Linux 5.19-rc8 Still Getting Bandaged From Retbleed Mitigation Fallout

Written by Michael Larabel in Linux Kernel on 24 July 2022 at 06:43 AM EDT. 15 Comments
LINUX KERNEL
While normally big CPU security mitigation work done behind closed-doors is in good shape for the vulnerability embargo date, Retbleed has been an exception. Nearly two weeks since Retbleed was made public, the Linux kernel patches around it continue with more now sent in today ahead of Linux 5.19-rc8 to address fallout from the mitigation handling.

The Retbleed patches this time around were a bit rough with a number of issues not coming to light until after this speculative execution attack was made public and the patches merged to the Linux kernel. After the Retbleed patches landed in the Linux kernel on Patch Tuesday, the Linux kernel continuous integration (CI) and build farms at various organizations began spotting corner cases and different build/run-time issues from the mitigated code. These issues came up thanks to the build farms and more developers becoming aware and being able to look at these kernel patches.

There were follow-up fixes that came to address various issues with the Retbleed code and now today another round of Retbleed fallout is being bandaged for Linux 5.19-rc8. Nearly two weeks later, the Retbleed mitigations still haven't appeared in the Linux stable series as back-ports due to various issues coming up. But with the Retbleed fixes slowing down, it looks like the mitigation and all the fixes will premiere soon in the currently supported stable/LTS series.

This morning with the x86/urgent for v5.19-rc8, Borislav Petkov messaged Linus Torvalds with:
Please pull a couple more retbleed fallout fixes.

It looks like their urgency is decreasing so it seems like we've managed to catch whatever snafus the limited -rc testing has exposed. Maybe we're getting ready... :)

There are fixes to prevent return thunks patching of LKDTM modules that are not needed there, avoiding the writing of the SPEC_CTRL MSR on every kernel entry on eIBRS parts, enhanced error output, protecting EFI firmware calls by issuing an IBPB on AMD CPUs, and limiting the Retbleed mitigation explicitly to x86_64 kernels. As noted yesterday, the Retbleed mitigation doesn't work on x86 32-bit kernels and there is no interest from the key upstream developers to work on that support. These are just functionality fixes and still there is sizable impact from Retbleed on affected CPU models.


These Retbleed fixes and various other fixes will be part of the Linux 5.19-rc8 kernel coming out later today. Linux 5.19 stable is expected next weekend.
15 Comments
Related News
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.9-rc4 Brings More Bcachefs Fixes, Native BHI Mitigation
Linux 6.10 To Account For NUMA Node When Allocating Per-CPU Cpumasks
Linux 6.10 SLUB Optimization To Reduce Memory Consumption In Extreme Scenarios
Linux 6.8.5 & Other Stable Kernel Updates Due To Native BHI Vulnerability
Linux 6.10 AES-XTS For Disk/File Encryption As Much As ~155% Faster For AMD Zen 4 CPUs
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Ubuntu Maker Canonical Announces New Collaboration With Qualcomm
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
KDE's KWin Merges Wayland Explicit Sync Support
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Gentoo Linux Now An SPI Project