Tested with kernel 6.8.0-60-generic and a Milan host system and EPYC- Milan-v2 instance type:
host # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Mitigation: Safe RET With qemu=1:8.2.2+ds-0ubuntu1.7: guest # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Vulnerable: Safe RET, no microcode guest # cpuid -l 0x80000021 -1 -r CPU: 0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 With 1:8.2.2+ds-0ubuntu1.8 and sbpb=on,ibpb-brtype=on: guest # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Mitigation: Safe RET guest # cpuid -l 0x80000021 -1 -r CPU: 0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 So the values are correctly synthesized. The only problem I encountered was the dependency on ceph/librbd1 from proposed (19.2.1-0ubuntu0.24.04.1). This is a bit unfortunate, because it means this SRU cannot be tested independently of the ceph upgrade. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2101944 Title: Expose bits related to SRSO vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2101944/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
