fix(vmm): Pass through IA32_ARCH_CAPABILITIES.{RSBA,RRSBA} with T2CL

We updated the fingerprint files in PR firecracker-microvm#3813, since Intel microcode release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA (bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already in place which is eIBRS. Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests should not get impacted by this change. However, it has a role to inform softwares whether the part has the RRSBA behavior. The T2CL template has set the RRSBA bit to 0 explicitly before, but this commit changes to pass through the bit from the host so that guest kernels and applications can know that the processor has the RRSBA behavior. The reason why it passes through the bit from the host opposed to the T2S template is that the T2CL template is not designed to allow snapshot migration between different CPU models. In addition to the RRSBA bit, this comit also changes to pass through the RSBA bit, as it is safer to let guest know these informative bits of the host CPU than to overwrite them with templates. Signed-off-by: Takahiro Itazuri <[email protected]>
bigquin99 · Jul 3, 2023 · d9cec89 · d9cec89
1 parent 40f1498
commit d9cec89
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -34,6 +34,9 @@
 - Fixed passing through cache information from host in CPUID leaf 0x80000006.
 - Fixed the T2S CPU template to set the RRSBA bit of the IA32_ARCH_CAPABILITIES
   MSR to 1 in accordance with an Intel microcode update.
+- Fixed the T2CL CPU template to pass through the RSBA and RRSBA bits of the
+  IA32_ARCH_CAPABILITIES MSR from the host in accordance with an Intel microcode
+  update.
 
 ## [1.3.0]
 

diff --git a/resources/tests/static_cpu_templates/t2cl.json b/resources/tests/static_cpu_templates/t2cl.json
@@ -90,7 +90,7 @@
   "msr_modifiers": [
     {
       "addr": "0x10a",
-      "bitmap": "0b0000000000000000000000000000000000000000000000000000000011101011"
+      "bitmap": "0b00000000000000000000000000000000000000000000x0000000000011101x11"
     }
   ]
 }
diff --git a/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2cl.rs b/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2cl.rs
@@ -243,6 +243,8 @@ pub fn t2cl() -> CustomCpuTemplate {
             // - Bit 00: RDCL_NO (Intel SDM) / Reserved (AMD APM)
             // - Bit 01: IBRS_ALL (Intel SDM) / Reserved (AMD APM)
             // - Bit 02: RSBA (Intel SDM) / Reserved (AMD APM)
+            //   This bit is passed-through intentionally.
+            //   See https://github.com/firecracker-microvm/firecracker/pull/3907
             // - Bit 03: SKIP_L1DFL_VMENTRY (Intel SDM) / Reserved (AMD APM)
             // - Bit 04: SSB_NO (Intel SDM) / Reserved (AMD APM)
             // - Bit 05: MDS_NO (Intel SDM) / Reserved (AMD APM)
@@ -260,6 +262,8 @@ pub fn t2cl() -> CustomCpuTemplate {
             // - Bit 17: FB_CLEAR (Intel SDM) / Reserved (AMD APM)
             // - Bit 18: FB_CLEAR_CTRL (Intel SDM) / Reserved (AMD APM)
             // - Bit 19: RRSBA (Intel SDM) / Reserved (AMD APM)
+            //   This is bit passed-through intentionally.
+            //   See https://github.com/firecracker-microvm/firecracker/pull/3907
             // - Bit 20: BHI_NO (Intel SDM) / Reserved (AMD APM)
             // - Bit 21: XAPIC_DISABLE_STATUS (Intel SDM) / Reserved (AMD APM)
             // - Bit 22: Reserved (Intel SDM) / Reserved (AMD APM)
@@ -269,7 +273,7 @@ pub fn t2cl() -> CustomCpuTemplate {
             RegisterModifier {
                 addr: 0x10a,
                 bitmap: RegisterValueFilter {
-                    filter: 0b1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111,
+                    filter: 0b1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_1111_0111_1111_1111_1111_1011,
                     value: 0b0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_0000_1110_1011,
                 },
             },

diff --git a/tests/integration_tests/functional/test_feat_parity.py b/tests/integration_tests/functional/test_feat_parity.py
@@ -249,6 +249,8 @@ def test_feat_parity_msr_arch_cap(vm):
             (1 << 6) | # IF_PSCHANGE_MC_NO
             (1 << 7) # TSX_CTRL
         )
+        if global_props.cpu_codename == "INTEL_CASCADELAKE":
+            expected |= (1 << 19) # RRSBA
         # fmt: on
         assert actual == expected, f"{actual=:#x} != {expected=:#x}"
     elif cpu_template == "T2A":