On Tue, Jan 21, 2025 at 09:34:58AM -0800, Pawan Gupta wrote: > On Tue, Jan 21, 2025 at 10:06:47AM +0800, Tao Su wrote: > > Update SierraForest CPU model to add LAM, 4 bits indicating certain bits > > of IA32_SPEC_CTR are supported(intel-psfd, ipred-ctrl, rrsba-ctrl, > > bhi-ctrl) and the missing features(ss, tsc-adjust, cldemote, movdiri, > > movdir64b) > > > > Also add GDS-NO and RFDS-NO to indicate the related vulnerabilities are > > mitigated in stepping 3. > > Does this only apply to stepping 3? I don't think Sierra Forest was ever > vulnerable to GDS and RFDS [1]. >
On the real machine, stepping 0 does not set GDS_NO and RFDS_NO, but stepping 3 does. > There are many other vulnerabilities that Sierra Forest is not vulnerable to, > is it really necessary to add the *_NO bits to CPU definitions? > > [1] > https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html *_NO bits indicate processor is not affected by *, so adding these to the CPU model will prevent the guest OS (using the CPU model) from trying to use related software mitigation, which I think is reasonable.
