Skip to content

Guest Kernel 6.18 release preview#6013

Open
deRemo wants to merge 11 commits into
firecracker-microvm:mainfrom
deRemo:6.18-ci-onboard
Open

Guest Kernel 6.18 release preview#6013
deRemo wants to merge 11 commits into
firecracker-microvm:mainfrom
deRemo:6.18-ci-onboard

Conversation

@deRemo

@deRemo deRemo commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Changes

Test Fixes for 6.18 Compatibility

  • CPU features: Handle invpcid_single removal in Linux v6.6+ bidirectionally across Intel and AMD platforms
  • CPU features: Account for xtopology and debug_swap user-visibility changes since kernel v6.11 on AMD Milan/Genoa
  • CPU features: Fix ssbs check for 6.18 on Neoverse N1/V1/V2
  • MSR: Add MSR_IA32_XSS (0xDA0) to exception list — guest-set supervisor state bits diverge from initial dump
  • Vulnerabilities: Add INCEPTION exception for AMD Milan/Genoa on older host kernels
  • Vulnerabilities: Add spectre_v2 BHI exception for 6.18+

CI Tooling

  • Update test framework artifacts module to expose the 6.18 kernel parameter

Reason

This PR adds full support for running Linux 6.18 as a guest kernel in Firecracker microVMs. It is marked as "preview" due to a networking regression on m7i/m8i instances; merging it now allows us to monitor the regression through CI pipelines.

License Acceptance

By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license. For more information on following Developer
Certificate of Origin and signing off your commits, please check
CONTRIBUTING.md.

PR Checklist

  • I have read and understand CONTRIBUTING.md.
  • I have run tools/devtool checkbuild --all to verify that the PR passes
    build checks on all supported architectures.
  • I have run tools/devtool checkstyle to verify that the PR passes the
    automated style checks.
  • I have described what is done in these changes, why they are needed, and
    how they are solving the problem in a clear and encompassing way.
  • I have updated any relevant documentation (both in code and in the docs)
    in the PR.
  • I have mentioned all user-facing changes in CHANGELOG.md.
  • If a specific issue led to this PR, this PR closes the issue.
  • When making API changes, I have followed the
    Runbook for Firecracker API changes.
  • I have tested all new and changed functionalities in unit tests and/or
    integration tests.
  • I have linked an issue to every new TODO.

  • This functionality cannot be added in rust-vmm.

@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.85%. Comparing base (5ac3f5f) to head (db67137).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #6013   +/-   ##
=======================================
  Coverage   82.85%   82.85%           
=======================================
  Files         277      277           
  Lines       30633    30633           
=======================================
  Hits        25381    25381           
  Misses       5252     5252           
Flag Coverage Δ
5.10-m5n.metal 83.09% <ø> (-0.01%) ⬇️
5.10-m6a.metal 82.44% <ø> (-0.01%) ⬇️
5.10-m6g.metal 79.90% <ø> (ø)
5.10-m6i.metal 83.09% <ø> (-0.01%) ⬇️
5.10-m7a.metal-48xl 82.44% <ø> (-0.01%) ⬇️
5.10-m7g.metal 79.90% <ø> (ø)
5.10-m7i.metal-24xl 83.07% <ø> (-0.01%) ⬇️
5.10-m7i.metal-48xl 83.07% <ø> (-0.01%) ⬇️
5.10-m8g.metal-24xl 79.89% <ø> (-0.01%) ⬇️
5.10-m8g.metal-48xl 79.89% <ø> (ø)
5.10-m8i.metal-48xl 83.07% <ø> (+<0.01%) ⬆️
5.10-m8i.metal-96xl 83.07% <ø> (-0.01%) ⬇️
6.1-m5n.metal 83.12% <ø> (-0.01%) ⬇️
6.1-m6a.metal 82.47% <ø> (-0.01%) ⬇️
6.1-m6g.metal 79.89% <ø> (-0.01%) ⬇️
6.1-m6i.metal 83.12% <ø> (ø)
6.1-m7a.metal-48xl 82.46% <ø> (-0.01%) ⬇️
6.1-m7g.metal 79.90% <ø> (ø)
6.1-m7i.metal-24xl 83.14% <ø> (+<0.01%) ⬆️
6.1-m7i.metal-48xl 83.13% <ø> (ø)
6.1-m8g.metal-24xl 79.89% <ø> (-0.01%) ⬇️
6.1-m8g.metal-48xl 79.89% <ø> (-0.01%) ⬇️
6.1-m8i.metal-48xl 83.14% <ø> (ø)
6.1-m8i.metal-96xl 83.14% <ø> (+<0.01%) ⬆️
6.18-m5n.metal 83.12% <ø> (ø)
6.18-m6a.metal 82.47% <ø> (ø)
6.18-m6g.metal 79.89% <ø> (-0.01%) ⬇️
6.18-m6i.metal 83.12% <ø> (-0.01%) ⬇️
6.18-m7a.metal-48xl 82.46% <ø> (ø)
6.18-m7g.metal 79.90% <ø> (ø)
6.18-m7i.metal-24xl 83.13% <ø> (-0.02%) ⬇️
6.18-m7i.metal-48xl 83.13% <ø> (-0.02%) ⬇️
6.18-m8g.metal-24xl 79.89% <ø> (-0.01%) ⬇️
6.18-m8g.metal-48xl 79.89% <ø> (ø)
6.18-m8i.metal-48xl 83.13% <ø> (ø)
6.18-m8i.metal-96xl 83.13% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@deRemo
deRemo force-pushed the 6.18-ci-onboard branch 11 times, most recently from 0c39310 to 4b475d0 Compare July 8, 2026 23:04

