User Tools

Site Tools


Sidebar

Translations of this page:



最近の更新



Tag Cloud

en:50_dialy:2025:01:17

2025.01.17 AMD Speculative Return Stack Overflow (SRSO)

A recent issue with CPU performance degradation on newer kernels due to AMD vulnerability mitigation patches.

Disabling the mitigation patches can roughly double CPU performance.

Information from Alibaba Cloud

Documentation from AMD

Attacks exploiting SRSO must be executed directly on the server. Therefore, servers with access restricted to administrators, such as cloud VMs, have a low risk of SRSO.

https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/white-papers/amd-epyc-9004-wp-srso.pdf

How to Check

If the following shows “Safe RET,” the mitigation is active:

 $ sudo cat /sys/devices/system/cpu/vulnerabilities/spec_rstack_overflow Vulnerable: Safe RET, no microcode 

How to Disable

Ubuntu

Add spec_rstack_overflow=off:

/etc/default/grub

 GRUB_CMDLINE_LINUX="spec_rstack_overflow=off" 
 sudo update-grub
sudo reboot 

AlmaLinux/Rocky

Add spec_rstack_overflow=off

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M net.ifnames=0"
GRUB_ENABLE_BLSCFG=true 

to 

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 no_timer_check crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M spec_rstack_overflow=off net.ifnames=0"
#GRUB_ENABLE_BLSCFG=true

About GRUB_ENABLE_BLSCFG: 2025.01.16 BLS (Boot Loader Specification)

 grub2-mkconfig -o /boot/grub2/grub.cfg
reboot 
en/50_dialy/2025/01/17.txt · Last modified: 2025/01/17 21:36 by matsui