1747185 – "filtered-features" QOM property is not available

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1747185 - "filtered-features" QOM property is not available

Summary: "filtered-features" QOM property is not available

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	8.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.0
Assignee:	Eduardo Habkost
QA Contact:	Yumei Huang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1697627 1710589
TreeView+	depends on / blocked

Reported:	2019-08-29 20:42 UTC by Eduardo Habkost
Modified:	2019-11-05 20:51 UTC (History)
CC List:	10 users (show)
Fixed In Version:	qemu-kvm-2.12.0-86.module+el8.1.0+4146+4ed2d185
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1760565 (view as bug list)
Environment:
Last Closed:	2019-11-05 20:51:11 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	yuhuang: needinfo-

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:3345	0	None	None	None	2019-11-05 20:51:39 UTC

Description Eduardo Habkost 2019-08-29 20:42:24 UTC

Description of problem:
Without the "filtered-features" QOM property, libvirt won't be able to use MSR features for mode='host-model'.

Version-Release number of selected component (if applicable):
qemu-kvm-2.12.0-85.module+el8.1.0+4010+d6842f29.x86_64

How reproducible:
Always


Steps to Reproduce:
Run "virsh domcapabilities" on a machine that has arch_capabilities on /proc/cpuinfo.

Actual results:
None of the arch-capabilities bits (rdctl-no, ibrs-all, rsba, skip-l1dfl-vmentry, ssb-no, mds-no) are reported by "virsh domcapabilities".


Expected results:
arch-capabilities bits should be reported by "virsh capabilities".

Additional info:
Problem detected during testing of bug 1697627.

Comment 10 Yumei Huang 2019-09-05 07:56:18 UTC

Verify:
qemu-kvm-2.12.0-86.module+el8.1.0+4146+4ed2d185
kernel-4.18.0-141.el8.x86_64
libvirt-client-4.5.0-33.scrmod+el8.1.0+4090+e8e6ad83.x86_64

Host: intel-purley-lr-03.khw1.lab.eng.bos.redhat.com 
# lscpu
Model name:          Intel(R) Xeon(R) Platinum 8260L CPU @ 2.40GHz
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single intel_ppin ssbd mba ibrs ibpb stibp ibrs_enhanced tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req pku ospke avx512_vnni md_clear flush_l1d arch_capabilities


The arch-capabilities bits (rdctl-no, ibrs-all, skip-l1dfl-vmentry, mds-no) are reported by "virsh domcapabilities", except "ssb-no", "rsba".

# virsh domcapabilities
   <mode name='host-model' supported='yes'>
      <model fallback='forbid'>Cascadelake-Server</model>
      <vendor>Intel</vendor>
      <feature policy='require' name='ss'/>
      <feature policy='require' name='vmx'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='umip'/>
      <feature policy='require' name='pku'/>
      <feature policy='require' name='md-clear'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' name='xsaves'/>
      <feature policy='require' name='invtsc'/>
      <feature policy='require' name='rdctl-no'/>
      <feature policy='require' name='ibrs-all'/>
      <feature policy='require' name='skip-l1dfl-vmentry'/>
      <feature policy='require' name='mds-no'/>
    </mode>

When use host-model, QEMU cli is,
#...  -cpu Cascadelake-Server,ss=on,vmx=on,hypervisor=on,tsc-adjust=on,umip=on,pku=on,md-clear=on,stibp=on,arch-capabilities=on,xsaves=on,rdctl-no=on,ibrs-all=on,skip-l1dfl-vmentry=on,mds-no=on,hv_time,hv_vapic,hv_spinlocks=0x1000


Checked cpu vulnerability info in guest, all are same to host.
# grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Enhanced IBRS, IBPB: conditional, RSB filling

Comment 11 Yumei Huang 2019-09-05 08:01:00 UTC

Hi Eduardo,

Would you please check above verification? Is it expected that "ssb-no" and "rsba" are not reported in virsh domcapabilities? And I'm wondering if there is a way to verify from QEMU other than libvirt. 

