chore: Update fingerprint for CPUID.0x80000021:ECX on AMD / 5.10 kernel

KVM added support for CPUID leaf 0x80000021 [1] and synthesized
TSA_{SQ,L1}_NO bits on ECX [2]. However, the second patch has a bug
where TSA_{SQ,L1}_NO bits are 1st and 2nd bits [3] but exposed as 11th
and 12th bits. This bug happened because it used to be software-defined
word (not hardware-defined). Recently, the kernel added another bit
(X86_FWEATURE_IBPB_EXIT_TO_USER) for VMScape that is not a hardware-
defined bit but a software-defined bit.

We update the fingerprints for now to make the fingerprint test pass,
but will fix the bug. So we'll need to update again once the fix
arrives.

[1]: amazonlinux/linux@6457a8c
[2]: amazonlinux/linux@6fea1a4
[3]: https://www.amd.com/content/dam/amd/en/documents/resources/bulletin/technical-guidance-for-mitigating-transient-scheduler-attacks.pdf
[4]: amazonlinux/linux@ac60717

Signed-off-by: Takahiro Itazuri <[email protected]>

Author: zulinx86

tests/data/cpu_template_helper/fingerprint_AMD_GENOA_5.10host.json

@@ -1,9 +1,9 @@
 {
-  "firecracker_version": "1.13.0-dev",
-  "kernel_version": "5.10.238-234.956.amzn2.x86_64",
-  "microcode_version": "0xa101154",
+  "firecracker_version": "1.14.0-dev",
+  "kernel_version": "5.10.244-240.965.amzn2.x86_64",
+  "microcode_version": "0xa101156",
   "bios_version": "1.0",
-  "bios_revision": "2.21",
+  "bios_revision": "2.23",
   "guest_cpu_config": {
     "kvm_capabilities": [],
     "cpuid_modifiers": [
@@ -1494,15 +1494,14 @@
           },
           {
             "register": "ecx",
-            "bitmap": "0b00000000000000000010000000000000"
+            "bitmap": "0b00000000000000000110000000000000"
           },
           {
             "register": "edx",
             "bitmap": "0b00000000000000000000000000000000"
           }
         ]
       }
-
     ],
     "msr_modifiers": [
       {
@@ -1635,4 +1634,4 @@
       }
     ]
   }
-}
+}

tests/data/cpu_template_helper/fingerprint_AMD_MILAN_5.10host.json

@@ -1,9 +1,9 @@
 {
-  "firecracker_version": "1.13.0-dev",
-  "kernel_version": "5.10.238-234.956.amzn2.x86_64",
-  "microcode_version": "0xa0011db",
+  "firecracker_version": "1.14.0-dev",
+  "kernel_version": "5.10.244-240.965.amzn2.x86_64",
+  "microcode_version": "0xa0011de",
   "bios_version": "1.0",
-  "bios_revision": "0.94",
+  "bios_revision": "0.98",
   "guest_cpu_config": {
     "kvm_capabilities": [],
     "cpuid_modifiers": [
@@ -1402,7 +1402,7 @@
           },
           {
             "register": "ecx",
-            "bitmap": "0b00000000000000000010000000000000"
+            "bitmap": "0b00000000000000000110000000000000"
           },
           {
             "register": "edx",
@@ -1542,4 +1542,4 @@
       }
     ]
   }
-}
+}

tests/integration_tests/security/test_vulnerabilities.py

@@ -11,13 +11,11 @@
 
 import pytest
 import requests
-from packaging import version
 
 from framework import utils
 from framework.ab_test import git_clone
 from framework.microvm import MicroVMFactory
 from framework.properties import global_props
-from framework.utils_cpuid import CpuVendor, get_cpu_vendor
 
 CHECKER_URL = "https://raw.githubusercontent.com/speed47/spectre-meltdown-checker/master/spectre-meltdown-checker.sh"
 CHECKER_FILENAME = "spectre-meltdown-checker.sh"
@@ -134,8 +132,6 @@ def get_vuln_files_exception_dict(template):
     """
     Returns a dictionary of expected values for vulnerability files requiring special treatment.
     """
-    host_kernel_version = version.parse(utils.get_kernel_version())
-    cpu_vendor = get_cpu_vendor()
     exception_dict = {}
 
     # Exception for mmio_stale_data