| 1 |
> |
| 2 |
> Hmm ... My last line looks the same like Rich's, but different to yours: |
| 3 |
> |
| 4 |
> # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2 |
| 5 |
> Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling |
| 6 |
> |
| 7 |
> I don't have IBPB mentioned in there at all. I'm on |
| 8 |
> gentoo-sources-4.19.57. |
| 9 |
> Are you running a later kernel? |
| 10 |
> |
| 11 |
> According to this article a microcode update seems to be necessary, but |
| 12 |
> I'm |
| 13 |
> not sure if this statement only applies to Intel CPUs: |
| 14 |
> |
| 15 |
> |
| 16 |
> https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10 |
| 17 |
> |
| 18 |
> |
| 19 |
My piledriver output from an old 4.19 has IBPB, so given that redhat info, |
| 20 |
it looks like you do have old microcode. I don't pass anything via the |
| 21 |
kernel command line, as I assume the defaults are good. |
| 22 |
|
| 23 |
$ cat kern-4.19.7-vuln.txt |
| 24 |
/sys/devices/system/cpu/vulnerabilities/l1tf:Not affected |
| 25 |
/sys/devices/system/cpu/vulnerabilities/meltdown:Not affected |
| 26 |
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass:Mitigation: |
| 27 |
Speculative Store Bypass disabled via prctl and seccomp |
| 28 |
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user |
| 29 |
pointer sanitization |
| 30 |
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full AMD |
| 31 |
retpoline, IBPB: conditional, STIBP: disabled, RSB filling |
| 32 |
|
| 33 |
FWIW |
| 34 |
$ md5sum /lib/firmware/amd-ucode/microcode_amd_fam15h.bin |
| 35 |
3bdedb4466186a79c469f62120f6d7bb |
| 36 |
/lib/firmware/amd-ucode/microcode_amd_fam15h.bin |
Archives