This bug was fixed before the affected kernel was released and,
therefore, it never affected a publicly released kernel.
** Changed in: linux (Ubuntu)
Status: Triaged => Fix Released
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1772128
Title:
[REGRESSION] linux 4.4.0-126.152 disables speculation control when
running under a hypervisor
Status in linux package in Ubuntu:
Fix Released
Bug description:
The Xenial kernel 4.4.0-126.152, which is to be released on 5/21,
introduced a regression that disables speculation control when running
under a hypervisor such as QEMU.
The problem is caused by pulling in the following upstream commit:
a5b296636453 ("x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early
Spectre v2 microcodes")
The following upstream commit is needed to fix the bug:
36268223c1e9 ("x86/spectre_v2: Don't check microcode versions when
running under hypervisors")
However, the following fixes are also likely needed:
e3b3121fa8da ("x86/speculation: Remove Skylake C2 from Speculation Control
microcode blacklist")
d37fc6d360a4 ("x86/speculation: Correct Speculation Control microcode
blacklist again")
1751342095f0 ("x86/speculation: Update Speculation Control microcode
blacklist")
With the required accuracy in maintaining such a list and considering
that we don't have the blacklist in the artful or trusty backports, I
wonder if it is better to just remove the original offending commit so
that we don't have a blacklist.
To reproduce, you need to configure libvirt to use CPU passthrough and your
CPU needs to be one that matches the family and stepping in the blacklist from
commit a5b296636453. See the attached domain xml for an example libvirt xml
file.
The host can be any Ubuntu release running one of the kernels to be
released on 5/21. The guest needs to be running 4.4.0-126.152. Boot
the guest and run the following command:
$ dmesg | grep -i specul
[ 0.000000] Intel Spectre v2 broken microcode detected; disabling
Speculation Control
[ 0.024568] Spectre V2 : Speculation control IBPB not-supported IBRS
not-supported
[ 0.024570] Speculative Store Bypass: Vulnerable
The first line is the problem. Broken microcode is detected because
the guest kernel always sees 0x1 as the microcode revision (you can
see this by running 'grep ^microcode /proc/cpuinfo' in the guest).
Here's the desired output, which is seen when booting the guest with
4.4.0-124.148 (it is missing the Speculative Store Bypass message
because it doesn't contain SSB mitigation):
$ dmesg | grep -i specul
[ 0.066675] Spectre V2 mitigation: Speculation control IBPB supported IBRS
supported
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1772128/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
