RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1767612 - RHEL-7 Anaconda mistakenly adding "spectre_v2=retpoline" to Cascade Lake systems.
Summary: RHEL-7 Anaconda mistakenly adding "spectre_v2=retpoline" to Cascade Lake syst...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: anaconda
Version: 7.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Anaconda Maintenance Team
QA Contact: Release Test Team
Sharon Moroney
Depends On:
TreeView+ depends on / blocked
Reported: 2019-10-31 19:32 UTC by Joe Mario
Modified: 2021-01-18 14:37 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
.RHEL 7.7 and later installations add `spectre_v2=retpoline` to Intel Cascade Lake systems  RHEL 7.7 and later installations add the `spectre_v2=retpoline` kernel parameter to Intel Cascade Lake systems, and as a consequence, system performance is affected. To work around this problem and ensure the best performance, complete the following steps. . Remove the kernel boot parameter on Intel Cascade Lake systems: + ---- # grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT ---- + . Reboot the system: + ---- # reboot ----
Clone Of:
Last Closed: 2020-03-16 11:16:48 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Joe Mario 2019-10-31 19:32:10 UTC
Description of problem:
The RHEL-7.7 and newer anaconda installer mistakenly adds "spectre_v2=retpoline" to Cascade Lake systems.  This can cause a performance slowdown.

I am the source of the this anaconda bug because we gave the anaconda team incomplete information for detecting only Skylake cpus.

BZ 1659626 is only meant for Skylake systems.  That is because on Cascade Lake systems, the spectre_v2 CVE is fixed in hardware.

I specified in BZ 1659626 what cpu FAMILY values to look for to detect Skylake CPUs.  The anaconda change from that BZ worked very well on the intended Skylake systems.  All good so far.

However, then Cascade Lake systems came out as a follow-on to Skylake systems.  Fresh RHEL-7.* installs do not need "spectre_v2=retpoline" added to the kernel command line.

Unfortunately, Cascade Lake uses the same cpu FAMILY ids as Skylake.  As a result anaconda is adding "spectre_v2=retpoline" to Cascade Lake installs.  This prevents letting the cpu do it faster in hardware.

Version-Release number of selected component (if applicable):
This is a bug in the RHEL-7.7 and 7.8 anaconda installer.  It is not a bug in any earlier version of RHEL.  It's not applicable to RHEL-8.

To reproduce this:
1) Do a fresh install of RHEL-7.8 or 7.8 on a Cascade Lake system.
2) Look at /proc/cmdline.  The presence of "spectre_v2=retpoline" will be there.  It should not.  It only should be there for Skylake systems.

Additional info:
Per BZ 1659626, the suggested fix is as follows:

Cpus after Skylake have a hardware flag called ibrs_enhanced, which means spectre_v2 is fixed in hardware.

The installer can look at the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file for the string: "Enhanced IBRS".  If that string exists, then the cpu is a Cascade Lake cpu and there is no need to add anything to the kernel boot line.

Instead of the current logic to detect Skylake cpus, which is:
   if (the cpu FAMILY is a SKYLAKE family cpu)
       then add "spectre_v2=retpoline" flag

Change it to only add the flag if it's a Skylake cpu and if "Enhanced IBRS" exists in the spectre_v2 vulnerabilities file:
   if (the cpu FAMILY is a SKYLAKE family cpu && 
      !strstr(str, "Enhanced IBRS"))
       add "spectre_v2=retpoline" flag

Comment 1 Joe Mario 2020-03-10 15:36:17 UTC
Just curious if there's any update on this BZ?
It would help us understand what to tell customers.

Thank you.
Joe Mario

Comment 5 Joe Mario 2020-03-13 15:38:23 UTC
Hi Jan:
Your suggested text looks good to me.
Thank you.

Comment 14 Jan Stodola 2020-03-16 11:16:48 UTC
This bug won't be fixed and it's recommended to remove the "spectre_v2=retpoline" kernel parameter manually on Intel Cascade Lake systems:

# grubby --remove-args="spectre_v2=retpoline" --update-kernel=DEFAULT
# reboot

Note You need to log in before you can comment on or make changes to this bug.