2025.01.17 AMD Speculative Return Stack Overflow (SRSO)

A recent issue with CPU performance degradation on newer kernels due to AMD vulnerability mitigation patches.
Target vulnerabilities: CVE-2023-20569

Disabling the mitigation patches can roughly double CPU performance.

Information from Alibaba Cloud

https://www.alibabacloud.com/help/ja/ecs/user-guide/performance-may-degrade-after-the-guest-operating-system-kernel-of-an-amd-instance-is-updated

Documentation from AMD

Attacks exploiting SRSO must be executed directly on the server. Therefore, servers with access restricted to administrators, such as cloud VMs, have a low risk of SRSO.

https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/white-papers/amd-epyc-9004-wp-srso.pdf

How to Check

If the following shows “Safe RET,” the mitigation is active:

 $ sudo cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Vulnerable: Safe RET, no microcode

How to Disable

Ubuntu

Add spec_rstack_overflow=off:

/etc/default/grub

 GRUB_CMDLINE_LINUX="spec_rstack_overflow=off"

 sudo update-grub
sudo reboot

AlmaLinux/Rocky

Add spec_rstack_overflow=off

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M net.ifnames=0"
GRUB_ENABLE_BLSCFG=true 

to 

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M spec_rstack_overflow=off net.ifnames=0"
#GRUB_ENABLE_BLSCFG=true

About GRUB_ENABLE_BLSCFG: 2025.01.16 BLS (Boot Loader Specification)

 grub2-mkconfig -o /boot/grub2/grub.cfg
reboot

Diary, AMD