I am able to reproduce this on Noble, using Testflinger machines:
- fleep: AMD EPYC 7262 8-Core Processor, Codename: AMD ROME (Zen2)
- ziptoad: AMD EPYC 7313P 16-Core Processor, Codename: AMD Milan (Zen3)

# Setup

$ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system virtinst 
bridge-utils
$ wget 
https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img
$ sudo chown libvirt-qemu:kvm noble-server-cloudimg-amd64.img
$ sudo mv noble-server-cloudimg-amd64.img ../..

$ cat > user.yaml <<EOF
#cloud-config
ssh_pwauth: true
password: test
chpasswd:
  expire: false
EOF

$ dpkg -l | grep qemu-system-x86
ii  qemu-system-x86                      1:8.2.2+ds-0ubuntu1.6
$ qemu-system-x86_64 -cpu ? | grep -E 'sbpb|ibpb-brtype'
=> Flags not available on old version


# Launch

$ sudo virt-install --connect qemu:///system --virt-type kvm   --name test-vm   
 --noautoconsole    --import    --memory 2048 --vcpus=2    --osinfo generic    
--disk bus=virtio,path=/noble-server-cloudimg-amd64.img    --network default    
--cloud-init user-data=user.yaml
$ sudo virsh console test-vm

[booting ...]

# ubuntu
# test
# sudo apt update && sudo apt install cpuid


### before (fleep/ROME)
# cpuid -l 0x80000021 -1 -r
CPU:
   0x80000021 0x00: eax=0x00000044 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
# cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: Safe RET, no microcode


### before (ziptoad/Milan)
# cpuid -l 0x80000021 -1 -r
CPU:
   0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
# cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Vulnerable: Safe RET, no microcode

<Ctrl + ]>

# Update from PPA

$ sudo virsh shutdown test-vm
$ sudo add-apt-repository ppa:slyon/lp-2101944-srso
$ sudo apt upgrade
$ dpkg -l | grep qemu-system-x86
ii  qemu-system-x86                      1:8.2.2+ds-0ubuntu1.7~ppa1
$ qemu-system-x86_64 -cpu ? | grep -E 'sbpb|ibpb-brtype'
  gfni hle ht hypervisor ia64 ibpb ibpb-brtype ibrs ibrs-all ibs intel-pt
  sbdr-ssdp-no sbpb sep serialize sgx sgx-aex-notify sgx-debug sgx-edeccssa
=> Flags available on new version

$ sudo virsh start test-vm
# ubuntu
# test

### after (fleep/ROME)
# cpuid -l 0x80000021 -1 -r
CPU:
   0x80000021 0x00: eax=0x10000044 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
# cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: SMT disabled


### after (ziptoad/Milan)
# cpuid -l 0x80000021 -1 -r
CPU:
   0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000
# cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow
Mitigation: Safe RET


=> As we can see, the most-significant bits of "eax" get set and the 
"Vulnerable" status changes to "Mitigation" ("SMT diabled" on EPYC ROME, "Safe 
RET" on EPYC Milan).

As I next step, I want to execute migration tests from non-fixed to
fixed system, using Ubuntu-Server team regression test scripts
(https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration-
test/tree/test-dev-ppa.sh).

** Changed in: qemu (Ubuntu Noble)
     Assignee: (unassigned) => Lukas Märdian (slyon)

** Changed in: qemu (Ubuntu Oracular)
     Assignee: (unassigned) => Lukas Märdian (slyon)

** Changed in: qemu (Ubuntu Noble)
       Status: Triaged => In Progress

** Changed in: qemu (Ubuntu Oracular)
       Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2101944

Title:
  Expose bits related to SRSO vulnerability

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2101944/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to