AMD Inception / Speculative Return Stack Overflow Linux Mitigation Code Being Cleaned Up
As soon as the AMD Inception CPU vulnerability was made public yesterday, the Linux kernel mitigation patches were merged and within hours appeared in six new stable point releases for the kernel along with the Intel Downfall mitigation patches. Today though these patches are seeing a rework to clean-up this mitigation.
A new set of patches were published today to overhaul this AMD Speculative Return Stack Overflow (SRSO) code for Inception. The clean-up to some surprise is being handled by longtime Linux kernel developer Peter Zijlstra of Intel. Yes, a bit ironic to see an Intel engineer cleaning up AMD mitigation code in the kernel, but it's the open-source community after all.
Peter Zijlstra wrote as the cover letter for today's new kernel patches:
So if this all pans out, the improved Speculative Return Stack Overflow (SRSO) code could be coming to the kernel in a few days to iterate on the AMD Inception mitigation handling.
I'm continuing to run benchmarks on the latest AMD CPU microcode for Zen 3 and Zen 4 around Inception while AMD has indicated any performance cost to this mitigation should be minimal.
A new set of patches were published today to overhaul this AMD Speculative Return Stack Overflow (SRSO) code for Inception. The clean-up to some surprise is being handled by longtime Linux kernel developer Peter Zijlstra of Intel. Yes, a bit ironic to see an Intel engineer cleaning up AMD mitigation code in the kernel, but it's the open-source community after all.
Peter Zijlstra wrote as the cover letter for today's new kernel patches:
"Since I wasn't invited to the party (even though I did retbleed), I get to clean things up afterwards :/
Anyway, this here overhauls the SRSO patches in a big way.
I claim that AMD retbleed (also called Speculative-Type-Confusion -- not to be confused with Intel retbleed, which is an entirely different bug) is fundamentally the same as this SRSO -- which is also caused by STC. And the mitigations are so similar they should all be controlled from a single spot and not conflated like they are now.
As such, at the end of the ride the new kernel command line and srso sysfs files are no more and all we're left with is a few extra retbleed options.
Aside of that; this deals with a few implementation issues -- but not all known issues. Josh and Andrew are telling me there's a problem when running inside virt due to how this checks the microcode. I'm hoping either of those two gents will add a patch to address this."
So if this all pans out, the improved Speculative Return Stack Overflow (SRSO) code could be coming to the kernel in a few days to iterate on the AMD Inception mitigation handling.
I'm continuing to run benchmarks on the latest AMD CPU microcode for Zen 3 and Zen 4 around Inception while AMD has indicated any performance cost to this mitigation should be minimal.
4 Comments