Fabiano Rosas <faro...@suse.de> writes: > According to AMD's Speculative Return Stack Overflow whitepaper (link > below), the hypervisor should synthesize the value of IBPB_BRTYPE and > SBPB CPUID bits to the guest. > > Support for this is already present in the kernel with commit > e47d86083c66 ("KVM: x86: Add SBPB support") and commit 6f0f23ef76be > ("KVM: x86: Add IBPB_BRTYPE support"). > > Add support in QEMU to expose the bits to the guest OS. > > host: > # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow > Mitigation: Safe RET > > before (guest): > $ cpuid -l 0x80000021 -1 -r > 0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 > ^ > $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow > Vulnerable: Safe RET, no microcode > > after (guest): > $ cpuid -l 0x80000021 -1 -r > 0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 > ^ > $ cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow > Mitigation: Safe RET > > Reported-by: Fabian Vogt <fv...@suse.de> > Link: > https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf > Signed-off-by: Fabiano Rosas <faro...@suse.de> > --- > More info on this thread: > https://lore.kernel.org/r/68f8b8b1ca1bf58b059f52afbd1c9c51108a074a.ca...@suse.com > --- > target/i386/cpu.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/target/i386/cpu.c b/target/i386/cpu.c > index 85ef7452c0..d33401c922 100644 > --- a/target/i386/cpu.c > +++ b/target/i386/cpu.c > @@ -1221,8 +1221,8 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { > NULL, NULL, NULL, NULL, > NULL, NULL, NULL, NULL, > NULL, NULL, NULL, NULL, > - NULL, NULL, NULL, NULL, > - NULL, NULL, NULL, NULL, > + NULL, NULL, NULL, "sbpb", > + "ibpb-brtype", NULL, NULL, NULL, > }, > .cpuid = { .eax = 0x80000021, .reg = R_EAX, }, > .tcg_features = 0,
Ping, any thoughts on this one?