| Message ID | 20250121020650.1899618-5-tao1.su@linux.intel.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Introduce SierraForest-v2 and ClearwaterForest CPU model | expand |
On Tue, 21 Jan 2025, Tao Su wrote: > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > section "Preferred CPU models for Intel x86 hosts". > > Also introduce bhi-no, gds-no and rfds-no in doc. > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > --- > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > 1 file changed, 42 insertions(+) > > diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc > index ba27b5683f..f0b5189d91 100644 > --- a/docs/system/cpu-models-x86.rst.inc > +++ b/docs/system/cpu-models-x86.rst.inc > @@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration > compatibility is required, use the newest CPU model that is compatible > across all desired hosts. > > +``ClearwaterForest`` > + Intel Xeon Processor (ClearwaterForest, 2025) > + > +``SierraForest``, ``SierraForest-v2`` > + Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates Typo, do you mean "mitigates"? Regards, BALATON Zoltan > + the GDS and RFDS vulnerabilities with stepping 3. > + > +``GraniteRapids``, ``GraniteRapids-v2`` > + Intel Xeon Processor (GraniteRapids, 2024) > + > ``Cascadelake-Server``, ``Cascadelake-Server-noTSX`` > Intel Xeon Processor (Cascade Lake, 2019), with "stepping" levels 6 > or 7 only. (The Cascade Lake Xeon processor with *stepping 5 is > @@ -223,6 +233,38 @@ features are included if using "Host passthrough" or "Host model". > ``/sys/devices/system/cpu/vulnerabilities/tsx_async_abort`` file in > the guest should report ``Mitigation: TSX disabled``. > > +``bhi-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2022-0001, Branch History Injection (BHI). > + > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports > + ``BHI: Not affected`` in the > + ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. > + > +``gds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). > + > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` > + file. > + > +``rfds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). > + > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` > + file. > > Preferred CPU models for AMD x86 hosts > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >
On Tue, Jan 21, 2025 at 04:12:48AM +0100, BALATON Zoltan wrote: > On Tue, 21 Jan 2025, Tao Su wrote: > > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > > section "Preferred CPU models for Intel x86 hosts". > > > > Also introduce bhi-no, gds-no and rfds-no in doc. > > > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > > --- > > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > > 1 file changed, 42 insertions(+) > > > > diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc > > index ba27b5683f..f0b5189d91 100644 > > --- a/docs/system/cpu-models-x86.rst.inc > > +++ b/docs/system/cpu-models-x86.rst.inc > > @@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration > > compatibility is required, use the newest CPU model that is compatible > > across all desired hosts. > > > > +``ClearwaterForest`` > > + Intel Xeon Processor (ClearwaterForest, 2025) > > + > > +``SierraForest``, ``SierraForest-v2`` > > + Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates > > Typo, do you mean "mitigates"? Yes, thanks for pointing out.
On Tue, Jan 21, 2025 at 10:06:50AM +0800, Tao Su wrote: > Date: Tue, 21 Jan 2025 10:06:50 +0800 > From: Tao Su <tao1.su@linux.intel.com> > Subject: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models > X-Mailer: git-send-email 2.34.1 > > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > section "Preferred CPU models for Intel x86 hosts". > > Also introduce bhi-no, gds-no and rfds-no in doc. > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > --- > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > 1 file changed, 42 insertions(+) [snip] > +``bhi-no`` > + Recommended to inform that the guest that the host is ``not`` s/inform that the guest/inform the guest/ > + vulnerable to CVE-2022-0001, Branch History Injection (BHI). > + > + This too is an MSR feature, so it does not show up in the Linux s/This too is an/This is also an/ > + ``/proc/cpuinfo`` in the host or guest. > + > + It should only be enabled for VMs if the host reports > + ``BHI: Not affected`` in the > + ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. > + > +``gds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). s/inform that the guest/inform the guest/ > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. s/This too is an/This is also an/ > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` > + file. > + > +``rfds-no`` > + Recommended to inform that the guest that the host is ``not`` > + vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). ditto. > + This too is an MSR feature, so it does not show up in the Linux > + ``/proc/cpuinfo`` in the host or guest. ditto. > + It should only be enabled for VMs if the host reports ``Not affected`` > + in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` > + file. > > Preferred CPU models for AMD x86 hosts > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Thanks very much! With nits fixed :-), Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
