[Bug 1227900] Speculative Store Bypass disabled via prctl
https://bugzilla.suse.com/show_bug.cgi?id=1227900 https://bugzilla.suse.com/show_bug.cgi?id=1227900#c4 --- Comment #4 from Nikolay Borisov <nik.borisov@suse.com> --- (In reply to Fabian Vogt from comment #3)
(In reply to Nikolay Borisov from comment #2)
The timing of those printk's can't be trusted. The early microcode patcher is being run right after the kernel has been loaded from
x86_64_start_kernel -> load_ucode_bsp
While the mitigation related code gets executed from :
arch_cpu_finalize_init -> cpu_select_mitigations -> ssb_select_mitigation
And the default (if seccomp is not compiled) is to use the prctl bypass. So the only worrying thing here would be the ibpb-related warn about using microcode that fixes the rstack vulnerability.
According to the AMD security bulletin https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7005.html
the require microcode for AMD MILAN (which this Epyc seems to be is):
Milan B0 – 0x0A001079 Milan B1 – 0x0A0011CF or 0x0A0011D1
Which is installed:
CPU0: patch_level=0x0a0011d1
Indeed, I guess it's possible that the document is wrong, is there a newer firmware that could be installed? -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com