On Wednesday, 17 July 2019 04:21:07 BST Corbin wrote:
> On 7/14/19 8:26 AM, Mick wrote:
> > Then I came across this old message regarding Piledriver CPUs:
> > https://lists.debian.org/debian-security/2016/03/msg00084.html The
> > post refers to model 2 of cpu family 21. Not all models in the same
> > family, only model 2. So I am thinking although patch files are named
> > per CPU family, whether they are applicable and applied as an update
> > to the CPU is probably determined by the particular CPU *model*.
> > Logically, errata in previous CPU revisions may have been fixed in
> > later models of the same family and therefore such microcode updates
> > would not be needed. When offered by the OS the CPU won't select to
> > have them applied. This explains why my AMD models, which are later
> > revisions of the same 15h family do not apply any microcode updates -
> > they don't need them. Please share if you know differently and thank
> > you all for your responses.
> 
> Remember a while back when I mentioned that "lwp" had disappeared from
> my /proc/cpuinfo?
> 
> They restored "lwp" with this commit :
> > https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.gi
> > t/commit/?id=7518922bd5b98b137af7aaf3c836f5a498e91609
> So it stands to reason that the microcode only applies specific patches
> to specific problems per CPU.
> 
> Reference :
> > Darkstar ~ # cat /proc/cpuinfo
> > processor    : 0
> > vendor_id    : AuthenticAMD
> > cpu family    : 21
> > model        : 2
> > model name    : AMD FX(tm)-9590 Eight-Core Processor
> > stepping    : 0
> > microcode    : 0x6000852
> > cpu MHz        : 4685.390
> > cache size    : 2048 KB
> 
> Output of /sys/devices/system/cpu/vulnerabilities :
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/l1tf
> > Not affected
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/mds
> > Not affected
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/meltdown
> > Not affected
> > Darkstar ~ # cat
> > /sys/devices/system/cpu/vulnerabilities/spec_store_bypass
> > Mitigation: Speculative Store Bypass disabled
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
> > Mitigation: __user pointer sanitization
> > Darkstar ~ # cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
> > Mitigation: Full AMD retpoline, IBPB: always-on, STIBP: disabled, RSB
> > filling
> 
> Corbin

Hmm ... My last line looks the same like Rich's, but different to yours:

# cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full AMD retpoline, STIBP: disabled, RSB filling

I don't have IBPB mentioned in there at all.  I'm on gentoo-sources-4.19.57.  
Are you running a later kernel?

According to this article a microcode update seems to be necessary, but I'm 
not sure if this statement only applies to Intel CPUs:

https://access.redhat.com/articles/3311301#indirect-branch-prediction-barriers-ibpb-10

-- 
Regards,

Mick