Merge branch 'main' into ibpb_exit_to_user_on_ubuntu

Author: zulinx86

tests/data/cpu_template_helper/fingerprint_AMD_GENOA_5.10host.json

@@ -1,9 +1,9 @@
 {
-  "firecracker_version": "1.13.0-dev",
-  "kernel_version": "5.10.238-234.956.amzn2.x86_64",
-  "microcode_version": "0xa101154",
+  "firecracker_version": "1.14.0-dev",
+  "kernel_version": "5.10.244-240.965.amzn2.x86_64",
+  "microcode_version": "0xa101156",
   "bios_version": "1.0",
-  "bios_revision": "2.21",
+  "bios_revision": "2.23",
   "guest_cpu_config": {
     "kvm_capabilities": [],
     "cpuid_modifiers": [
@@ -1494,15 +1494,14 @@
           },
           {
             "register": "ecx",
-            "bitmap": "0b00000000000000000010000000000000"
+            "bitmap": "0b00000000000000000110000000000000"
           },
           {
             "register": "edx",
             "bitmap": "0b00000000000000000000000000000000"
           }
         ]
       }
-
     ],
     "msr_modifiers": [
       {
@@ -1635,4 +1634,4 @@
       }
     ]
   }
-}
+}

tests/data/cpu_template_helper/fingerprint_AMD_GENOA_6.1host.json

@@ -1,9 +1,9 @@
 {
-  "firecracker_version": "1.13.0-dev",
-  "kernel_version": "6.1.141-165.249.amzn2023.x86_64",
-  "microcode_version": "0xa101154",
+  "firecracker_version": "1.14.0-dev",
+  "kernel_version": "6.1.153-175.280.amzn2023.x86_64",
+  "microcode_version": "0xa101156",
   "bios_version": "1.0",
-  "bios_revision": "2.21",
+  "bios_revision": "2.23",
   "guest_cpu_config": {
     "kvm_capabilities": [],
     "cpuid_modifiers": [
@@ -1486,7 +1486,7 @@
         "modifiers": [
           {
             "register": "eax",
-            "bitmap": "0b00000000000000000000000001000101"
+            "bitmap": "0b00000000000000000000001001100101"
           },
           {
             "register": "ebx",

tests/data/cpu_template_helper/fingerprint_AMD_MILAN_5.10host.json

@@ -1,9 +1,9 @@
 {
-  "firecracker_version": "1.13.0-dev",
-  "kernel_version": "5.10.238-234.956.amzn2.x86_64",
-  "microcode_version": "0xa0011db",
+  "firecracker_version": "1.14.0-dev",
+  "kernel_version": "5.10.244-240.965.amzn2.x86_64",
+  "microcode_version": "0xa0011de",
   "bios_version": "1.0",
-  "bios_revision": "0.94",
+  "bios_revision": "0.98",
   "guest_cpu_config": {
     "kvm_capabilities": [],
     "cpuid_modifiers": [
@@ -1402,7 +1402,7 @@
           },
           {
             "register": "ecx",
-            "bitmap": "0b00000000000000000010000000000000"
+            "bitmap": "0b00000000000000000110000000000000"
           },
           {
             "register": "edx",
@@ -1542,4 +1542,4 @@
       }
     ]
   }
-}
+}

tests/data/cpu_template_helper/fingerprint_AMD_MILAN_6.1host.json

@@ -1,9 +1,9 @@
 {
-  "firecracker_version": "1.13.0-dev",
-  "kernel_version": "6.1.141-165.249.amzn2023.x86_64",
-  "microcode_version": "0xa0011db",
+  "firecracker_version": "1.14.0-dev",
+  "kernel_version": "6.1.153-175.280.amzn2023.x86_64",
+  "microcode_version": "0xa0011de",
   "bios_version": "1.0",
-  "bios_revision": "0.94",
+  "bios_revision": "0.98",
   "guest_cpu_config": {
     "kvm_capabilities": [],
     "cpuid_modifiers": [
@@ -1394,7 +1394,7 @@
         "modifiers": [
           {
             "register": "eax",
-            "bitmap": "0b00000000000000000000000001000101"
+            "bitmap": "0b00000000000000000000001001100101"
           },
           {
             "register": "ebx",

tests/integration_tests/security/test_vulnerabilities.py

@@ -11,13 +11,11 @@
 
 import pytest
 import requests
-from packaging import version
 
 from framework import utils
 from framework.ab_test import git_clone
 from framework.microvm import MicroVMFactory
 from framework.properties import global_props
-from framework.utils_cpuid import CpuVendor, get_cpu_vendor
 
 CHECKER_URL = "https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh"
 CHECKER_FILENAME = "spectre-meltdown-checker.sh"
@@ -134,32 +132,8 @@ def get_vuln_files_exception_dict(template):
     """
     Returns a dictionary of expected values for vulnerability files requiring special treatment.
     """
-    host_kernel_version = version.parse(utils.get_kernel_version())
-    cpu_vendor = get_cpu_vendor()
     exception_dict = {}
 
-    # Exception for tsa
-    # =============================
-    #
-    # AMD guests on 6.1 hosts before 6.1.153
-    # --------------------------------------------
-    # On 6.1 kernels before 6.1.153 [1], KVM doesn't tell the guest that the microcode with the TSA
-    # mitigation has been applied by setting CPUID.(EAX=0x80000021,ECX=0):EAX[5 (CLEAR_VERW)].
-    # The guest applies the mitigation anyways, but flags it as possibly vulnerable as it cannot
-    # verify that the microcode update has been applied correctly.
-    # Note that this doesn't affect the T2A template (deprecated) as the presented CPU is older
-    # and not recognised as being affected by TSA.
-    # [1]: https://github.com/amazonlinux/linux/commit/8d1e0db16431610b5b35737d88595bdd7a08e271
-
-    if (
-        cpu_vendor == CpuVendor.AMD
-        and template == "None"
-        and host_kernel_version.major == 6
-        and host_kernel_version.minor == 1
-        and host_kernel_version.micro < 153
-    ):
-        exception_dict["tsa"] = "Vulnerable: Clear CPU buffers attempted, no microcode"
-
     # Exception for mmio_stale_data
     # =============================
     #