Re: [PATCH] x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available
From: Dimitri John Ledkov
Date: Thu Jul 28 2022 - 10:35:31 EST
On Thu, 28 Jul 2022 at 13:35, Borislav Petkov <bp@xxxxxxxxx> wrote:
>
> drop stable@
>
> On Thu, Jul 28, 2022 at 09:26:02AM -0300, Thadeu Lima de Souza Cascardo wrote:
> > Some cloud hypervisors do not provide IBPB on very recent CPU processors,
> > including AMD processors affected by Retbleed.
>
> Which hypervisors are those? How relevant is that use case?
>
> How do I reproduce it here?
Azure public cloud (so it is Azure custom hyper-v hypervisor) these
instance types https://docs.microsoft.com/en-us/azure/virtual-machines/dav4-dasv4-series
booted as gen2 (UEFI boot, so Dasv4-series instance types). A
particular one is chosen in our automated testing, and always fails. I
believe more than one instance type from that series of instance types
is affected.
I haven't tested but
https://docs.microsoft.com/en-us/azure/virtual-machines/dasv5-dadsv5-series
are probably affected too.
It's a class of popular-ish instance types, meaning that it could
potentially take out a class of users who due to availability,
performance, and/or pricing choose to run their workloads on those
instance types. Potentially causing them a major outage of being
unable to boot and/or reboot.
--
okurrr,
Dimitri