Bug 1406791 - Blacklist TSX feature from specific Intel CPU models
Summary: Blacklist TSX feature from specific Intel CPU models
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jiri Denemark
QA Contact: Jing Qi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-21 13:59 UTC by Daniel Berrangé
Modified: 2019-06-20 04:27 UTC (History)
6 users (show)

Fixed In Version: libvirt-3.2.0-1.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1406827 (view as bug list)
Environment:
Last Closed: 2017-08-01 17:21:45 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1846 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2017-08-01 18:02:50 UTC

Description Daniel Berrangé 2016-12-21 13:59:05 UTC
Description of problem:
Relying on users having installed the microcode updates is found to be insufficiently robust to prevent use of the broken TSX feature in certain Intel CPUs.

We need to follow glibc's lead in checking CPUID and using code in libvirt to explicitly blacklist the TSX feature

https://sourceware.org/git/?p=glibc.git;a=commit;h=2702856bf45c82cf8e69f2064f5aa15c0ceb6359

Specific logic is:

+           case 0x3f:
+             /* Xeon E7 v3 with stepping >= 4 has working TSX.  */
+             if (stepping >= 4)
+               break;
+           case 0x3c:
+           case 0x45:
+           case 0x46:
+             /* Disable Intel TSX on Haswell processors (except Xeon E7 v3
+                with stepping >= 4) to avoid TSX on kernels that weren't
+                updated with the latest microcode package (which disables
+                broken feature by default).  */
+             cpu_features->cpuid[COMMON_CPUID_INDEX_7].ebx &= ~(bit_cpu_RTM);
+             break;


When run, we need to block exposing of TSX in the host CPU model reported in virsh capabilities, and prevent TSX being used in KVM (but not QEMU) guest CPUs.

Version-Release number of selected component (if applicable):
libvirt-2.0.0-10.el7

Comment 1 Jiri Denemark 2017-02-16 14:03:05 UTC
Patches sent upstream for review: https://www.redhat.com/archives/libvir-list/2017-February/msg00807.html

Comment 2 Jiri Denemark 2017-03-03 19:11:24 UTC
This is now implemented upstream by:

commit d60012b4e77c8c67757847c9a4e4aa924b0ee9a0
Refs: v3.1.0-26-gd60012b4e
Author:     Jiri Denemark <jdenemar@redhat.com>
AuthorDate: Wed Feb 15 15:01:40 2017 +0100
Commit:     Jiri Denemark <jdenemar@redhat.com>
CommitDate: Fri Mar 3 19:57:57 2017 +0100

    cpu_x86: Disable TSX on broken models

    All Intel Haswell processors (except Xeon E7 v3 with stepping >= 4) have
    TSX disabled by microcode update. As not all CPUs are guaranteed to be
    patched with microcode updates we need to explicitly disable TSX on
    affected CPUs to avoid its accidental usage.

    https://bugzilla.redhat.com/show_bug.cgi?id=1406791

    Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

commit 3f174b6cba8a80c34bde9a837db542789ad7ff28
Refs: v3.1.0-27-g3f174b6cb
Author:     Jiri Denemark <jdenemar@redhat.com>
AuthorDate: Thu Feb 16 14:41:29 2017 +0100
Commit:     Jiri Denemark <jdenemar@redhat.com>
CommitDate: Fri Mar 3 19:57:57 2017 +0100

    cputest: Add CPUID data for Haswell with TSX

    All existing Haswell CPUID data were gathered from CPUs with broken TSX.
    Let's add new data for Haswell with correct TSX implementation.

    Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Comment 4 Jing Qi 2017-05-12 06:54:18 UTC
Verified with libvirt-3.2.0-4.el7.x86_64 and qemu-kvm-rhev-2.9.0-3.el7.x86_64 in a host -
Intel Platform: Brickland-EX Cpu:Haswell-EX C0 QDF
Intel(R) Xeon(R) CPU E7-8890 v3 @ 2.50GHz

cat /proc/cpuinfo |grep rtm
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm epb tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm xsaveopt cqm_llc cqm_occup_llc dtherm ida arat pln pts

#virsh capabilities |grep rtm

And tried to start a guest with
 <cpu mode='custom' match='exact' check='partial'>
    <model fallback='allow'>Penryn</model>
    <vendor>Intel</vendor>
    <feature policy='require' name='rtm'/>
  </cpu>


# virsh start rhel7_1
error: Failed to start domain rhel7_1
error: the CPU is incompatible with host CPU: Host CPU does not provide required features: rtm

Comment 5 Jing Qi 2017-05-17 02:35:38 UTC
More information about last comment, it's a stepping 3 machine.

And I verified the bug in a host with model  Intel(R) Xeon(R) CPU E7-8890 v3 @ 2.50GHz stepping 4.  There is no rtm in virsh capabilities -

#virsh capabilities |grep rtm


And started a guest and checked there is no rtm flag in the guest.

Comment 6 errata-xmlrpc 2017-08-01 17:21:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1846

Comment 7 errata-xmlrpc 2017-08-02 00:01:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1846


Note You need to log in before you can comment on or make changes to this bug.