[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AMD Epyc Spectre Mitigation inside VM / STIBP

From: Stefan Priebe - Profihost AG
Subject: AMD Epyc Spectre Mitigation inside VM / STIBP
Date: Wed, 15 Apr 2020 13:59:25 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1


while playing with an AMD Epyc System and Qemu i was wondering
about the CPU Flags needed for full meltdown / spectre mitigation.

First i added the following patch to Qemu to add STIBP support:
>From 60345b5c0819975b6b4e3a531281aaad724dbcf0 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <address@hidden>
Date: Mon, 10 Dec 2018 16:02:50 -0200
Subject: [PATCH] i386: Add "stibp" flag name

i'm now starting the VM with:

While inside the VM i correctly see the the stibp flag in /proc/cpuinfo

# grep -H '' /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
Speculative Store Bypass disabled via prctl and seccomp
usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline, IBPB: conditional, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected

does show STIBP: disabled.

Is this expected? Is there any hint on how vulnerabilities should look
like for optimal performance.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]