 14 Jan Stodola 2020-03-16 11:16:48 UTC 
This bug won't be fixed and it's recommended to remove the "spectre_v2=retpoline" kernel parameter manually on Intel Cascade Lake systems:

# grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT
# reboot