Ubuntu
qemu package

Add missing cpu feature bits in EPYC-Rome model

Bug #1921754 reported by Markus Schade
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Groovy
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned
qemu (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Groovy
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

 * IBRS was forgotten in the initial Rome type definitions.
   On one hand that makes the feature non exposed/controllable and on the
   other it can lead to crashes like bug 1915063

 * backport changes to teach:
   - qemu about the IBRS feature existing in Rome chips and making it the
     new default (-v2 and unspecified) type
   - libvirt about the IBRS feature existign for that CPU

[Test Plan]

 * First of all we'll (and have in advance) run general regression tests

 * Qemu should list the new type (and the old one)
   # qemu-system-x86_64 -cpu ? | grep EPYC-Rome
     x86 EPYC-Rome (alias configured by machine type)
     x86 EPYC-Rome-v1 AMD EPYC-Rome Processor
     x86 EPYC-Rome-v2 AMD EPYC-Rome Processor

 * Libvirt with the fix has the ability to control ibrs for Rome chips.
   For example on a post Naples Epyc chip this is what host-model expands
   (in my example) to - the exact list depends on your chip:

  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>EPYC-Rome</model>
    <vendor>AMD</vendor>
    <feature policy='require' name='pcid'/>
    <feature policy='require' name='x2apic'/>
    <feature policy='require' name='tsc-deadline'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='require' name='tsc_adjust'/>
    <feature policy='require' name='erms'/>
    <feature policy='require' name='invpcid'/>
    <feature policy='require' name='pku'/>
    <feature policy='require' name='vaes'/>
    <feature policy='require' name='vpclmulqdq'/>
    <feature policy='require' name='fsrm'/>
    <feature policy='require' name='spec-ctrl'/>
    <feature policy='require' name='stibp'/>
    <feature policy='require' name='arch-capabilities'/>
    <feature policy='require' name='ssbd'/>
    <feature policy='require' name='xsaves'/>
    <feature policy='require' name='cmp_legacy'/>
    <feature policy='require' name='amd-ssbd'/>
    <feature policy='require' name='virt-ssbd'/>
    <feature policy='require' name='rdctl-no'/>
    <feature policy='require' name='skip-l1dfl-vmentry'/>
    <feature policy='require' name='mds-no'/>
    <feature policy='require' name='pschange-mc-no'/>
    <feature policy='require' name='topoext'/>
  </cpu>

   Neither the named type nor the added features define IBRS

   Even if one manually adds
    <feature policy='require' name='ibrs'/>
   You'd get
    error: unsupported configuration: unknown CPU feature: ibrs

   With the fixes in place libvirt knows what bit to check and qemu can
   (on the new v2) control that flag.

   The above does no more return an error with the fix

[Where problems could occur]

 * There are two areas to look at
   a) compat behavior on old systems - e.g. libvirt would now detect IBRS
      on such AMD chips and one might wonder about the change.
      E.g. compatibility would exist between old-code/new-code/old->new
      code; but any action (e.g. suspend resume) from new to old code
      might run into trouble (not supported that way but worth to mention
      for awareness)
   b) Migrations between systems - this should be covered by chip
      versioning but still is worth to mention. Versioning will recognize
      a formerly started system as v1 and continue to handle it that way.
      Only new started guests would become v2 and behave the new and
      improved way.

[Other Info]

 * n/a

---

The EPYC-Rome model is missing the IBRS and SSBD flags due to an oversight

https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07378.html

They have been added as a EPYC-Rome-v2 in

https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg01020.html

This patch depends on the IBRS and AMD SSBD definitions that were added as part of the EPYC-Milan patch:

https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg03370.html

diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 8d599bb5b8..888c3a59e2 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -816,8 +816,12 @@ typedef uint64_t FeatureWordArray[FEATURE_WORDS];
 #define CPUID_8000_0008_EBX_WBNOINVD (1U << 9)
 /* Indirect Branch Prediction Barrier */
 #define CPUID_8000_0008_EBX_IBPB (1U << 12)
+/* Indirect Branch Restricted Speculation */
+#define CPUID_8000_0008_EBX_IBRS (1U << 14)
 /* Single Thread Indirect Branch Predictors */
 #define CPUID_8000_0008_EBX_STIBP (1U << 15)
+/* Speculative Store Bypass Disable */
+#define CPUID_8000_0008_EBX_AMD_SSBD (1U << 24)

