Description of problem:
The RHEL-7.7 and newer anaconda installer mistakenly adds "spectre_v2=retpoline" to Cascade Lake systems. This can cause a performance slowdown.
I am the source of the this anaconda bug because we gave the anaconda team incomplete information for detecting only Skylake cpus.
BZ 1659626 is only meant for Skylake systems. That is because on Cascade Lake systems, the spectre_v2 CVE is fixed in hardware.
I specified in BZ 1659626 what cpu FAMILY values to look for to detect Skylake CPUs. The anaconda change from that BZ worked very well on the intended Skylake systems. All good so far.
However, then Cascade Lake systems came out as a follow-on to Skylake systems. Fresh RHEL-7.* installs do not need "spectre_v2=retpoline" added to the kernel command line.
Unfortunately, Cascade Lake uses the same cpu FAMILY ids as Skylake. As a result anaconda is adding "spectre_v2=retpoline" to Cascade Lake installs. This prevents letting the cpu do it faster in hardware.
Version-Release number of selected component (if applicable):
This is a bug in the RHEL-7.7 and 7.8 anaconda installer. It is not a bug in any earlier version of RHEL. It's not applicable to RHEL-8.
To reproduce this:
1) Do a fresh install of RHEL-7.8 or 7.8 on a Cascade Lake system.
2) Look at /proc/cmdline. The presence of "spectre_v2=retpoline" will be there. It should not. It only should be there for Skylake systems.
Per BZ 1659626, the suggested fix is as follows:
Cpus after Skylake have a hardware flag called ibrs_enhanced, which means spectre_v2 is fixed in hardware.
The installer can look at the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file for the string: "Enhanced IBRS". If that string exists, then the cpu is a Cascade Lake cpu and there is no need to add anything to the kernel boot line.
Instead of the current logic to detect Skylake cpus, which is:
if (the cpu FAMILY is a SKYLAKE family cpu)
then add "spectre_v2=retpoline" flag
Change it to only add the flag if it's a Skylake cpu and if "Enhanced IBRS" exists in the spectre_v2 vulnerabilities file:
if (the cpu FAMILY is a SKYLAKE family cpu &&
!strstr(str, "Enhanced IBRS"))
add "spectre_v2=retpoline" flag
Just curious if there's any update on this BZ?
It would help us understand what to tell customers.
Your suggested text looks good to me.
This bug won't be fixed and it's recommended to remove the "spectre_v2=retpoline" kernel parameter manually on Intel Cascade Lake systems:
# grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT