*** This bug is a security vulnerability *** Public security bug reported:
Newer AMD FW/Chips can provide better ssbd mitigations than the initial virt-ssbd which was already backports as part of the security CVEs back when spectre appeared. The faster mode is described in a document attached to: https://bugzilla.kernel.org/show_bug.cgi?id=199889 In addition via the amd-no-ssb flag chips can declare that they are unaffected and no mitigationas are needed. libvirt commit ver subject 2625722c 4.6 cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639) Qemu: a764f3f7 3.0 i386: define the AMD 'amd-ssbd' CPUID feature bit 254790a9 3.0 i386: Define AMD's no SSB mitigation needed. Given that I'd expect Rome chips usage to rise and those have some of them set it makes sense to backport that to the latest LTS at least. Users are already "secure" without that but it will help to get less of a performance hit due to better (or not needed) mitigations. Since the code already is in libvirt 4.6 and qemu 3.0 this is already in recent Ubuntu releases (>=Disco) and only about the SRU. To be combined with the libvirt backports for the intel counterpart in bug 1828495 which needs some pre-work in Eoan at first. ** Affects: libvirt (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: qemu (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: libvirt (Ubuntu Bionic) Importance: Medium Assignee: Christian Ehrhardt (paelzer) Status: Triaged ** Affects: qemu (Ubuntu Bionic) Importance: Medium Assignee: Christian Ehrhardt (paelzer) Status: Triaged ** Also affects: qemu (Ubuntu) Importance: Undecided Status: New ** Also affects: qemu (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: libvirt (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: libvirt (Ubuntu) Status: New => Fix Released ** Changed in: qemu (Ubuntu) Status: New => Fix Released ** Changed in: libvirt (Ubuntu Bionic) Status: New => Triaged ** Changed in: libvirt (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: qemu (Ubuntu Bionic) Importance: Undecided => Medium ** Changed in: qemu (Ubuntu Bionic) Status: New => Triaged ** Changed in: qemu (Ubuntu Bionic) Assignee: (unassigned) => Christian Ehrhardt (paelzer) ** Changed in: libvirt (Ubuntu Bionic) Assignee: (unassigned) => Christian Ehrhardt (paelzer) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840745 Title: backport extended amd spectre mitigations To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1840745/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
