Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp3475951imw; Mon, 18 Jul 2022 08:45:02 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tm588jbL9HXu6B/S+UaNZT0fiaUMZ4T8Rbx8npTQySwWwDHeBg47VALNibcG+hDEPYlS1W X-Received: by 2002:a05:6402:42c3:b0:43a:46f6:ebd2 with SMTP id i3-20020a05640242c300b0043a46f6ebd2mr38444785edc.213.1658159102466; Mon, 18 Jul 2022 08:45:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658159102; cv=none; d=google.com; s=arc-20160816; b=wEVVvRSUqQl/Vg5O2rpy7xU00pm5OMeGAnCEnaCGOVyd+d09ebdvUHAkhWAYR5JoPl ixY1VrTtWqe6c/547f+E42Q9HKXdWlBhwMuy2x8ZGVyH0F2RAFf7/tz5Io1gyIbm0EqH HeMCya9vEqCJndSlAgWRtMEm/Uivy4XSAiPj4hP8mavr+NfL5WvoviIrDWzxKbwj3IJl zb/gu76Iq2Wx0tiiLa1wft9DXlq/cH3Hb+ms3OvguR0G/XV+XNFnYSG8WWd58IfJxnyT L6XdCXUCB4FPahFHjbcxtwUmtuebZfUu4Z0HyOSXX+oX907l8JP1YqBQpkAChdwn4u9P RXPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Re0gKM4VfIQOJwjWn6tHsiDwKiJQYs0aWH6W1FD15PY=; b=Mv0AinrZVPSUpprAqu+0oRu+xjvboeulfa3ozP/PoyrQGsu+rU6mgxHx8bguWySlRU kvcek+FdRhQmQp6Omc5hj+dDmOSpBoY+8iHkBpq3FYzB39LPsYmpLMxfXpxmRB4cky23 IQe/6KFRIPC9C1ykqZeOF9z7wCxFHjjLpfmwGMPsbnBBaKdoZ+ZBh1bCHnjCNxAcvtII pS9U8uOA2ncLgGRHoe61//PzZsBWgM95Nv2XOBy+a6wz8d6GZKyUe9sOY/HMkx8ZBkj7 A8T27oD03dadiT3Y1NaAZMvI8tXcasDObw2yOntzkVPQPHxurb4APNIoc/IHuCNuTxPn 7TVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ntlworld.com header.s=meg.feb2017 header.b=gcUpeJiR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=ntlworld.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z21-20020a05640240d500b00439e1b7cd40si18588494edb.477.2022.07.18.08.44.37; Mon, 18 Jul 2022 08:45:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ntlworld.com header.s=meg.feb2017 header.b=gcUpeJiR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=ntlworld.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235534AbiGRPfx (ORCPT + 99 others); Mon, 18 Jul 2022 11:35:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229784AbiGRPfw (ORCPT ); Mon, 18 Jul 2022 11:35:52 -0400 Received: from smtpq1.tb.ukmail.iss.as9143.net (smtpq1.tb.ukmail.iss.as9143.net [212.54.57.96]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8BCE3BC81 for ; Mon, 18 Jul 2022 08:35:51 -0700 (PDT) Received: from [212.54.57.107] (helo=csmtp3.tb.ukmail.iss.as9143.net) by smtpq1.tb.ukmail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oDSmj-0007FO-Vz for linux-kernel@vger.kernel.org; Mon, 18 Jul 2022 17:35:49 +0200 Received: from llamedos.mydomain ([81.97.236.130]) by cmsmtp with ESMTPA id DSmjoNpuq45FHDSmjowI7e; Mon, 18 Jul 2022 17:35:49 +0200 X-SourceIP: 81.97.236.130 X-Authenticated-Sender: zarniwhoop@ntlworld.com X-Spam: 0 X-Authority: v=2.4 cv=e64V9Il/ c=1 sm=1 tr=0 ts=62d57dd5 cx=a_exe a=OGiDJHazYrvzwCbh7ZIPzQ==:117 a=OGiDJHazYrvzwCbh7ZIPzQ==:17 a=IkcTkHD0fZMA:10 a=RgO8CyIxsXoA:10 a=zd2uoN0lAAAA:8 a=4XStSidSkjLePoVboTUA:9 a=QEXdDO2ut3YA:10 