See original description

Related branches

~paelzer/ubuntu/+source/libvirt:lp-1921880-1921754-amd-epyc-1922907-stepping-parsing-HIRSUTE
Robie Basak: Approve
Canonical Server: Pending requested
git-ubuntu developers: Pending requested
Diff: 423 lines (+371/-0)
8 files modified
debian/changelog (+10/-0)
debian/patches/series (+6/-0)
debian/patches/ubuntu/lp-1921754-cpumap-Add-support-for-ibrs-CPU-feature.patch (+59/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Add-EPYC-Milan-x86-CPU-model.patch (+136/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Fix-spelling-of-svme-addr-chk-feature.patch (+63/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Install-x86_EPYC-Milan.xml.patch (+31/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-sync_qemu_i386.py-Add-mapping-for-svme-addr-.patch (+33/-0)
debian/patches/ubuntu/lp-1921880-cpumap-Add-support-for-svme-addr-check-CPU-feature.patch (+33/-0)
~paelzer/ubuntu/+source/qemu:lp-1921880-1921754-amd-epyc-HIRSUTE
Robie Basak: Approve
Canonical Server: Pending requested
git-ubuntu developers: Pending requested
Diff: 380 lines (+346/-0)
5 files modified
debian/changelog (+10/-0)
debian/patches/series (+3/-0)
debian/patches/ubuntu/lp-1921754-Add-missing-cpu-feature-bits-in-EPYC-Rome-model.patch (+46/-0)
debian/patches/ubuntu/lp-1921880-i386-Add-the-support-for-AMD-EPYC-3rd-generation-pro.patch (+204/-0)
debian/patches/ubuntu/lp-1921880-x86-cpu-Populate-SVM-CPUID-feature-bits.patch (+83/-0)
~paelzer/ubuntu/+source/libvirt:lp-1921880-1921754-amd-epyc-1922907-stepping-parsing-GROOVY
Robie Basak: Approve (sru)
Canonical Server: Pending requested
git-ubuntu developers: Pending requested
Diff: 452 lines (+400/-0)
8 files modified
debian/changelog (+10/-0)
debian/patches/series (+6/-0)
debian/patches/ubuntu/lp-1921754-cpumap-Add-support-for-ibrs-CPU-feature.patch (+59/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Add-EPYC-Milan-x86-CPU-model.patch (+129/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Add-support-for-fsrm-CPU-feature.patch (+73/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Fix-spelling-of-svme-addr-chk-feature.patch (+51/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Install-x86_EPYC-Milan.xml.patch (+39/-0)
debian/patches/ubuntu/lp-1921880-cpumap-Add-support-for-svme-addr-check-CPU-feature.patch (+33/-0)
~paelzer/ubuntu/+source/qemu:lp-1921880-1921754-amd-epyc-GROOVY
Robie Basak: Approve (sru)
Canonical Server: Pending requested
git-ubuntu developers: Pending requested
Diff: 428 lines (+388/-0)
6 files modified
debian/changelog (+10/-0)
debian/patches/series (+4/-0)
debian/patches/ubuntu/lp-1921754-Add-missing-cpu-feature-bits-in-EPYC-Rome-model.patch (+45/-0)
debian/patches/ubuntu/lp-1921880-i386-Add-the-support-for-AMD-EPYC-3rd-generation-pro.patch (+198/-0)
debian/patches/ubuntu/lp-1921880-target-i386-add-fast-short-REP-MOV-support.patch (+48/-0)
debian/patches/ubuntu/lp-1921880-x86-cpu-Populate-SVM-CPUID-feature-bits.patch (+83/-0)
~paelzer/ubuntu/+source/qemu:lp-1921880-1921754-amd-epyc-FOCAL
Robie Basak: Approve (sru)
Canonical Server: Pending requested
git-ubuntu developers: Pending requested
Diff: 435 lines (+395/-0)
6 files modified
debian/changelog (+10/-0)
debian/patches/series (+4/-0)
debian/patches/ubuntu/lp-1921754-Add-missing-cpu-feature-bits-in-EPYC-Rome-model.patch (+46/-0)
debian/patches/ubuntu/lp-1921880-i386-Add-the-support-for-AMD-EPYC-3rd-generation-pro.patch (+204/-0)
debian/patches/ubuntu/lp-1921880-target-i386-add-fast-short-REP-MOV-support.patch (+48/-0)
debian/patches/ubuntu/lp-1921880-x86-cpu-Populate-SVM-CPUID-feature-bits.patch (+83/-0)
~paelzer/ubuntu/+source/libvirt:lp-1921880-1921754-amd-epyc-1922907-stepping-parsing-FOCAL
Robie Basak: Approve (sru)
Canonical Server: Pending requested
git-ubuntu developers: Pending requested
Diff: 7404 lines (+7112/-0)
48 files modified
debian/changelog (+12/-0)
debian/patches/series (+46/-0)
