On 6/4/2018 3:07 PM, Eduardo Habkost wrote: > On Fri, Jun 01, 2018 at 11:38:08AM -0400, Konrad Rzeszutek Wilk wrote: >> AMD future CPUs expose _two_ ways to utilize the Intel equivalant >> of the Speculative Store Bypass Disable. The first is via >> the virtualized VIRT_SPEC CTRL MSR (0xC001_011f) and the second >> is via the SPEC_CTRL MSR (0x48). The document titled: >> 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf >> >> gives priority of SPEC CTRL MSR over the VIRT SPEC CTRL MSR. >> >> A copy of this document is available at >> https://bugzilla.kernel.org/show_bug.cgi?id=199889 >> >> Anyhow, this means that on future AMD CPUs there will be _two_ ways to >> deal with SSBD. > > Does anybody know if there are AMD CPUs where virt-ssbd won't > work and would require amd-ssbd to mitigate vulnerabilities? The idea behind virt-ssbd was to provide an architectural method for a guest to do SSBD when amd-ssbd isn't present. The amd-ssbd feature will use SPEC_CTRL which is intended to not be intercepted and will be fast. The use of virt-ssbd will always be intercepted and therefore will not be as fast. So a guest should be presented with amd-ssbd, if available, in preference to virt-ssbd. Thanks, Tom > > Also, do we have kernel arch/x86/kvm/cpuid.c patches, already? > I prefer to add new CPUID flag names only after the flag name is > already agreed upon on the kernel side. > > >> >> Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx> >> --- >> target/i386/cpu.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/target/i386/cpu.c b/target/i386/cpu.c >> index 52d334a..f91990c 100644 >> --- a/target/i386/cpu.c >> +++ b/target/i386/cpu.c >> @@ -490,7 +490,7 @@ static FeatureWordInfo feature_word_info[FEATURE_WORDS] = { >> "ibpb", NULL, NULL, NULL, >> NULL, NULL, NULL, NULL, >> NULL, NULL, NULL, NULL, >> - NULL, "virt-ssbd", NULL, NULL, >> + "amd-ssbd", "virt-ssbd", NULL, NULL, >> NULL, NULL, NULL, NULL, >> }, >> .cpuid_eax = 0x80000008, >> -- >> 1.8.3.1 >> >> >
