spectre-meltdown-checker icon indicating copy to clipboard operation
spectre-meltdown-checker copied to clipboard

Published 20 hours ago verified publisher icon speed47

AMD - speculative control indicator

Open msmeissn opened this issue 6 years ago • 7 comments

Hi,

On AMD processor the processor flag is "ibpb" instead of "spec_ctrl".

  •                           if grep ^flags /proc/cpuinfo | grep -qw spec_ctrl; then

  •                           if grep ^flags /proc/cpuinfo | grep -qw -E "(spec_ctrl|ibpb)"; then

msmeissn avatar Jan 17 '18 12:01 msmeissn

I know AMD finally announced that they would release microcode updates too for variant 2, but I didn't know those were already available ! I'm making the assumption that the output you're showing is from a microcode-updated AMD system, correct?

speed47 avatar Jan 17 '18 13:01 speed47

SUSE has released Ryzen firmware updates we got from AMD and also patches integrated that show this flag. We are not sure (and I do not seem to find them) if they are available publicallly already.

msmeissn avatar Jan 17 '18 13:01 msmeissn

Got it. Is the source of the kernel you're using (I suppose it's an OpenSUSE one) that shows the ibpb flag with updated AMDs available somewhere? I'm trying to document changes as much as I can!

speed47 avatar Jan 18 '18 21:01 speed47

https://github.com/openSUSE/kernel-source/blob/SLE12-SP3/patches.suse/22-x86-cpu-amd-add-speculative-control-support-for-amd.patch is the patch adding the flag

msmeissn avatar Jan 19 '18 10:01 msmeissn

I think I shouldn't just add the ibpb flag as a synonym to the spec_ctrl flag, because per the patch you linked, these seem slightly different. For Intel, the spec_ctrl flag implies support for both IBRS & IBPB, on AMD there can be support for either both, or IBPB only, or none of the two. And I think the ibpb flag implies only IBPB and not IBRS. I have an AMD at hand to test, but don't have the microcode. If you do have an AMD system with an updated microcode, I think I'll have a branch for you to test soon then ;)

speed47 avatar Jan 19 '18 16:01 speed47

Could you try the ibpb branch on an updated AMD system? You'll see that the output of the script will be different than before, now I also check for IBPB in addition to IBRS, for AMD as well as Intel. The results I expect:

  • cpu indicates ibrs capability = no
  • cpu indicates ibpb capability = yes (ibpb_support bit) <== only if AMD ucode is updated, that's the part I can't test
  • ibrs enabled for kernel or user space = no
  • ibpb enabled = yes

Thanks!

speed47 avatar Jan 21 '18 12:01 speed47

I couldn't find any updated AMD microcode yet, even under OpenSUSE Tumbleweed as of kernel-default-4.14.14-1.7. I guess we'll have to wait a bit to be able to test, but this is already implemented in v0.33 from the documentation (and LKML emails) I could find.

speed47 avatar Jan 26 '18 13:01 speed47