I am able to reproduce this on Noble, using Testflinger machines: - fleep: AMD EPYC 7262 8-Core Processor, Codename: AMD ROME (Zen2) - ziptoad: AMD EPYC 7313P 16-Core Processor, Codename: AMD Milan (Zen3)
# Setup $ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system virtinst bridge-utils $ wget https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img $ sudo chown libvirt-qemu:kvm noble-server-cloudimg-amd64.img $ sudo mv noble-server-cloudimg-amd64.img ../.. $ cat > user.yaml <<EOF #cloud-config ssh_pwauth: true password: test chpasswd: expire: false EOF $ dpkg -l | grep qemu-system-x86 ii qemu-system-x86 1:8.2.2+ds-0ubuntu1.6 $ qemu-system-x86_64 -cpu ? | grep -E 'sbpb|ibpb-brtype' => Flags not available on old version # Launch $ sudo virt-install --connect qemu:///system --virt-type kvm --name test-vm --noautoconsole --import --memory 2048 --vcpus=2 --osinfo generic --disk bus=virtio,path=/noble-server-cloudimg-amd64.img --network default --cloud-init user-data=user.yaml $ sudo virsh console test-vm [booting ...] # ubuntu # test # sudo apt update && sudo apt install cpuid ### before (fleep/ROME) # cpuid -l 0x80000021 -1 -r CPU: 0x80000021 0x00: eax=0x00000044 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Vulnerable: Safe RET, no microcode ### before (ziptoad/Milan) # cpuid -l 0x80000021 -1 -r CPU: 0x80000021 0x00: eax=0x00000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Vulnerable: Safe RET, no microcode <Ctrl + ]> # Update from PPA $ sudo virsh shutdown test-vm $ sudo add-apt-repository ppa:slyon/lp-2101944-srso $ sudo apt upgrade $ dpkg -l | grep qemu-system-x86 ii qemu-system-x86 1:8.2.2+ds-0ubuntu1.7~ppa1 $ qemu-system-x86_64 -cpu ? | grep -E 'sbpb|ibpb-brtype' gfni hle ht hypervisor ia64 ibpb ibpb-brtype ibrs ibrs-all ibs intel-pt sbdr-ssdp-no sbpb sep serialize sgx sgx-aex-notify sgx-debug sgx-edeccssa => Flags available on new version $ sudo virsh start test-vm # ubuntu # test ### after (fleep/ROME) # cpuid -l 0x80000021 -1 -r CPU: 0x80000021 0x00: eax=0x10000044 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Mitigation: SMT disabled ### after (ziptoad/Milan) # cpuid -l 0x80000021 -1 -r CPU: 0x80000021 0x00: eax=0x18000045 ebx=0x00000000 ecx=0x00000000 edx=0x00000000 # cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Mitigation: Safe RET => As we can see, the most-significant bits of "eax" get set and the "Vulnerable" status changes to "Mitigation" ("SMT diabled" on EPYC ROME, "Safe RET" on EPYC Milan). As I next step, I want to execute migration tests from non-fixed to fixed system, using Ubuntu-Server team regression test scripts (https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration- test/tree/test-dev-ppa.sh). ** Changed in: qemu (Ubuntu Noble) Assignee: (unassigned) => Lukas Märdian (slyon) ** Changed in: qemu (Ubuntu Oracular) Assignee: (unassigned) => Lukas Märdian (slyon) ** Changed in: qemu (Ubuntu Noble) Status: Triaged => In Progress ** Changed in: qemu (Ubuntu Oracular) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2101944 Title: Expose bits related to SRSO vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/2101944/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
