Linux Fixes Botched SRSO Mitigation For AMD Zen 3 / Zen 4

Disclosed last August was the AMD Inception vulnerability also known as SRSO for the Speculative Return Stack Overflow. The kernel-side patches for the AMD SRSO mitigation were quickly merged. Following that were more clean-ups and fixes to the SRSO mitigation code. It's been a quiet few months since while merged on Friday was fixing some of the mitigation code due to being ineffective.

Since November was the last time seeing AMD SRSO / Inception clean-ups while coming as a surprise on Friday was new code from AMD to fix the SRSO mitigation for Zen 3 and Zen 4 processors. AMD Linux engineer Borislav Petkov explained in the commit:

x86/bugs: Fix the SRSO mitigation on Zen3/4

The original version of the mitigation would patch in the calls to the untraining routines directly. That is, the alternative() in UNTRAIN_RET will patch in the CALL to srso_alias_untrain_ret() directly.

However, even if commit e7c25c441e9e ("x86/cpu: Cleanup the untrain mess") meant well in trying to clean up the situation, due to micro-architectural reasons, the untraining routine srso_alias_untrain_ret() must be the target of a CALL instruction and not of a JMP instruction as it is done now.

Reshuffle the alternative macros to accomplish that.

This fixes the SRSO mitigation code that's been mainline since mid-August.

The patch fixing up the mitigation was merged on Friday ahead of the Linux 6.9-rc2 release on Sunday. The patch is also marked for back-porting to the existing Linux kernel stable series and thus should work its way out to new stable point releases in the days ahead.