Hello, while playing with an AMD Epyc System and Qemu 3.1.1.1 i was wondering about the CPU Flags needed for full meltdown / spectre mitigation.
First i added the following patch to Qemu to add STIBP support: >From 60345b5c0819975b6b4e3a531281aaad724dbcf0 Mon Sep 17 00:00:00 2001 From: Eduardo Habkost <ehabk...@redhat.com> Date: Mon, 10 Dec 2018 16:02:50 -0200 Subject: [PATCH] i386: Add "stibp" flag name i'm now starting the VM with: -cpu EPYC,+pdpe1gb,+ibpb,+virt-ssbd,+amd-ssbd,+stibp,+kvm_pv_unhalt,+kvm_pv_eoi,enforce,vendor=AuthenticAMD While inside the VM i correctly see the the stibp flag in /proc/cpuinfo # grep -H '' /sys/devices/system/cpu/vulnerabilities/* /sys/devices/system/cpu/vulnerabilities/itlb_multihit:Not affected /sys/devices/system/cpu/vulnerabilities/l1tf:Not affected /sys/devices/system/cpu/vulnerabilities/mds:Not affected /sys/devices/system/cpu/vulnerabilities/meltdown:Not affected /sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: Speculative Store Bypass disabled via prctl and seccomp /sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: usercopy/swapgs barriers and __user pointer sanitization /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling /sys/devices/system/cpu/vulnerabilities/tsx_async_abort:Not affected does show STIBP: disabled. Is this expected? Is there any hint on how vulnerabilities should look like for optimal performance. Greets, Stefan