@Manciukic Manciukic left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mostly lgtm, with a few clarifications required

Comment thread tests/integration_tests/functional/test_cpu_features_host_vs_guest.py Outdated
Comment thread tests/integration_tests/security/test_vulnerabilities.py Outdated
Comment thread tests/integration_tests/security/test_vulnerabilities.py
@deRemo
deRemo force-pushed the 6.18-ci-onboard branch 2 times, most recently from 1dfb25e to 6a7d47b Compare July 9, 2026 12:11
Comment thread tests/integration_tests/security/test_vulnerabilities.py Outdated
Comment thread tests/integration_tests/security/test_vulnerabilities.py Outdated
Comment thread tests/integration_tests/functional/test_cpu_features_host_vs_guest.py Outdated
@deRemo
deRemo force-pushed the 6.18-ci-onboard branch 5 times, most recently from 803cc82 to d0c5c85 Compare July 10, 2026 17:25
Comment thread tests/integration_tests/functional/test_cpu_features_host_vs_guest.py Outdated
Comment thread tests/integration_tests/security/test_vulnerabilities.py Outdated
Comment thread tests/integration_tests/security/test_vulnerabilities.py
@deRemo
deRemo force-pushed the 6.18-ci-onboard branch from d0c5c85 to 70ccc66 Compare July 14, 2026 22:43
Comment thread tests/fetch_missing_msr_lists.sh Outdated
@deRemo
deRemo force-pushed the 6.18-ci-onboard branch from 70ccc66 to 79ef690 Compare July 15, 2026 14:16
Manciukic
Manciukic previously approved these changes Jul 15, 2026
@deRemo
deRemo force-pushed the 6.18-ci-onboard branch from a4f8087 to ff951bd Compare July 15, 2026 16:14
and guest_kernel_version
and guest_kernel_version >= (6, 18)
):
exception_dict["spectre_v2"] = "BHI: Vulnerable"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The way the exception is enforced is too broad: for files in the exception dict, the test only asserts the exception string appears somewhere — the normal "no Vulnerable" check is skipped entirely. Since spectre_v2 is one line that also carries the main mitigation status, a guest that lost eIBRS entirely (Vulnerable; IBPB: disabled; ... BHI: Vulnerable) would still pass. The commit message says the exception holds "as long as the main mitigation is still active", but nothing checks that. Suggest also requiring the file to start with Mitigation:.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1, this is a real gap. Two failure directions the current assert "BHI: Vulnerable" in stdout doesn't handle, both stemming from spectre_v2 being a single sysfs line that mixes the primary mitigation status with the BHI: sub-state:

  1. Masking (the one you noted): if the main mitigation regresses, e.g. Vulnerable; IBPB: disabled; ...; BHI: Vulnerable, the substring "BHI: Vulnerable" is still present, so the test passes even though eIBRS is gone. The "no Vulnerable" guard is skipped for the whole file.

  2. Spurious failure (the opposite direction): a no-eIBRS Intel guest doesn't necessarily print BHI: Vulnerable. spectre_bhi_state() returns BHI: Retpoline (retpoline + rrsba_disabled) or BHI: SW loop in other configs. That can happen for non-templated guests on an INTEL_CASCADELAKE host (no eIBRS) or T2S/T2CL templates presenting Skylake/Cascade-Lake — where the exact-match would then fail even though nothing regressed.

Suggest making the check assert both halves explicitly rather than a single substring: the line starts with Mitigation: (primary mitigation intact — covers #1) and the only Vulnerable token is the BHI: one (covers #2 without masking a real secondary regression). Roughly:

# spectre_v2: accept BHI being reported vulnerable (expected on >=6.18 guests, see above),
# but only if the primary mitigation is still active and BHI is the *only* vulnerable field.
def _spectre_v2_ok(stdout):
    line = stdout.strip()
    if not line.startswith("Mitigation:"):
        return False
    vulns = [f for f in line.split(";") if "Vulnerable" in f]
    return vulns == [f for f in vulns if "BHI:" in f]  # BHI is the sole vulnerable field

That keeps the exception scoped to the intended BHI case while preserving detection of both a lost primary mitigation and any other sub-component flipping to Vulnerable.

@deRemo deRemo Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ty, the latest rebase introduced this error.

