1 |
> |
2 |
> Hmm ... My last line looks the same like Rich's, but different to yours: |
3 |
> |
4 |
> # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
5 |
> Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling |
6 |
> |
7 |
> I don't have IBPB mentioned in there at all. I'm on |
8 |
> gentoo-sources-4.19.57. |
9 |
> Are you running a later kernel? |
10 |
> |
11 |
> According to this article a microcode update seems to be necessary, but |
12 |
> I'm |
13 |
> not sure if this statement only applies to Intel CPUs: |
14 |
> |
15 |
> |
16 |
> https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 |
17 |
> |
18 |
> |
19 |
My piledriver output from an old 4.19 has IBPB, so given that redhat info, |
20 |
it looks like you do have old microcode. I don't pass anything via the |
21 |
kernel command line, as I assume the defaults are good. |
22 |
|
23 |
$ cat kern-4.19.7-vuln.txt |
24 |
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected |
25 |
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected |
26 |
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: |
27 |
Speculative Store Bypass disabled via prctl and seccomp |
28 |
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user |
29 |
pointer sanitization |
30 |
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD |
31 |
retpoline, IBPB: conditional, STIBP: disabled, RSB filling |
32 |
|
33 |
FWIW |
34 |
$ md5sum /lib/firmware/amd-ucode/microcode_amd_fam15h.bin |
35 |
3bdedb4466186a79c469f62120f6d7bb |
36 |
/lib/firmware/amd-ucode/microcode_amd_fam15h.bin |