Re: qemu-system-i386 crashes on i9 coffee lake

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 21/09/2023 11:24 pm, Stefan Kadow wrote:
> Hello,
>
> since commit b9ade05c
> https://xenbits.xenproject.org/gitweb/?p=xen.git;a=commit;h=b9ade05cbba977673d5a08bc7a5940c5fd8add0e
>
>
> qemu-system-i386 crashes on my Intel i9 Coffee Lake System.
>
> This does not happen when the system is booted with the latest
> microcode update. So I do not know if this is really a regression.
>
> Please, see the discussion on xen-users mailing list:
> https://lists.xenproject.org/archives/html/xen-users/2023-08/msg00014.html
>
>

The commit you reference is the security fix for Gather Data Sampling, a
vulnerability leaking vector registers across threads and privileges.

GTS is very severe.  Literally the easiest thing for a casual attacker
to find is the key material used by AES-NI instructions, owing to an
implementation detail which causes extra copies of the key to exist in
the vector register file.

As you can see in the documentation change (first file in
https://xenbits.xenproject.org/gitweb/?p=xen.git;a=commitdiff;h=b9ade05cbba977673d5a08bc7a5940c5fd8add0e)
if suitable microcode is not available, Xen mitigates the vulnerability
by disabling AVX.

This is necessary because there are some affected CPUs which are out of
support from Intel and not receiving microcode.


At a guess, Qemu is executing an AVX instruction without appropriate
feature checking first.  You'd need to attach GDB and disassemble the
trapping instruction to confirm.

Either way, it's a bug in Qemu, because even if it was compiled to
assume AVX is available, it ought to exit cleanly rather than crashing
like this.

You can disable the security fix by booting Xen with `spec-ctrl=no-gds-mit`.

~Andrew