[Bug 2101944] [NEW] Expose bits related to SRSO vulnerability

Markus Schade Tue, 11 Mar 2025 02:55:53 -0700

Public bug reported:

[Impact]


According to AMD's Speculative Return Stack Overflow whitepaper the
hypervisor should synthesize the value of IBPB_BRTYPE and SBPB CPUID
bits to the guest.

Support for this is already present in noble kernel with commit
e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be
("KVM: x86: Add IBPB_BRTYPE support").

Add support in QEMU to expose the bits to the guest OS.

[Test Plan]

 * First of all we'll (and have in advance) run general regression tests
 * Qemu shall show to be aware of the new flags
   #qemu-system-x86_64 -cpu ? | grep -E 'sbpb|ibpb-brtype'
     gfni hle ht hypervisor ia64 ibpb ibpb-brtype ibrs ibrs-all ibs intel-pt
     sbdr-ssdp-no sbpb sep serialize sgx sgx-aex-notify sgx-debug sgx-edeccssa
 * host:
  # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
  Mitigation: Safe RET

 * before (guest):
   $ cpuid -l 0x80000021 -1 -r
   0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
                            ^
   $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
   Vulnerable: Safe RET, no microcode

 * after (guest) with CPU flags added:
   $ cpuid -l 0x80000021 -1 -r
   0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
                            ^
   $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
   Mitigation: Safe RET

[Where problems could occur]

  * None to be expected as these flags are not (yet) included in any
predefined CPU model

---

Relevant patches needed for qemu 8.2 in noble:

target/i386: Expose IBPB-BRTYPE and SBPB CPUID bits to the guest:
* 
https://gitlab.com/qemu-project/qemu/-/commit/0701abbf9880b5ab1cf44e0caa6ad173aec840e7.patch

target/i386: Fix minor typo in NO_NESTED_DATA_BP feature bit:
* 
https://gitlab.com/qemu-project/qemu/-/commit/9c882ad4dc96f658ff9f92b88b3749d0398e6fa2.patch

target/i386: Expose bits related to SRSO vulnerability
* 
https://gitlab.com/qemu-project/qemu/-/commit/2ec282b8eaaddf5c136f7566b5f61d80288a2065.patch

** Affects: qemu (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2101944

Title:
  Expose bits related to SRSO vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2101944/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2101944] [NEW] Expose bits related to SRSO vulnerability

Reply via email to