Comment 0 for bug 1840745

Newer AMD FW/Chips can provide better ssbd mitigations than the initial virt-ssbd which was already backports as part of the security CVEs back when spectre appeared.

The faster mode is described in a document attached to:
  https://bugzilla.kernel.org/show_bug.cgi?id=199889

In addition via the amd-no-ssb flag chips can declare that they are unaffected and no mitigationas are needed.

libvirt
commit ver subject
2625722c 4.6 cpu: add 'amd-ssbd' and 'amd-no-ssb' CPU features (CVE-2018-3639)

Qemu:
a764f3f7 3.0 i386: define the AMD 'amd-ssbd' CPUID feature bit
254790a9 3.0 i386: Define AMD's no SSB mitigation needed.

Given that I'd expect Rome chips usage to rise and those have some of them set it makes sense to backport that to the latest LTS at least. Users are already "secure" without that but it will help to get less of a performance hit due to better (or not needed) mitigations.

Since the code already is in libvirt 4.6 and qemu 3.0 this is already in recent Ubuntu releases (>=Disco) and only about the SRU.

To be combined with the libvirt backports for the intel counterpart in bug 1828495 which needs some pre-work in Eoan at first.