debian/patches/ubuntu/lp-1921754-cpumap-Add-support-for-ibrs-CPU-feature.patch (+59/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Add-EPYC-Milan-x86-CPU-model.patch (+129/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Add-support-for-fsrm-CPU-feature.patch (+73/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Fix-spelling-of-svme-addr-chk-feature.patch (+51/-0)
debian/patches/ubuntu/lp-1921880-cpu_map-Install-x86_EPYC-Milan.xml.patch (+39/-0)
debian/patches/ubuntu/lp-1921880-cpumap-Add-support-for-svme-addr-check-CPU-feature.patch (+33/-0)
debian/patches/ubuntu/lp-1922907-cleanup-test-data.patch (+28/-0)
debian/patches/ubuntu/lp-1922907-cpu_map-Distinguish-Cascadelake-Server-from-Skylake-.patch (+151/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Add-support-for-stepping-part-of-CPU-signatu.patch (+180/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Don-t-check-return-value-of-x86ModelCopy.patch (+71/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Drop-noTSX-hint-for-incompatible-CPUs.patch (+99/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Introduce-virCPUx86SignatureFromCPUID.patch (+68/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Introduce-virCPUx86SignaturesFree.patch (+61/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Move-and-rename-x86FormatSignatures.patch (+85/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Move-and-rename-x86ModelCopySignatures.patch (+97/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Move-and-rename-x86ModelHasSignature.patch (+98/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Replace-32b-signatures-in-virCPUx86Model-wit.patch (+317/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86Baseline.patch (+157/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86CheckFeature.patch (+51/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86Compare.patch (+66/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86CopyMigratable.patch (+51/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86DataParse.patch (+84/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86ExpandFeatures.patch (+83/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86GetHost.patch (+68/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86LoadMap.patch (+48/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86Translate.patch (+82/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86Update.patch (+70/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-virCPUx86UpdateLive.patch (+101/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86Compute.patch (+178/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86DataToCPU.patch (+68/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86Decode.patch (+96/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86Encode.patch (+138/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86EncodePolicy.patch (+43/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86FeatureParse.patch (+112/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86ModelFromCPU.patch (+71/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86ModelParse.patch (+77/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86UpdateHostModel.patch (+68/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-g_auto-in-x86VendorParse.patch (+73/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-glib-allocation-for-virCPU-x86-Data.patch (+142/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-glib-allocation-for-virCPUx86Feature.patch (+71/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-glib-allocation-for-virCPUx86Map.patch (+66/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-glib-allocation-for-virCPUx86Model.patch (+100/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-glib-allocation-for-virCPUx86Vendor.patch (+50/-0)
debian/patches/ubuntu/lp-1922907-cpu_x86-Use-glib-allocation-in-virCPUx86GetModels.patch (+49/-0)
debian/patches/ubuntu/lp-1922907-cputest-Add-data-for-Intel-R-Xeon-R-Gold-6130-CPU.patch (+1460/-0)
debian/patches/ubuntu/lp-1922907-cputest-Add-data-for-Intel-R-Xeon-R-Platinum-9242-CP.patch (+1692/-0)
Revision history for this message
Markus Schade (lp-markusschade) wrote :

