On 6/6/2018 9:20 AM, Daniel P. Berrangé wrote: > On Tue, Jun 05, 2018 at 08:31:41AM -0500, Tom Lendacky wrote: >> On 6/4/2018 3:07 PM, Eduardo Habkost wrote: >>> On Fri, Jun 01, 2018 at 11:38:08AM -0400, Konrad Rzeszutek Wilk wrote: >>>> AMD future CPUs expose _two_ ways to utilize the Intel equivalant >>>> of the Speculative Store Bypass Disable. The first is via >>>> the virtualized VIRT_SPEC CTRL MSR (0xC001_011f) and the second >>>> is via the SPEC_CTRL MSR (0x48). The document titled: >>>> 124441_AMD64_SpeculativeStoreBypassDisable_Whitepaper_final.pdf >>>> >>>> gives priority of SPEC CTRL MSR over the VIRT SPEC CTRL MSR. >>>> >>>> A copy of this document is available at >>>> https://bugzilla.kernel.org/show_bug.cgi?id=199889 >>>> >>>> Anyhow, this means that on future AMD CPUs there will be _two_ ways to >>>> deal with SSBD. >>> >>> Does anybody know if there are AMD CPUs where virt-ssbd won't >>> work and would require amd-ssbd to mitigate vulnerabilities? >> >> The idea behind virt-ssbd was to provide an architectural method for >> a guest to do SSBD when amd-ssbd isn't present. The amd-ssbd feature >> will use SPEC_CTRL which is intended to not be intercepted and >> will be fast. The use of virt-ssbd will always be intercepted and >> therefore will not be as fast. So a guest should be presented with >> amd-ssbd, if available, in preference to virt-ssbd. > > Can you clarify whether 'amd-ssbd' is also an architectural method
Yes, amd-ssbd is architectural - it is a defined CPUID bit. Thanks, Tom > or not ? ie is it safe to use 'amd-ssbd' in a guest which can be > live migrated between different generations/families of AMD CPU, > or must be use virt-ssbd in that case ? > > > Regards, > Daniel >