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ntlworld.com; s=meg.feb2017; t=1658158549; bh=Re0gKM4VfIQOJwjWn6tHsiDwKiJQYs0aWH6W1FD15PY=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=gcUpeJiR7N7eC8j6pJQaBd31PNU0EQS7cLYBAfF16suSjFgTAqHLoYG0TPKgHheWB Yubl2gfz92RZE3p0pN5U4APu/1TstiSCNwKAd7RHAFkKql5Wc5Ty+NBTwIRHPifLLR ET2R/D7pkXndW+kO1PC9PryoUgjqPudEfTkQHc7wTO4zdTRP0KtJVqIIgIU3Bs7tFl 8w5uzzaA9FGp0MB93dpDS5fFN59cdiqEhRdlNNyvN3SmJRMikVkIyDNOWzZFGbN5Sj 8/TRA5LXGNKFzfLdeqhDULBVWVfYxkRgBRaTh/CJoppaeQcMW2mjl/36h04cCJx/HB jsSt5HirvpIVQ== Received: by llamedos.mydomain (Postfix, from userid 1000) id 998748DB5C; Mon, 18 Jul 2022 16:35:49 +0100 (BST) Date: Mon, 18 Jul 2022 16:35:49 +0100 From: Ken Moffat To: Alexandre Chartre Cc: linux-kernel@vger.kernel.org Subject: Re: Retbleed, Zen2 and STIBP Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline X-Clacks-Overhead: GNU Terry Pratchett Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/2.2.6 (2022-06-05) X-CMAE-Envelope: MS4xfMaG3l5YKsL1CAFyJJJs1Hja/9V8vSK6bQRG+j5COPqiH+Z1hj6Rz+1iIZD4+f85hDCK3kg+m3oDs+up2CTPzx4/l8KS821tjnve4MB90cWwSdlbm5R8 o76oTUqjZIRlD5yakyU0Lka4gHiuPJ4SlPKY+GTOy8KQSlZpRQhONmYLq5cRWyFwC2nPL6CJFPpUSqeUUkJeDkwU6pdiEMrQD/jYDdFJGHuBLe3E4QKDrAiA bdFpsXOaoer4Z2wxYaOeuQ== X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 18, 2022 at 04:58:49PM +0200, Alexandre Chartre wrote: > On Mon, Jul 18, 2022 at 09:19:01AM +0100, Ken Moffat wrote: > > Probably like most people, I find the detail of the available > > retbleed mitigations obscure. In particular, for zen2 the options > > *might* include ibpb or unret. > > > > But I have failed to find what 'unret' actually means. Any > > pointers, please ? > > > > While ibpb might be available (and slow), on my Renoir with > > microcode level (0860106h) there were no newer microcode versions > > available when I last looked (a few weeks ago) but note 7 at the > > bottom of > > https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion_v > > 7_20220712.pdf > > implies that the relevant bit is only set on Renoir in 0860109h and > > later. > > > > Some of the text in that pdf implies that at least one of the > > options could be set if not already set from the microcode, but the > > amount of detail leaves me totally lost. > > > > Assuming, for the moment, that I might want to try this full > > mitigation, is there any way to set this in the absence of newer > > microcode ? > > > > Or should I just accept that the best I can get is 'unret', whatever > > that means ? > > > > ĸen > > 'unret' = AMD JMP2RET i.e. replace all 'ret' instructions with > 'jmp __x86_return_thunk', and safe training the thunk code upon > kernel/hypervisor entry. This is a purely software mitigation, > it doesn't require any microcode. > > AMD JMP2RET is described in this document: > https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion_v7_20220712.pdf > > alex. Thanks! ĸen -- It is very easy to get ridiculously confused about the tenses of time travel, but most things can be resolved by a sufficiently large ego. -- The Last Continent