On Wed, Jan 22, 2025 at 09:16:37AM +0800, Tao Su wrote: > On Tue, Jan 21, 2025 at 09:34:58AM -0800, Pawan Gupta wrote: > > On Tue, Jan 21, 2025 at 10:06:47AM +0800, Tao Su wrote: > > > Update SierraForest CPU model to add LAM, 4 bits indicating certain bits > > > of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl, > > > bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri, > > > movdir64b) > > > > > > Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are > > > mitigated in stepping 3. > > > > Does this only apply to stepping 3? I don't think Sierra Forest was ever > > vulnerable to GDS and RFDS [1]. > > > > On the real machine, stepping 0 does not set GDS_NO and RFDS_NO, but > stepping 3 does.
Ah, I see. Thanks for clarifying. > > > There are many other vulnerabilities that Sierra Forest is not vulnerable > > to, > > is it really necessary to add the *_NO bits to CPU definitions? > > > > [1] > > https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html > > *_NO bits indicate processor is not affected by *, so adding these to the > CPU model will prevent the guest OS (using the CPU model) from trying to > use related software mitigation, which I think is reasonable. Ok, thanks. I got it mixed up with "-cpu host" option.
