Guest systems sees CPU of the Host

Looks like “synthcpu” option was not removed from VirtualBox, but replaced with “cpuid-portability-level” (which is not mentioned in manuals yet).

Thanks. Created ⚓ T408 --synthcpu was removed from VirtualBox, use --cpuid-portability-level or --cpuidremoveall? for it. Note, no one is currently concentrating on VirtualBox, so don’t hold your breath for this.

I’ve updated the ticket.

https://phabricator.whonix.org/T408

Please help testing this.

  • Run inside Whonix-Workstation:

cat /proc/cpuinfo

  • Safe that output.

  • Please try with the latest version of VirtualBox. At least version 5.

  • Shut down Whonix-Workstation. (Most likely required.)

  • On the host. Run without root. Run as normal user:

VBoxManage modifyvm Whonix-Workstation --cpuidremoveall

  • Start Whonix-Workstation. Run cat /proc/cpuinfo again. Compare. See if there is any improvement.
  • Keep this option and see if anything else breaks. I.e. if performance got worse. Or if any applications no longer work. No leaks expected since it’s an unrelated option.

@nurmagoz @Corrupt_Correct_Pig

this experiment should be done inside debian + vbox + whonix right ?

Yes, it should be.

hmm well i dont think i have seen anything different. nothing breaks nor performance gone worst. im using 5.0.10 vbox + debian 8.2 + whonix 12

  • cpu test 1:- (before VBoxManage modifyvm Whonix-Workstation --cpuidremoveall)

processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 37
model name : Intel(R) Core™ i5 CPU M 580 @ 2.67GHz
stepping : 5
microcode : 0x616
cpu MHz : 2659.899
cache size : 3072 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips : 5319.79
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:

  • cpu test 2 (after VBoxManage modifyvm Whonix-Workstation --cpuidremoveall + shutdown the WS)

processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 37
model name : Intel(R) Core™ i5 CPU M 580 @ 2.67GHz
stepping : 5
microcode : 0x616
cpu MHz : 2660.690
cache size : 3072 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 11
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm constant_tsc xtopology nonstop_tsc pni monitor lahf_lm
bogomips : 5321.38
clflush size : 64
cache_alignment : 64
address sizes : 36 bits physical, 48 bits virtual
power management:

  • this is from KVM + whonix 12 (cat /proc/cpuinfo inside WS)

processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cpu MHz : 2659.914
cache size : 4096 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips : 5319.82
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cpu MHz : 2659.914
cache size : 4096 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt hypervisor lahf_lm
bogomips : 1945.60
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:

  • from whonix 12 WS - qubes Q3 “cat /proc/cpuinfo” (different PC)

processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

processor : 2
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

processor : 3
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

processor : 4
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

processor : 5
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

processor : 6
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

processor : 7
vendor_id : GenuineIntel
cpu family : 6
model : 60
model name : Intel(R) Core™ i7-4710HQ CPU @ 2.50GHz
stepping : 3
microcode : 0x17
cpu MHz : 2494.312
cache size : 6144 KB
physical id : 0
siblings : 8
core id : 2
cpu cores : 1
apicid : 4
initial apicid : 4
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu de tsc msr pae cx8 apic sep cmov pat clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc rep_good nopl eagerfpu pni pclmulqdq ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm ida arat epb pln pts dtherm fsgsbase bmi1 avx2 bmi2 erms xsaveopt
bugs :
bogomips : 4988.62
clflush size : 64
cache_alignment : 64
address sizes : 39 bits physical, 48 bits virtual
power management:

KVM = Spoofed the CPU :white_check_mark:

Virtualbox = Failed to do that :heavy_multiplication_x:

Qubes = The most failure :x:

Thank you for testing this! So it seems VirtualBox --cpuidremoveall fails to result in the effect.

1 Like

Therefore closed the ticket.
https://phabricator.whonix.org/T408#7461

Nothing can be done about this.

(Same as in previous VirtualBox versions.)

aha ok cool, but should we inform qubes about this ?

Moved that information here:

I am not sure yet. The KVM vs Qubes difference does not look that bad.

I wonder if only different hardware resulted in the difference.

Whonix KVM report:
https://phabricator.whonix.org/T449

Already a known issue.

Good news.

its the same as before

user@host:~$ cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1185.79
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

processor : 1
vendor_id : GenuineIntel
cpu family : 6
model : 6
model name : QEMU Virtual CPU version 2.1.2
stepping : 3
microcode : 0x1
cache size : 4096 KB
physical id : 1
siblings : 1
core id : 0
cpu cores : 1
apicid : 1
initial apicid : 1
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse msr pae mce cx8 apic sep mtrr pge mca cmov pse36 mmx fxsr sse sse2 syscall nx lm pni cx16 x2apic popcnt aes hypervisor lahf_lm
bogomips : 1173.50
clflush size : 32
cache_alignment : 32
address sizes : 40 bits physical, 48 bits virtual
power management:

1 Like

Great stuff. Added to wiki. Thanks @nurmagoz!

1 Like

https://github.com/Whonix/Whonix/commit/6db3c345c80ee9841fcae57621cafbfcdd000a0f

1 Like

Quote dumbmouse

After much research this is the best way to hide the CPU using VirtualBox:
[…]

See more:
https://phabricator.whonix.org/T408#11595

cat /proc/cpuinfo in KVM doesnt show

model name : QEMU Virtual CPU version 2.1.2

it will show the same reading as vbox.

cc @HulaHoop any idea?

2 Likes

Probably related to spectre/meltdown alike CPU bugs.

libvirt-dist/usr/share/libvirt-dist/xml/Whonix-Workstation.xml at master · Kicksecure/libvirt-dist · GitHub

  <cpu mode='host-passthrough'/>
  <vcpu placement='static' cpuset='1'>1</vcpu>

Quote Should all kernel patches for CPU bugs be unconditionally enabled? Vs Performance vs Applicability - #7 by Patrick

HulaHoop changed Whonix KVM to host-passthrough :

KVM CPU masking got proverbially killed by specture/meltdown CPU bugs. CPU masking can no longer be recommended due the CPU bugs.

Qubes has the same issue. → Technical Challenges

related:

1 Like