Libvirt support for IBRS

https://gitlab.com/libvirt/libvirt/-/commit/5c17a7ba41670f3182186c06e621995b5d03fc95.patch

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Markus,
thanks for your (two) reports.
Essentially the same I said in https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1921880/comments/1 applies here as well.

TL;DR: I'll get back with PPA builds if I can get it working and then we need to work together to test and regression check this.

Changed in libvirt (Ubuntu):
status: New → Triaged
Changed in qemu (Ubuntu):
status: New → Triaged
tags: added: server-next
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Sadly https://lists.gnu.org/archive/html/qemu-devel/2021-03/msg01020.html
nor an alternative is merged yet :-/ That is a further inhibitor to pull
this asap :-/

I wonder if we should bump the thread again to get it into v6.0.0 ...
It had a v2 to remove the model-id. But that v2 never landed.
I gave the thread a ping this morning, we will see ...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Furthermore while this isn't a duplicate, but since bug 1921880 and this one
are so closely tied together that I'll keep the discussion on bug 1921880
for now.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Report on giving this a first shot for a Focal backport to experiment with it.
The patches are (as expected) not too messy or non-applicable.

Qemu backporting
 143c30d4 already applied due to bug 1882774
 5cb287d2 noise for missing the less used/requested
    353f98c9 avx512-vp2intersect
    b3c7344e tsx-ldtrk
 5447089c applies as-is
 623972ce applies as-is

Libvirt backporting
 6ea3bb19 already applied due to bug 1887490
 892b7c70 already applied due to bug 1887490
 96a39aad already applied due to bug 1887490
 8c5c660b applies as-is
 5c17a7ba applies as-is
 5ac6ab2f applies as-is
 f321a482 some whitespace damage
 d3de79db neededs to be adapted meson->make
 b5abf9a1 sync_qemu_cpu_i386 didn't exist before v6.10

Started building in:
 https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4524

@Markus - if you could test these as time permits that would be great.
Do whatever you usually do with them, but if - in addition - you could check
what happens on live migrations from old to the upgraded package, that would
be awesome.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

FYI
Out of a different discussion [1] I happened to learn about a kernel side fix [2] which unbreaks this case. It still would help to get the qmeu change landed, but the crashing guest is no more crashing with this.
Therefore I wonder if we should add a kernel task to backport that to the Focal kernel.

That being said, the issue there was a crash if you run SSBD without IBRS, was it a crash as well for you or was it a different symptom?

[1]: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1915063/comments/35
[2]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=841c2be09fe4f495fe5224952a419bd8c7e5b455

Revision history for this message
Markus Schade (lp-markusschade) wrote :

As mentioned in LP#1921880 I get an unchecked MSR access when running a focal guest with the EPYC-Rome model on a Milan CPU, but it did not crash. So if you have access to a P620, which is pretty much a Milan CPU, you should be able to reproduce this. It does not happen, if the guest has just the EPYC model.
Anyway the MSR error got me on the path that this is related to the missing IBRS flag, which after trying it with the patch, the MSR error was gone. So yes, this is related to LP#1915063 and as you already concluded with this backport, it would be resolved as well.

I don't think only the kernel commit will resolve this. I have seen a similar/same MSR error without IBRS on a Fedora 33 guest which has kernel 5.11.x.

So I if I have time, I test the mainline ppa kernel to confirm this.

For reference, this is the MSR error on the focal guest with 5.4.0-70 on both host and guest:

unchecked MSR access error: WRMSR to 0x48 (tried to write 0x0000000000000006) at rIP: 0xffffffff89a73594 (native_write_msr+0x4/0x30)
Call Trace:
 ? __switch_to_xtra+0x1ae/0x5e0
 ? __switch_to_asm+0x34/0x70
 ? __switch_to_asm+0x40/0x70
 ? __switch_to_asm+0x34/0x70
 ? __switch_to_asm+0x40/0x70
 ? __switch_to_asm+0x34/0x70
 __switch_to+0x3b0/0x470
 ? __switch_to_asm+0x40/0x70
 ? __switch_to_asm+0x34/0x70
 __schedule+0x2e3/0x740
 preempt_schedule_common+0x18/0x30
 _cond_resched+0x22/0x30
 stop_one_cpu+0x69/0xa0
 ? sched_ttwu_pending+0xe0/0xe0
 sched_exec+0x92/0xc0
 __do_execve_file.isra.0+0x1fc/0x840
 ? strncpy_from_user+0x4c/0x150
 __x64_sys_execve+0x39/0x50
 do_syscall_64+0x57/0x190
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f31e09ef2fb
Code: 41 89 01 eb da 66 2e 0f 1f 84 00 00 00 00 00 f7 d8 64 41 89 01 eb d6 0f 1f 84 00 00 00 00 00 f3 0f 1e fa b8 3b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 65 4b 10 00 f7 d8 64 89 01 48
RSP: 002b:00007fff1cfd3b48 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
RAX: ffffffffffffffda RBX: 000055713f000370 RCX: 00007f31e09ef2fb
RDX: 000055713f0d5010 RSI: 000055713f069690 RDI: 000055713f006070
RBP: 00007fff1cfd3d50 R08: 000055713f057cd0 R09: 0000000000000000
R10: 000055713efe9980 R11: 0000000000000246 R12: 0000000000000000
R13: 000055713f0d0f50 R14: 0000000000000000 R15: 000055713f069690

Revision history for this message
Markus Schade (lp-markusschade) wrote :

With 5.11.12-051112-generic in the guest error changes to:

unchecked MSR access error: WRMSR to 0xda0 (tried to write 0x0000000000000000) at rIP: 0xffffffff9587fa54 (native_write_msr+0x4/0x30)
Call Trace:
 ? fpu__init_cpu_xstate+0xb8/0xf0
 fpu__init_system_xstate+0x143/0x354
 fpu__init_system+0x6e/0x93
 early_identify_cpu.constprop.0+0x112/0x144
 early_cpu_init+0x77/0x7c
 setup_arch+0xc9/0x8cc
 ? lockdown_lsm_init+0x21/0x25
 start_kernel+0x67/0x4a2
 ? copy_bootdata+0x1d/0x5d
 x86_64_start_reservations+0x24/0x26
 x86_64_start_kernel+0x8b/0x8f
 secondary_startup_64_no_verify+0xc2/0xcb

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Now the change was upstream applied and will be in v6.0.0

commit cdeaed27782835a875df7365d56d69dbe7250481
Author: Babu Moger <email address hidden>
Date: Wed Mar 3 09:45:30 2021 -0600

    i386: Add missing cpu feature bits in EPYC-Rome model

Christian Ehrhardt  (paelzer)
Changed in qemu (Ubuntu Groovy):
status: New → Triaged
Changed in libvirt (Ubuntu Groovy):
status: New → Triaged
Changed in qemu (Ubuntu Focal):
status: New → Triaged
Changed in libvirt (Ubuntu Focal):
status: New → Triaged
Christian Ehrhardt  (paelzer)
description: updated
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Markus, or anyone else affected,

Accepted libvirt into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libvirt/7.0.0-2ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in libvirt (Ubuntu Hirsute):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-hirsute
Changed in qemu (Ubuntu Hirsute):
status: Triaged → Fix Committed
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Markus, or anyone else affected,

Accepted qemu into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qemu/1:5.2+dfsg-9ubuntu3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Markus Schade (lp-markusschade) wrote :

Before testing with linux 5.11.0-16-generic, qemu 1:5.2+dfsg-9ubuntu2, libvirt 7.0.0-2ubuntu1:

# virsh domcapabilities |grep Milan
# qemu-system-x86_64 -cpu ? | grep Rome
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor

After installing proposed for qemu/libvirt:

# virsh domcapabilities
    <mode name='host-model' supported='yes'>
      <model fallback='forbid'>EPYC-Milan</model>
      <vendor>AMD</vendor>
      <feature policy='require' name='x2apic'/>
      <feature policy='require' name='tsc-deadline'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='vaes'/>
      <feature policy='require' name='vpclmulqdq'/>
      <feature policy='require' name='spec-ctrl'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' name='ssbd'/>
      <feature policy='require' name='cmp_legacy'/>
      <feature policy='require' name='invtsc'/>
      <feature policy='require' name='virt-ssbd'/>
      <feature policy='require' name='rdctl-no'/>
      <feature policy='require' name='skip-l1dfl-vmentry'/>
      <feature policy='require' name='mds-no'/>
      <feature policy='require' name='pschange-mc-no'/>
      <feature policy='disable' name='svme-addr-chk'/>
    </mode>

# qemu-system-x86_64 -cpu ? | grep Rome
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor
x86 EPYC-Rome-v2 AMD EPYC-Rome Processor

Starting focal instance with:

  <cpu mode='custom' match='exact' check='partial'>
    <model fallback='allow'>EPYC-Rome</model>
    <topology sockets='1' dies='1' cores='1' threads='2'/>
    <feature policy='require' name='amd-ssbd'/>
    <feature policy='require' name='ibrs'/>
  </cpu>

# grep -P 'ssbd|ibrs' /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_freq pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm cmp_legacy svm cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw topoext perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves clzero xsaveerptr wbnoinvd arat npt nrip_save umip rdpid

Markus Schade (lp-markusschade)
tags: added: verification-done-hirsute
removed: verification-needed-hirsute
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Old
ii libvirt-daemon-system 7.0.0-2ubuntu1 amd64 Libvirt daemon configuration files
ii qemu-system-x86 1:5.2+dfsg-9ubuntu2 amd64 QEMU full system emulation binaries (x86)
New
ii libvirt-daemon-system 7.0.0-2ubuntu2 amd64 Libvirt daemon configuration files
ii qemu-system-x86 1:5.2+dfsg-9ubuntu3 amd64 QEMU full system emulation binaries (x86)

1. regression tests ran and found now new issues triggered by this change
2. qemu types shows v2
ubuntu@riccioli:~$ qemu-system-x86_64 -cpu ? | grep EPYC-Rome
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor
x86 EPYC-Rome-v2 AMD EPYC-Rome Processor
3. Libvirt with the fix has the ability to control ibrs for Rome chips.
    <feature policy='require' name='ibrs'/>
   works now.

Thereby confirming Markus report - thanks a lot for your ongoing activity and support Markus!

tags: added: verification-done
removed: verification-needed
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

As per our IRC discussion, I will be releasing those early, without the required SRU aging period. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:5.2+dfsg-9ubuntu3

---------------
qemu (1:5.2+dfsg-9ubuntu3) hirsute; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200

Changed in qemu (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for qemu has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 7.0.0-2ubuntu2

---------------
libvirt (7.0.0-2ubuntu2) hirsute; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200

Changed in libvirt (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks Lukasz!
Thereby Hirsute completed - now I've uploaded the (more usual SRUs) for Groovy & Focal for review by the SRU Team.

Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Markus, or anyone else affected,

Accepted qemu into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qemu/1:5.0-5ubuntu9.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in qemu (Ubuntu Groovy):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-groovy
removed: verification-done
Changed in qemu (Ubuntu Focal):
status: Triaged → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Robie Basak (racb) wrote :

Hello Markus, or anyone else affected,

Accepted qemu into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.16 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in libvirt (Ubuntu Groovy):
status: Triaged → Fix Committed
Revision history for this message
Robie Basak (racb) wrote :

Hello Markus, or anyone else affected,

Accepted libvirt into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libvirt/6.6.0-1ubuntu3.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in libvirt (Ubuntu Focal):
status: Triaged → Fix Committed
Revision history for this message
Robie Basak (racb) wrote :

Hello Markus, or anyone else affected,

Accepted libvirt into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libvirt/6.0.0-0ubuntu8.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Markus Schade (lp-markusschade) wrote :
Download full text (4.0 KiB)

Old:
qemu 1:4.2-3ubuntu6.15, libvirt 6.0.0-0ubuntu8.8

# qemu-system-x86_64 -cpu ? | grep Rome
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor

# virsh domcapabilities
    <mode name='host-model' supported='yes'>
      <model fallback='forbid'>EPYC-Rome</model>
      <vendor>AMD</vendor>
      <feature policy='require' name='x2apic'/>
      <feature policy='require' name='tsc-deadline'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='spec-ctrl'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' name='ssbd'/>
      <feature policy='require' name='xsaves'/>
      <feature policy='require' name='cmp_legacy'/>
      <feature policy='require' name='invtsc'/>
      <feature policy='require' name='amd-ssbd'/>
      <feature policy='require' name='virt-ssbd'/>
      <feature policy='require' name='rdctl-no'/>
      <feature policy='require' name='skip-l1dfl-vmentry'/>
      <feature policy='require' name='mds-no'/>
      <feature policy='require' name='pschange-mc-no'/>
    </mode>

New:
# qemu-system-x86_64 -cpu ? | grep Rome
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor
x86 EPYC-Rome-v2 AMD EPYC-Rome Processor

# virsh domcapabilities
    <mode name='host-model' supported='yes'>
      <model fallback='forbid'>EPYC-Rome</model>
      <vendor>AMD</vendor>
      <feature policy='require' name='x2apic'/>
      <feature policy='require' name='tsc-deadline'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='spec-ctrl'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' name='ssbd'/>
      <feature policy='require' name='xsaves'/>
      <feature policy='require' name='cmp_legacy'/>
      <feature policy='require' name='invtsc'/>
      <feature policy='require' name='ibrs'/>
      <feature policy='require' name='amd-ssbd'/>
      <feature policy='require' name='virt-ssbd'/>
      <feature policy='require' name='rdctl-no'/>
      <feature policy='require' name='skip-l1dfl-vmentry'/>
      <feature policy='require' name='mds-no'/>
      <feature policy='require' name='pschange-mc-no'/>
    </mode>

Instance with ibrs flag can now be run

processor : 0
vendor_id : AuthenticAMD
cpu family : 23
model : 49
model name : AMD EPYC-Rome Processor
stepping : 0
microcode : 0x1000065
cpu MHz : 2495.312
cache size : 512 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt...

Read more...

tags: added: verification-done-focal
removed: verification-needed-focal
Revision history for this message
Markus Schade (lp-markusschade) wrote :
Download full text (3.7 KiB)

focal: qemu 1:4.2-3ubuntu6.15, libvirt 6.0.0-0ubuntu8.8

# qemu-system-x86_64 -cpu ? | grep EPYC
x86 EPYC (alias configured by machine type)
x86 EPYC-IBPB (alias of EPYC-v2)
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor
x86 EPYC-v1 AMD EPYC Processor
x86 EPYC-v2 AMD EPYC Processor (with IBPB)
x86 EPYC-v3 AMD EPYC Processor

# virsh domcapabilities
    <mode name='host-model' supported='yes'>
      <model fallback='forbid'>EPYC-Rome</model>
      <vendor>AMD</vendor>
      <feature policy='require' name='pcid'/>
      <feature policy='require' name='x2apic'/>
      <feature policy='require' name='tsc-deadline'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='erms'/>
      <feature policy='require' name='vaes'/>
      <feature policy='require' name='vpclmulqdq'/>
      <feature policy='require' name='spec-ctrl'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' name='ssbd'/>
      <feature policy='require' name='xsaves'/>
      <feature policy='require' name='cmp_legacy'/>
      <feature policy='require' name='invtsc'/>
      <feature policy='require' name='amd-ssbd'/>
      <feature policy='require' name='virt-ssbd'/>
      <feature policy='require' name='rdctl-no'/>
      <feature policy='require' name='skip-l1dfl-vmentry'/>
      <feature policy='require' name='mds-no'/>
      <feature policy='require' name='pschange-mc-no'/>
    </mode>

After:

# qemu-system-x86_64 -cpu ? | grep EPYC
x86 EPYC (alias configured by machine type)
x86 EPYC-IBPB (alias of EPYC-v2)
x86 EPYC-Milan (alias configured by machine type)
x86 EPYC-Milan-v1 AMD EPYC-Milan Processor
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor
x86 EPYC-Rome-v2 AMD EPYC-Rome Processor
x86 EPYC-v1 AMD EPYC Processor
x86 EPYC-v2 AMD EPYC Processor (with IBPB)
x86 EPYC-v3 AMD EPYC Processor

    <mode name='host-model' supported='yes'>
      <model fallback='forbid'>EPYC-Milan</model>
      <vendor>AMD</vendor>
      <feature policy='require' name='x2apic'/>
      <feature policy='require' name='tsc-deadline'/>
      <feature policy='require' name='hypervisor'/>
      <feature policy='require' name='tsc_adjust'/>
      <feature policy='require' name='vaes'/>
      <feature policy='require' name='vpclmulqdq'/>
      <feature policy='require' name='spec-ctrl'/>
      <feature policy='require' name='stibp'/>
      <feature policy='require' name='arch-capabilities'/>
      <feature policy='require' ...

Read more...

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Thanks Markus.
Also testing groovy here ...

Before:
++-=====================-================-============-=========================================
ii libvirt-daemon-system 6.6.0-1ubuntu3.4 amd64 Libvirt daemon configuration files
ii qemu-system-x86 1:5.0-5ubuntu9.7 amd64 QEMU full system emulation binaries (x86)

$ qemu-system-x86_64 -cpu ? | grep EPYC-Rome
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor

After
+++-=====================-================-============-=========================================
ii libvirt-daemon-system 6.6.0-1ubuntu3.5 amd64 Libvirt daemon configuration files
ii qemu-system-x86 1:5.0-5ubuntu9.8 amd64 QEMU full system emulation binaries (x86)

$ qemu-system-x86_64 -cpu ? | grep EPYC-Rome
x86 EPYC-Rome (alias configured by machine type)
x86 EPYC-Rome-v1 AMD EPYC-Rome Processor
x86 EPYC-Rome-v2 AMD EPYC-Rome Processor

Guest with Rome can now control IBRS, both following cpu definitions worked.

  <cpu mode='custom' match='exact' check='partial'>
    <model fallback='forbid'>EPYC-Rome</model>
    <vendor>AMD</vendor>
    <feature policy='require' name='ibrs'/>
  </cpu>

  <cpu mode='custom' match='exact' check='partial'>
    <model fallback='forbid'>EPYC-Rome</model>
    <vendor>AMD</vendor>
    <feature policy='disable' name='ibrs'/>
  </cpu>

Regression tests are still running (on proposed this time), I'll mark it overall verified once those completed as well.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The regression tests are good as well with the only hiccups being the known postcopy-after-precopy denial and a known bug in hirsute guest kernels on s390x. Nothing new introduced by the changes as far as I can see.

prep (x86_64) : Pass 20 F/S/N 0/0/0 - RC 0 (10 min 38961 lin)
migrate (x86_64) : Pass 720 F/S/N 36/0/0 - RC 36 (444 min 776248 lin)
cross (x86_64) : Pass 46 F/S/N 0/0/1 - RC 0 (53 min 72466 lin)
misc (x86_64) : Pass 219 F/S/N 0/0/0 - RC 0 (87 min 120975 lin)

prep (s390x) : Pass 20 F/S/N 0/0/0 - RC 0 (10 min 26102 lin)
migrate (s390x) : Pass 718 F/S/N 22/16/0 - RC 22 (501 min 582924 lin)
cross (s390x) : Pass 46 F/S/N 0/0/1 - RC 0 (42 min 66256 lin)
misc (s390x) : Pass 199 F/S/N 2/0/0 - RC 2 (74 min 95916 lin)

tags: added: verification-done verification-done-groovy
removed: verification-needed verification-needed-groovy
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 6.6.0-1ubuntu3.5

