[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AMD Epyc Spectre Mitigation inside VM / STIBP
|
From: |
Stefan Priebe - Profihost AG |
|
Subject: |
AMD Epyc Spectre Mitigation inside VM / STIBP |
|
Date: |
Wed, 15 Apr 2020 13:59:25 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 |
Hello,
while playing with an AMD Epyc System and Qemu 3.1.1.1 i was wondering
about the CPU Flags needed for full meltdown / spectre mitigation.
First i added the following patch to Qemu to add STIBP support:
>From 60345b5c0819975b6b4e3a531281aaad724dbcf0 Mon Sep 17 00:00:00 2001
From: Eduardo Habkost <address@hidden>
Date: Mon, 10 Dec 2018 16:02:50 -0200
Subject: [PATCH] i386: Add "stibp" flag name
i'm now starting the VM with:
-cpu
EPYC,+pdpe1gb,+ibpb,+virt-ssbd,+amd-ssbd,+stibp,+kvm_pv_unhalt,+kvm_pv_eoi,enforce,vendor=AuthenticAMD
While inside the VM i correctly see the the stibp flag in /proc/cpuinfo
# grep -H '' /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected
/sys/devices/system/cpu/vulnerabilities/mds:Not affected
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation:
Speculative Store Bypass disabled via prctl and seccomp
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation:
usercopy/swapgs barriers and __user pointer sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD
retpoline, IBPB: conditional, STIBP: disabled, RSB filling
/sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected
does show STIBP: disabled.
Is this expected? Is there any hint on how vulnerabilities should look
like for optimal performance.
Greets,
Stefan
- AMD Epyc Spectre Mitigation inside VM / STIBP,
Stefan Priebe - Profihost AG <=