Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp2439003rdg; Mon, 14 Aug 2023 02:30:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEZM9IIbADITPGKrOU6mKWn4xTh+/GI6R9K7rQ+0v8J2CDDHzvTYYLo9HgMM6iuJyFGFAB7 X-Received: by 2002:a05:6808:15a9:b0:3a3:654d:b2e5 with SMTP id t41-20020a05680815a900b003a3654db2e5mr9449022oiw.42.1692005429597; Mon, 14 Aug 2023 02:30:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692005429; cv=none; d=google.com; s=arc-20160816; b=PBqf8y6BtDq8oIX+7VXW2Rq3tmUIqqLqZSIwMqy5ETnMhO2KaO0tSu0uD1H7SCvg0k espirDEZ+uXxlGj9S9OlhscvbH17Y9H1ovITlHBiFlWnxguJA6T1CLf+kQ+93xhyag33 UAXDmj9oM/N1jM6us85OGRWPdxriDJqk3MKUoO+OGdCDRbEC+Yruhve3N8FRbGr8CP8N Oyjj7/QJ59aAY8Tw8qdWRZR9fDyl2GmuvAi9pVDvGlDTsw1CBruNvmzPwbHXuJLEypnx wi92SeWd4bDTnIaDokpDDnCZVaH4qXMSL90Il8baVIgtxFtVLMb4teDt5WdQAJnTwilZ yJ7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:date:cc:to:from:subject:message-id :dkim-signature; bh=DwYqGBGIfWKJsZBYt1K9AMNufbvBRSHi/abPrjVfEPg=; fh=S2JbGthsMIttzZRmljb6XONNr+4o7EIxP8kozuKqsUI=; b=XgaHr6M6R9wKNmSJod+fOQI99A28NdNA8S5nDbylJknw9J/L13LlD55HZq/Wcl2uk2 2ux8OMfwAV8bhMZLAtuA9vaBoKANw0MlfBcAr5Y1fkfEC0gNslKMsjnbcg6Q7u5UBukq OOR2SoaRaxI8PdKB4J1BLTWb1fvODB+VGG8U/VKD4rIEdaBWypz24HvyqnPl7pvknDCv d/uTzOGrmVp/KQTRi6JwltP+exk57NbqPLKnyvE5tUNntHHN1bm+HbV/uQ76hGjfQfE6 eD6KMTCDk2m1v2mHwI9aqOBUgfMpmaWP74LR3rcRlX+IaLaubaQSeiKXIUUy23T145iS 9HEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@xry111.site header.s=default header.b=jleEd7lw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=xry111.site Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l70-20020a638849000000b005634fdd0979si40847pgd.496.2023.08.14.02.30.18; Mon, 14 Aug 2023 02:30:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@xry111.site header.s=default header.b=jleEd7lw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=xry111.site Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235072AbjHNJBH (ORCPT + 99 others); Mon, 14 Aug 2023 05:01:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235561AbjHNJAl (ORCPT ); Mon, 14 Aug 2023 05:00:41 -0400 Received: from xry111.site (xry111.site [89.208.246.23]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 46A773A88 for ; Mon, 14 Aug 2023 02:00:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site; s=default; t=1692003615; bh=edGwPpyVyn/vyK03wlum1jlhOhAouMJrXmcB8fOlahk=; h=Subject:From:To:Cc:Date:From; b=jleEd7lwYJIqT6BEXnqjcQbFQseHwE4x6YVeyJeIKQmnq1AlpgpxLKLS42wgg/aMa XlFmswJ40Gl8iNiyW4q/4B/jAaP9bvOdcH26bdCMnvKUduOMwmsS5V4dgz9lvyxO7k 56mf4cAGvuVSRGBmc/Mv3D99innYB3+azTFF/M9Q= Received: from localhost.localdomain (xry111.site [IPv6:2001:470:683e::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384)) (Client did not present a certificate) (Authenticated sender: xry111@xry111.site) by xry111.site (Postfix) with ESMTPSA id 22A0E659AC; Mon, 14 Aug 2023 05:00:13 -0400 (EDT) Message-ID: <79c179acaa6ec4e1cf112ae2dfce8370694a5089.camel@xry111.site> Subject: Does srso safe RET mitigation require microcode update? From: Xi Ruoyao To: x86@kernel.org Cc: linux-kernel@vger.kernel.org, "Borislav Petkov (AMD)" , Rainer Fiebig Date: Mon, 14 Aug 2023 17:00:12 +0800 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, There seems a difference between Documentation/admin-guide/hw- vuln/srso.rst and the actual behavior. The documentation says: First of all, it is required that the latest microcode be loaded for mitigations to be effective. And: * 'Vulnerable: no microcode': =20 The processor is vulnerable, no microcode extending IBPB functionality to address the vulnerability has been applied. Per the text, if there is no firmware update, the system is just vulnerable. But on a real Zen 3 system, the spec_rstack_overflow file contains "Mitigation: safe RET, no microcode". So we are puzzled now: is this system vulnerable or mitigated? --=20 Xi Ruoyao School of Aerospace Science and Technology, Xidian University