[Kernel-packages] [Bug 1772146] Re: Xenial 4.4.0-126.152 does not properly virtualize cpuid, resulting in disabled SSBD

Mon, 21 May 2018 18:06:18 -0700 

This bug was fixed before the affected kernel was released and,
therefore, it never affected a publicly released kernel.

** Changed in: linux (Ubuntu)
       Status: Confirmed => Fix Released

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1772146

Title:
  Xenial 4.4.0-126.152 does not properly virtualize cpuid, resulting in
  disabled SSBD

Status in linux package in Ubuntu:
  Fix Released

Bug description:
  The Xenial (4.4.0-126.152) kernel, which is to be released on 5/21,
  does not properly handle the cpuid opcode for KVM guests. This causes
  the guest kernel to incorrectly assume that the Speculative Storage
  Bypass Disable (SSBD) feature (needed for CVE-2018-3639) is not
  supported and, therefore, causes it to be unusable in a KVM guest.

  From the host environment (running 4.4.0-126.152):

   $ cpuid -1r | grep '^   0x00000007'
      0x00000007 0x00: eax=0x00000000 ebx=0x000037ab ecx=0x00000000 
edx=0x9c000000

  When the most significant bit (bit 31) of edx is set, that indicates
  that SSBD is available.

  Running the same command in the guest shows that the bit is not set:

   $ cpuid -1r | grep '^   0x00000007'
      0x00000007 0x00: eax=0x00000000 ebx=0x000007ab ecx=0x00000000 
edx=0x00000000

  Therefore, we see this message in the guest's dmesg output:

   $ dmesg | grep Speculative
   [    0.008000] Speculative Store Bypass: Vulnerable

  We also see this in the guest:

   $ cat /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
   Vulnerable

  I don't yet see what's causing this bug when the Xenial 4.4 kernel is
  used in the host. It does not occur when the Trusty 3.13, Artful 4.13,
  Bionic 4.15 kernels are used in the host.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1772146/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to