On Tue, Jun 05, 2018 at 08:31:41AM -0500, Tom Lendacky wrote: > On 6/4/2018 3:07 PM, Eduardo Habkost wrote: > > On Fri, Jun 01, 2018 at 11:38:08AM -0400, Konrad Rzeszutek Wilk wrote: > >> AMD future CPUs expose _two_ ways to utilize the Intel equivalant > >> of the Speculative Store Bypass Disable. The first is via > >> the virtualized VIRT_SPEC CTRL MSR (0xC001_011f) and the second > >> is via the SPEC_CTRL MSR (0x48). The document titled: > >> 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf > >> > >> gives priority of SPEC CTRL MSR over the VIRT SPEC CTRL MSR. > >> > >> A copy of this document is available at > >> https://bugzilla.kernel.org/show_bug.cgi?id=199889 > >> > >> Anyhow, this means that on future AMD CPUs there will be _two_ ways to > >> deal with SSBD. > > > > Does anybody know if there are AMD CPUs where virt-ssbd won't > > work and would require amd-ssbd to mitigate vulnerabilities? > > The idea behind virt-ssbd was to provide an architectural method for > a guest to do SSBD when amd-ssbd isn't present. The amd-ssbd feature > will use SPEC_CTRL which is intended to not be intercepted and > will be fast. The use of virt-ssbd will always be intercepted and > therefore will not be as fast. So a guest should be presented with > amd-ssbd, if available, in preference to virt-ssbd. Can you clarify whether 'amd-ssbd' is also an architectural method or not ? ie is it safe to use 'amd-ssbd' in a guest which can be live migrated between different generations/families of AMD CPU, or must be use virt-ssbd in that case ? Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
