AMD Zen 4's Automatic IBRS Feature Queued Ahead Of Linux 6.3
While the AMD Ryzen 7000 series launched at the end of September, it wasn't until early November when AMD finally began posting Linux patches for enabling Automatic IBRS use. Engaging the Auto IBRS should yield better performance than the generic Retpolines used on Zen 3 and older or with Zen 4 processors on kernels without this feature being enabled. The automatic aspect of this new Zen 4 security feature is that it's hardware-managed of IBRS mitigation resources automatically across privilege level transitions -- similar in nature to Intel's Enhanced IBRS / eIBRS.
Since initially posting the Automatic IBRS Linux patches in early November, they've been reviewed and revised. Finally now for the Linux 6.3 cycle this Zen 4 feature is set to be enabled.
Barring any last minute issues, yesterday the AMD Automatic IBRS patches were queued into TIP.git's x86/cpu branch. It's there that the patches will reside until the Linux 6.3 merge window opens up in February. But the stable Linux 6.3 kernel won't be released until late April or early May, which is unfortunate given that it's taken all this time for the Automatic IBRS support to be settled with it being an AMD Zen 4 feature known at the company well in advance of the Ryzen 7000 and EPYC 9004 series processors shipping.
The set of patches enable Automatic IBRS by default in place of Retpolines for supported processors. The patches also have proper handling around KVM guests as well.
I will have up some benchmarks shortly around the Automatic IBRS performance impact compared to the existing Retpolines handling.