[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Help with Understanding vcpu xstate restore error during vm migration

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Fonyuy-Asheri Caleb <fonyuy-asheri.caleb@xxxxxxxx>
Date: Mon, 15 Jul 2024 10:48:51 +0200 (CEST)
Authentication-results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=Pass smtp.mailfrom=fonyuy-asheri.caleb@xxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxxxxxxx
Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Delivery-date: Mon, 15 Jul 2024 08:49:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
Thread-index: dFCsc8CTgOMEcFT+E8bpP5eFX/nhqQ==
Thread-topic: Help with Understanding vcpu xstate restore error during vm migration

>>> On 15.07.2024 09:38, Fonyuy-Asheri Caleb wrote:
>>>>> Perhaps the more important question, are you booting the skylake with
>>>>> cpuid=no-avx on the command line by any chance?
>>>>
>>>> No. I didn't boot any of the machines with any cpuid modification 
>>>> whatsoever.
>>>
>>> Yet is there perhaps "Mitigating GDS by disabling AVX" in the boot log of
>>> the hypervisor (which sadly so far you didn't supply anywhere afaics)?
>> 
>> I didn't notice that. Unfortunately I no longer have access to the logs to 
>> check
>> since I was
>> working on resources I reserved for a limited period.
>> 
>> However, do you mind telling me what this would mean for my environment?
> 
> Hard to tell, depending on what exactly you use that environment for. If
> I'm not mistaken (Andrew will surely correct me if I'm wrong), the best
> you can do is have such systems run with up-to-date microcode. Which of
> course requires you have control over the physical system (to update
> firmware) or at least the hypervisor (to hand it a microcode blob to load
> while booting). If you had control over only the command line, you could
> also choose to ignore the vulnerability and request AVX not to be turned
> off ("spec-ctrl=no-gds-mit"). Yet of course you wouldn't want to do this
> if you were running any not fully trusted guests.

Quick verification: cpuid=no-avx and spec-ctrl=no-gds-mit are options
passed to the grub right? 

> 
> Jan

Caleb

Follow-Ups:
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Jan Beulich

References:
- Help with Understanding vcpu xstate restore error during vm migration
  - From: Fonyuy-Asheri Caleb
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Andrew Cooper
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Fonyuy-Asheri Caleb
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Andrew Cooper
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Fonyuy-Asheri Caleb
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Jan Beulich
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Fonyuy-Asheri Caleb
- Re: Help with Understanding vcpu xstate restore error during vm migration
  - From: Jan Beulich

Prev by Date: Re: [PATCH v2 3/8] xen/riscv: enable CONFIG_HAS_DEVICE_TREE
Next by Date: Re: [PATCH v2 8/8] xen/riscv: introduce early_fdt_map()
Previous by thread: Re: Help with Understanding vcpu xstate restore error during vm migration
Next by thread: Re: Help with Understanding vcpu xstate restore error during vm migration
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.