> > Hmm ... My last line looks the same like Rich's, but different to yours: > > # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 > Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling > > I don't have IBPB mentioned in there at all. I'm on > gentoo-sources-4.19.57. > Are you running a later kernel? > > According to this article a microcode update seems to be necessary, but > I'm > not sure if this statement only applies to Intel CPUs: > > > https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 > > My piledriver output from an old 4.19 has IBPB, so given that redhat info, it looks like you do have old microcode. I don't pass anything via the kernel command line, as I assume the defaults are good.
$ cat kern-4.19.7-vuln.txt /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling FWIW $ md5sum /lib/firmware/amd-ucode/microcode_amd_fam15h.bin 3bdedb4466186a79c469f62120f6d7bb /lib/firmware/amd-ucode/microcode_amd_fam15h.bin