====== 2025.01.17 AMD Speculative Return Stack Overflow (SRSO) ======

A recent issue with CPU performance degradation on newer kernels due to AMD vulnerability mitigation patches.
Target vulnerabilities: CVE-2023-20569

Disabling the mitigation patches can roughly double CPU performance.

===== Information from Alibaba Cloud =====

https://www.alibabacloud.com/help/ja/ecs/user-guide/performance-may-degrade-after-the-guest-operating-system-kernel-of-an-amd-instance-is-updated

===== Documentation from AMD =====

<color #ed1c24>Attacks exploiting SRSO must be executed directly on the server.</color> Therefore, servers with access restricted to administrators, such as cloud VMs, have a low risk of SRSO.

https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/white-papers/amd-epyc-9004-wp-srso.pdf

===== How to Check =====

If the following shows "Safe RET," the mitigation is active: <code> $ sudo cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Vulnerable: Safe RET, no microcode </code>

===== How to Disable =====

==== Ubuntu ====

Add spec_rstack_overflow=off: <code|/etc/default/grub> GRUB_CMDLINE_LINUX="spec_rstack_overflow=off" </code>

<code> sudo update-grub
sudo reboot </code>

==== AlmaLinux/Rocky ====

Add spec_rstack_overflow=off
<code|/etc/default/grub>
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M net.ifnames=0"
GRUB_ENABLE_BLSCFG=true 

to 

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M spec_rstack_overflow=off net.ifnames=0"
#GRUB_ENABLE_BLSCFG=true
</code>

About GRUB_ENABLE_BLSCFG: [[en:50_dialy:2025:01:16]]

<code> grub2-mkconfig -o /boot/grub2/grub.cfg
reboot </code>

{{tag>Diary AMD}}