Linux Gets New Patch To Fix AMD Retbleed Mitigation - STIBP Needed With IBPB

Written by Michael Larabel in AMD on 13 August 2022 at 07:05 AM EDT. 19 Comments
AMD --
Sent out this morning is a Linux kernel "fix" that now enabled STIBP when using the IBPB mode for Retbleed mitigations on AMD processors. In other words, more protections needed for this enhanced mode of Retbleed mitigation.

Last month Retbleed was made public as a new speculative execution attack exploiting return instructions. Retbleed affects Intel CPUs from Core 8th Gen and older as well as AMD Zen 1, Zen 1+, and Zen 2 processors. The Retbleed Linux kernel mitigations added last month induce performance hits for Intel and it's painful for AMD too, especially on the older Zen 1 CPUs.

If opting for the more secure Indirect Branch Prediction Barrier "IBPB" mitigation that can mitigate short speculation windows on basic block boundaries too, rather than just the "unret" default, it now turns out a month later Single Thread Indirect Branch Predictors "STIBP" must also be enabled.


The IBPB-based protection for Retbleed is deemed the most secure but also the highest performance impact and thus isn't the default behavior. With today's new Linux kernel "fix", if going for the IBPB-based protection there is now a "ibpb,nosmt" mode where Simultaneous Multi-Threading (SMT) will be disabled if STIBP support isn't available on the given system.

This flipping of STIBP on in the IBPB Retbleed mitigation mode is just for AMD processors with it apparently now being determined IBPB alone isn't enough for protecting against Retbleed on AMD Zen 1 / 1+ / 2 processors. The "x86 fix" message on the mailing list this Saturday morning by Ingo Molnar simply summed it up as:
Fix the "IBPB mitigated RETBleed" mode of operation on AMD CPUs (not turned on by default), which also need STIBP enabled (if available) to be '100% safe' on even the shortest speculation windows.

The code patch also adds to the documentation:
AMD-based UNRET and IBPB mitigations alone do not stop sibling threads from influencing the predictions of other sibling threads. For that reason, STIBP is used on processors that support it, and mitigate SMT on processors that don't.

Again this retbleed=ibpb mode isn't the default currently on Linux for older AMD Zen CPUs but is the most secure and heavy hitting for performance, now even more heavy with STIBP also being forced for capable CPUs. Looks like I'll be running some fresh Retbleed AMD Linux mitigation benchmarks shortly looking at the performance impact on different mitigation paths.

This security fix should be picked up by mainline this weekend for Linux 6.0-rc1 and then likely begin appearing in the back-ported stable kernel releases over the next week.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week