On Tue, Jan 21, 2025 at 09:31:25PM +0800, Zhao Liu wrote: > On Tue, Jan 21, 2025 at 10:06:50AM +0800, Tao Su wrote: > > Date: Tue, 21 Jan 2025 10:06:50 +0800 > > From: Tao Su <tao1.su@linux.intel.com> > > Subject: [PATCH 4/4] docs: Add GNR, SRF and CWF CPU models > > X-Mailer: git-send-email 2.34.1 > > > > Update GraniteRapids, SierraForest and ClearwaterForest CPU models in > > section "Preferred CPU models for Intel x86 hosts". > > > > Also introduce bhi-no, gds-no and rfds-no in doc. > > > > Suggested-by: Zhao Liu <zhao1.liu@intel.com> > > Signed-off-by: Tao Su <tao1.su@linux.intel.com> > > --- > > docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ > > 1 file changed, 42 insertions(+) > > [snip] > > > +``bhi-no`` > > + Recommended to inform that the guest that the host is ``not`` > > s/inform that the guest/inform the guest/ > > > + vulnerable to CVE-2022-0001, Branch History Injection (BHI). > > + > > + This too is an MSR feature, so it does not show up in the Linux > > s/This too is an/This is also an/ > > > + ``/proc/cpuinfo`` in the host or guest. > > + > > + It should only be enabled for VMs if the host reports > > + ``BHI: Not affected`` in the > > + ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. > > + > > +``gds-no`` > > + Recommended to inform that the guest that the host is ``not`` > > + vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). > > s/inform that the guest/inform the guest/ > > > + This too is an MSR feature, so it does not show up in the Linux > > + ``/proc/cpuinfo`` in the host or guest. > > s/This too is an/This is also an/ > > > + It should only be enabled for VMs if the host reports ``Not affected`` > > + in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` > > + file. > > + > > +``rfds-no`` > > + Recommended to inform that the guest that the host is ``not`` > > + vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). > > ditto. > > > + This too is an MSR feature, so it does not show up in the Linux > > + ``/proc/cpuinfo`` in the host or guest. > > ditto. > > > + It should only be enabled for VMs if the host reports ``Not affected`` > > + in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` > > + file. > > > > Preferred CPU models for AMD x86 hosts > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Thanks very much! With nits fixed :-), > > Reviewed-by: Zhao Liu <zhao1.liu@intel.com> > > Thanks for the suggestion, the description is better with these changes. >
diff --git a/docs/system/cpu-models-x86.rst.inc b/docs/system/cpu-models-x86.rst.inc index ba27b5683f..f0b5189d91 100644 --- a/docs/system/cpu-models-x86.rst.inc +++ b/docs/system/cpu-models-x86.rst.inc @@ -71,6 +71,16 @@ mixture of host CPU models between machines, if live migration compatibility is required, use the newest CPU model that is compatible across all desired hosts. +``ClearwaterForest`` + Intel Xeon Processor (ClearwaterForest, 2025) + +``SierraForest``, ``SierraForest-v2`` + Intel Xeon Processor (SierraForest, 2024), SierraForest-v2 matigates + the GDS and RFDS vulnerabilities with stepping 3. + +``GraniteRapids``, ``GraniteRapids-v2`` + Intel Xeon Processor (GraniteRapids, 2024) + ``Cascadelake-Server``, ``Cascadelake-Server-noTSX`` Intel Xeon Processor (Cascade Lake, 2019), with "stepping" levels 6 or 7 only. (The Cascade Lake Xeon processor with *stepping 5 is @@ -223,6 +233,38 @@ features are included if using "Host passthrough" or "Host model". ``/sys/devices/system/cpu/vulnerabilities/tsx_async_abort`` file in the guest should report ``Mitigation: TSX disabled``. +``bhi-no`` + Recommended to inform that the guest that the host is ``not`` + vulnerable to CVE-2022-0001, Branch History Injection (BHI). + + This too is an MSR feature, so it does not show up in the Linux + ``/proc/cpuinfo`` in the host or guest. + + It should only be enabled for VMs if the host reports + ``BHI: Not affected`` in the + ``/sys/devices/system/cpu/vulnerabilities/spectre_v2`` file. + +``gds-no`` + Recommended to inform that the guest that the host is ``not`` + vulnerable to CVE-2022-40982, Gather Data Sampling (GDS). + + This too is an MSR feature, so it does not show up in the Linux + ``/proc/cpuinfo`` in the host or guest. + + It should only be enabled for VMs if the host reports ``Not affected`` + in the ``/sys/devices/system/cpu/vulnerabilities/gather_data_sampling`` + file. + +``rfds-no`` + Recommended to inform that the guest that the host is ``not`` + vulnerable to CVE-2023-28746, Register File Data Sampling (RFDS). + + This too is an MSR feature, so it does not show up in the Linux + ``/proc/cpuinfo`` in the host or guest. + + It should only be enabled for VMs if the host reports ``Not affected`` + in the ``/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling`` + file. Preferred CPU models for AMD x86 hosts ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Update GraniteRapids, SierraForest and ClearwaterForest CPU models in section "Preferred CPU models for Intel x86 hosts". Also introduce bhi-no, gds-no and rfds-no in doc. Suggested-by: Zhao Liu <zhao1.liu@intel.com> Signed-off-by: Tao Su <tao1.su@linux.intel.com> --- docs/system/cpu-models-x86.rst.inc | 42 ++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)