fix(vmm): Set IA32_ARCH_CAPABILITIES.RRSBA to 1 with T2S

zulinx86 · roypat · commit 13963c2e9daa · 2023-07-07T09:57:25.000Z
We updated the fingerprint files in PR #3813, since Intel microcode release (microcode-20230512) changed to set IA32_ARCH_CAPABILITIES.RRSBA (bit 19) to 1 on Intel CascadeLake CPU. The mitigation itself is already in place which is eIBRS. Since the kernel enables eIBRS by default using SPECTRE_V2_EIBRS mode regardless of the IA32_ARCH_CAPABILITIES.RRSBA bit, hosts and guests should not get impacted by this change. However, it has a role to inform softwares whether the part has the RRSBA behavior. The T2S template has set it to 0 explicitly before, but this commit changes to set it to 1 so that guest kernels and applications can know that the processor has the RRSBA behavior. The reason why it sets the bit to 1 instead of passing through it from the host is that it aims to provide the ability to securely migrate snapshots between Intel Skylake and Intel CascadeLake. Signed-off-by: Takahiro Itazuri <itazur@amazon.com>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -29,6 +29,8 @@
   thread due to a misconfiguration of the `api_event_fd`.
 - Fixed CPUID leaf 0x1 to disable perfmon and debug feature on x86 host.
 - Fixed passing through cache information from host in CPUID leaf 0x80000006.
+- Fixed the T2S CPU template to set the RRSBA bit of the IA32_ARCH_CAPABILITIES
+  MSR to 1 in accordance with an Intel microcode update.
 
 ## [1.3.0]
 
diff --git a/resources/tests/static_cpu_templates/t2s.json b/resources/tests/static_cpu_templates/t2s.json
@@ -90,7 +90,7 @@
   "msr_modifiers": [
     {
       "addr": "0x10a",
-      "bitmap": "0b0000000000000000000000000000000000000000000000000000110001001100"
+      "bitmap": "0b0000000000000000000000000000000000000000000010000000110001001100"
     }
   ]
 }
diff --git a/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2s.rs b/src/vmm/src/cpu_config/x86_64/static_cpu_templates/t2s.rs
@@ -132,7 +132,7 @@ pub fn t2s() -> CustomCpuTemplate {
             addr: 0x10a,
             bitmap: RegisterValueFilter {
                 filter: 0b1111111111111111111111111111111111111111111111111111111111111111,
-                value: 0b0000000000000000000000000000000000000000000000000000110001001100,
+                value: 0b0000000000000000000000000000000000000000000010000000110001001100,
             },
         }],
     }

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@`
`90`	`90`	`"msr_modifiers": [`
`91`	`91`	`{`
`92`	`92`	`"addr": "0x10a",`
`93`		`- "bitmap": "0b0000000000000000000000000000000000000000000000000000110001001100"`
	`93`	`+ "bitmap": "0b0000000000000000000000000000000000000000000010000000110001001100"`
`94`	`94`	`}`
`95`	`95`	`]`
`96`	`96`	`}`
Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@ pub fn t2s() -> CustomCpuTemplate {`
`132`	`132`	`addr: 0x10a,`
`133`	`133`	`bitmap: RegisterValueFilter {`
`134`	`134`	`filter: 0b1111111111111111111111111111111111111111111111111111111111111111,`
`135`		`- value: 0b0000000000000000000000000000000000000000000000000000110001001100,`
	`135`	`+ value: 0b0000000000000000000000000000000000000000000010000000110001001100,`
`136`	`136`	`},`
`137`	`137`	`}],`
`138`	`138`	`}`