---------------
libvirt (6.6.0-1ubuntu3.5) groovy; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200

Changed in libvirt (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:5.0-5ubuntu9.8

---------------
qemu (1:5.0-5ubuntu9.8) groovy; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200

Changed in qemu (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qemu - 1:4.2-3ubuntu6.16

---------------
qemu (1:4.2-3ubuntu6.16) focal; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper chips
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 11:58:29 +0200

Changed in qemu (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 6.0.0-0ubuntu8.9

---------------
libvirt (6.0.0-0ubuntu8.9) focal; urgency=medium

  * d/p/u/lp-1921754*: add EPYC-Rome-v2 as v1 missed IBRS and thereby fails
    on some HW/Guest combinations e.g. Windows 10 on Threadripper
    (LP: #1921754)
  * d/p/u/lp-1921880*: add EPYC-Milan features and named cpu type support
    (LP: #1921880)
  * d/p/u/lp-1922907: add ability to parse cpu stepping and thereby correctly
    differentiate skylake and cascadelake chips (LP: #1922907)

 -- Christian Ehrhardt <email address hidden> Wed, 07 Apr 2021 13:33:46 +0200

Changed in libvirt (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Sven Kieske (s-kieske) wrote :

this does seem to affect ubuntu 18.04 (bionic beaver) as well, meaning it's not possible to host guest vms with the IBRS Security Flag:

qemu-system-x86_64 -cpu ? | grep EPYC-Rome

is empty

dpkg -l qemu-system
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=====================================================-===============================-===============================-===============================================================================================================
ii qemu-system 1:4.0+dfsg-0ubuntu9.8

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi Sven,
as tom said on IRC - to some extend it is that Bionic didn't have a Rome chip definition yet, so the changes to add it to Rome do not 100% make sense there.

You have as part of similar fixes there already:
1. all kind of intel chips which were faster to provide that for 2.11 (in the stable tree of qemu)

root@b:~# qemu-system-x86_64 -cpu ? | grep -i ibrs
x86 Broadwell-IBRS Intel Core Processor (Broadwell, IBRS)
x86 Broadwell-noTSX-IBRS Intel Core Processor (Broadwell, no TSX, IBRS)
x86 Haswell-IBRS Intel Core Processor (Haswell, IBRS)
x86 Haswell-noTSX-IBRS Intel Core Processor (Haswell, no TSX, IBRS)
x86 IvyBridge-IBRS Intel Xeon E3-12xx v2 (Ivy Bridge, IBRS)
x86 Nehalem-IBRS Intel Core i7 9xx (Nehalem Core i7, IBRS update)
x86 SandyBridge-IBRS Intel Xeon E312xx (Sandy Bridge, IBRS update)
x86 Skylake-Client-IBRS Intel Core Processor (Skylake, IBRS)
x86 Skylake-Server-IBRS Intel Xeon Processor (Skylake, IBRS)
x86 Westmere-IBRS Westmere E56xx/L56xx/X56xx (IBRS update)

2. a generic EPYC chip which got what AMD first pushed for that was IBPB (mind all the characters - not the same)

root@b:~# qemu-system-x86_64 -cpu ? | grep -i epy
x86 EPYC-IBPB AMD EPYC Processor (with IBPB)
x86 EPYC AMD EPYC Processor

I rechecked if e.g. upstream stable of 2.11 since then changed things, but there is nothing in this regard. Nor did I see (in a very quick not thorough check) anyone else backporting it that far.

So you might say "can't I use shiny new chips and all of their feature with Bionic :-/", but for some applications stacks this is a common issue (the balance between stability vs staying new). And for those there often is a way between the obvious first recommendation "use a newer LTS and you get the newer bits" in the form of https://wiki.ubuntu.com/OpenStack/CloudArchive or https://launchpad.net/~canonical-server/+archive/ubuntu/server-backports that allow you to get some newer stacks for older LTSes.

Back then when this bug came up these patches did neither make sense nor where in any way applicable to Bionic, one could take some more time to deeply re-evaluate this, but as I said above there are options already ...; I'm tempted to say that this should be spawned into a separate bug then to keep this one as-is reflecting only the efforts of the past.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.