I reverted the code line:

-        exception_dict["spectre_v2"] = "BHI: Vulnerable"
+        exception_dict["spectre_v2"] = "Mitigation"

This should be enough to re-establish proper security check. A more sophisticated check like the one proposed above it's redundant, in my opinion, given the justification of the exception:

     # On kernel >= 6.18, the new attack vector control framework only enables BHI
     # mitigation when CPU_MITIGATE_GUEST_HOST is active (i.e., the system runs VMs).
     # https://github.com/amazonlinux/linux/blob/amazon-6.18.y/mainline/arch/x86/kernel/cpu/bugs.c#L2221
     # https://github.com/amazonlinux/linux/blob/amazon-6.18.y/mainline/kernel/cpu.c#L3192
     # Since Firecracker guests do not themselves run nested VMs, the guest kernel
     # intentionally reports "BHI: Vulnerable" in the spectre_v2 sysfs file.

As a side note, this bug highlighted that the T2CL template is using Retpolines mitigation, instead of eIBRS. This is due to an anomalous interaction in MSR read between Firecracker's CPU templates and KVM, which is currently under investigation (but basically unrelated to this PR).

@deRemo deRemo Jul 17, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change of plan: i'm refactoring the test logic in order to accept regex matching and will pass the exception r"^Mitigation:.*BHI:.*" instead; This will ensure that the spectre v2 is mitigated, and that give better emphasis on the fact that we don't care about BHI (due to the CPU_MITIGATE_GUEST_HOST)

deRemo added 7 commits July 17, 2026 15:10
Add vmlinux-6.18 kernel parameters to the test framework artifacts
module, including both regular and debug kernel variants, and add
the 6.18 pattern to the supported kernels list.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
test_cpu_config_dump_vs_actual[vmlinux-6.18.33-PCI_OFF] fails with:
  Mismatched MSR for 0x00000da0:
    actual=0b...0001100000000000 vs dump=0b...0000000000000000
  assert 6144 == 0

MSR_IA32_XSS (0xDA0) is a R/W MSR that the guest OS uses to enable
supervisor state components in XSAVES/XRSTORS. After boot, the guest
sets bits for supported supervisor states (e.g., CET supervisor states
at bits 11-12), causing the runtime value to differ from the initial
dump. Add it to the exception list since this divergence is expected
guest OS behavior.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
Add missing MSR baseline CSV files generated by the firecracker
optional pr pipeline for custom CPU templates.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
Intel Cascade Lake CPU checks mutate the module-level sets with |= to
adjust for invpcid_single for 5.10 and 6.1 guest kernels. Since this
is done without .copy(), this fails the subsequent guest kernel 6.18
test.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
invpcid_single feature was dropped in Linux v6.6 (commit 54e3d943),
so any host/guest combination running kernel 6.18 will fail the CPU
feature check, unless both host and guest are running the 6.18.

Refactor the Intel Sapphire/Granite Rapids, Intel Icelake, and AMD
Milan/Genoa cases in host_vs_guest CPU features check test to handle
invpcid_single "bidirectionally".

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
Since commit 78ce84b9e0a5 ("x86/cpufeatures: Flip the /proc/cpuinfo
appearance logic") in v6.11, the xtopology and debug_swap flags
gained a quoted name and are now reported in /proc/cpuinfo.
This commit handle both flags existance dynamically at test runtime,
mirroring the existing invpcid_single pattern.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
KVM advertises the ssbs feature to guests regardless of whether the
host kernel applies the Neoverse N1/V1/V2 errata workaround. This
means the guest always sees ssbs, independent of guest kernel version.

This commit clarifies this in the code and add links to the relevant
Amazon Linux backport commits.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
@deRemo
deRemo force-pushed the 6.18-ci-onboard branch from ce27aef to bca523b Compare July 17, 2026 15:10
deRemo added 4 commits July 17, 2026 15:19
Allow for more precise exception patterns, and improved debuggability
on failure.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
On kernel 6.18+, the new attack vector control framework only enables
BHI mitigation when CPU_MITIGATE_GUEST_HOST is active. Since Firecracker
guests do not run nested VMs, the guest kernel intentionally reports
"BHI: Vulnerable" or "BHI: Retpotlines" (T2CL only).

Add an exception in get_vuln_files_exception_dict() that accepts
any BHI status for 6.18+ guests as long as the main mitigation
(e.g., Enhanced IBRS) is still active.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
The spectre-meltdown-checker reports INCEPTION (CVE-2023-20569) as
vulnerable inside 6.18 guests on AMD Milan/Genoa on older host kernels
when no CPU template is applied. This is because the host is mitigated
("safe RET") but Firecracker does not expose the microcode version to
the guest, so the checker cannot verify the mitigation.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
Add v6.18 to the guest kernel support table with v1.16.1 as the
minimum Firecracker version and 2028-06-01 as the minimum end of
support, per the 2-year minimum stated above the table.

Signed-off-by: Remo Andreoli <andrremo@amazon.com>
@deRemo
deRemo force-pushed the 6.18-ci-onboard branch from bca523b to db67137 Compare July 17, 2026 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants