[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 for-4.21 0/2] x86/AMD: deal with RDSEED issues

  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Fri, 31 Oct 2025 13:14:11 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=mxKyPXADnKOjXRHFJGDriTZ/voC/jxTDpz6G0aEzp4w=; b=LckxKR50exJsU2zRP1Cn1nSjNeHdus7/ZOIhqaTMChbJYTgJiUH0a5sGLHlJiVizijFn7MmX4Ac2aJVqP0hHBL+NCiyTHJeCDB76AWepZDWIX2N9cWbOz0RZkf73i5f8CfvK+qioWOwezYphJDCXCAf6T7IB1ss4UV5N4S3iDmkgZiO7ny22kUf4rNM8dP+gpSDq1/HnQcrzUaGdtQenp8wpmA5T+R2uMohSBA4FU+jhy+SeU7KHneqa3vCPsDLPbdSFusWWsHgwoTbXrLgwnLGAlNZmrmLKIsyuXuIGeH/ckM8W3mwvnDfPGDneFn4RDNVRc7AE+wbUmPS3EQRGcQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Q0Ep09GSjqHyCYn68OfLv0yxji0lDm9NBY2sp5avW+omNVIu/GmlzJf7EQsOcNfTQC0hq3wHthcEkZajU0L6yJeiOFiY1hF2w3jxS+SRvsfIp/pS7e7j6cz1eT9G9ttp6wkD/hA4u2JnWpCl6+Qu+98PcKBnLV8WdJ10CdOeOXkTxd7p4o05DDv33OC8BQjpx+lbMiLHCJUOeiJ6HdrRhDJduu+8UkjOsPZg+0Mt64m/dRwKzA2qe4d4wud4iYSWWEVHG5WDtLa9dMF84audBBCBmK5yNLgV4kY0oycCEw6aNtNOlgJT+4f+4M0Zkk+y3MVx3HjHuOdofq4dUmLbDg==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;
  • Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx>
  • Delivery-date: Fri, 31 Oct 2025 12:14:40 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri, Oct 31, 2025 at 12:47:51PM +0100, Jan Beulich wrote:
> On 31.10.2025 11:54, Roger Pau Monné wrote:
> > On Fri, Oct 31, 2025 at 11:29:44AM +0100, Jan Beulich wrote:
> >> On 31.10.2025 11:22, Roger Pau Monné wrote:
> >>> On Tue, Oct 28, 2025 at 04:32:17PM +0100, Jan Beulich wrote:
> >>>> Both patches also want 'x86/CPU: extend is_forced_cpu_cap()'s "reach"' in
> >>>> place.
> >>>>
> >>>> 1: disable RDSEED on Fam17 model 47 stepping 0
> >>>> 2: disable RDSEED on most of Zen5
> >>>
> >>> For both patches: don't we need to set the feature in the max policy
> >>> to allow for incoming migrations of guests that have already seen the
> >>> feature?
> >>
> >> No, such guests should not run on affected hosts (unless overrides are in 
> >> place),
> >> or else they'd face sudden malfunction of RDSEED. If an override was in 
> >> place on
> >> the source host, an override will also need to be put in place on the 
> >> destination
> >> one.
> > 
> > But they may be malfunctioning before already, if started on a
> > vulnerable hosts without this fix and having seen RDSEED?
> 
> Yes. But there could also be ones coming from good hosts. Imo ...
> 
> > IMO after this fix is applied you should do pool leveling, at which
> > point RDSEED shouldn't be advertised anymore.  Having the feature in
> > the max policy allows to evacuate running guests while updating the
> > pool.  Otherwise those existing guests would be stuck to run on
> > non-updated hosts.
> 
> ... we need to err on the side of caution.

While I understand your concerns, this would cause failures in the
upgrade and migration model used by both XCP-ng and XenServer at
least, as it could prevent eviction of running VMs to updated hosts.

At a minimum we would need an option to allow the feature to be set on
the max policy.  Overall I think safety of migration (in this specific
regard) should be enforced by the toolstack (or orchestration layer),
rather than the hypervisor itself.  The hypervisor can reject
incompatible policies, but should leave the rest of the decisions to
higher layers as it doesn't have enough knowledge.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.