Thanks,
Yumei Huang

Comment 12 Eduardo Habkost 2019-09-06 19:50:59 UTC

(In reply to Yumei Huang from comment #11)
> Hi Eduardo,
> 
> Would you please check above verification? Is it expected that "ssb-no" and
> "rsba" are not reported in virsh domcapabilities?

It depends on the host.  Unfortunately the only way to get the MSR bits from the host is using the `rdmsr 0x0000010a` command and decoding the bits by hand.  RSBA is bit 2, SSB_NO is bit 4.

We can see that this host doesn't have SSB_NO set, because it would make vulnerabilities/spec_store_bypass say "Not affected".

RSBA seems to be ignored by Linux, so we shouldn't worry about it.  But you can check it using `rdmsr 0x0000010a` if you want to.  My guess is that the host doesn't have RSBA set.



> And I'm wondering if there
> is a way to verify from QEMU other than libvirt. 

It is possible to use the `qom-get path=... property=unavailable-features` QMP command to get the property from the CPU objects (look for the CPU QOM path on `query-cpus`).  But as this is an integration bug, testing if libvirt works is the most important part of the validation of this bug.

Comment 13 Yumei Huang 2019-09-09 03:31:58 UTC

(In reply to Eduardo Habkost from comment #12)
> (In reply to Yumei Huang from comment #11)
> > Hi Eduardo,
> > 
> > Would you please check above verification? Is it expected that "ssb-no" and
> > "rsba" are not reported in virsh domcapabilities?
> 
> It depends on the host.  Unfortunately the only way to get the MSR bits from
> the host is using the `rdmsr 0x0000010a` command and decoding the bits by
> hand.  RSBA is bit 2, SSB_NO is bit 4.
> 
> We can see that this host doesn't have SSB_NO set, because it would make
> vulnerabilities/spec_store_bypass say "Not affected".
> 
> RSBA seems to be ignored by Linux, so we shouldn't worry about it.  But you
> can check it using `rdmsr 0x0000010a` if you want to.  My guess is that the
> host doesn't have RSBA set.
> 

Checked host, both RSBA and SSB_NO bit is 0.

# rdmsr 0x0000010a
2b

> 
> > And I'm wondering if there
> > is a way to verify from QEMU other than libvirt. 
> 
> It is possible to use the `qom-get path=... property=unavailable-features`
> QMP command to get the property from the CPU objects (look for the CPU QOM
> path on `query-cpus`).  But as this is an integration bug, testing if
> libvirt works is the most important part of the validation of this bug.

Seems it can't by using qom-get as it returns empty.

{"execute": "qom-get","arguments": { "path": "/machine/unattached/device[2]","property": "unavailable-features"}}
{"return": []}


However, I'm moving to verified per the test with libvirt in comment 10. Thanks.

Comment 14 Eduardo Habkost 2019-09-09 14:05:07 UTC

(In reply to Yumei Huang from comment #13)
> Seems it can't by using qom-get as it returns empty.
> 
> {"execute": "qom-get","arguments": { "path":
> "/machine/unattached/device[2]","property": "unavailable-features"}}
> {"return": []}

This is expected.  unavailable-features is the QMP equivalent of the "feature not supported by host" warnings on the console.  If you see no warnings, unavailable-features will be empty.

e.g.: using "-cpu host,+rsba,+ssb-no" should make the property return ["rsba", "ssb-no"].

Comment 15 Yumei Huang 2019-09-10 02:33:53 UTC

(In reply to Eduardo Habkost from comment #14)
> (In reply to Yumei Huang from comment #13)
> > Seems it can't by using qom-get as it returns empty.
> > 
> > {"execute": "qom-get","arguments": { "path":
> > "/machine/unattached/device[2]","property": "unavailable-features"}}
> > {"return": []}
> 
> This is expected.  unavailable-features is the QMP equivalent of the
> "feature not supported by host" warnings on the console.  If you see no
> warnings, unavailable-features will be empty.
> 
> e.g.: using "-cpu host,+rsba,+ssb-no" should make the property return
> ["rsba", "ssb-no"].

Yes, you are right, thanks.

Comment 17 errata-xmlrpc 2019-11-05 20:51:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:3345

Note You need to log in before you can comment on or make changes to this bug.