Received: by 2002:a05:7412:6592:b0:d7:7d3a:4fe2 with SMTP id m18csp2455396rdg; Mon, 14 Aug 2023 03:12:08 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH83ZAtoGKCX3LZunjMPOfo+tdrPHF8H8ymXdIArveYtCVTAwhbkmr1s5NOfQIPDMmdNvFt X-Received: by 2002:a05:6a20:8f01:b0:133:faf4:ed2f with SMTP id b1-20020a056a208f0100b00133faf4ed2fmr10430211pzk.40.1692007928221; Mon, 14 Aug 2023 03:12:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1692007928; cv=none; d=google.com; s=arc-20160816; b=uWSz1opL+TQdNqo8uHPaZ3VRrsMmRgLfnv++0SbotTJRR4qu0Y5EGR2287NUy081iO LDF7noj5Jvtd5p/DWDLQNuvftz7ord3jNf+tFFlNczIN2y418LrrKyyOhY8POGCqubPz 44X1EHddx8mlZkrTpzSGEARqiLsFOZDgfRwswl0Gw3wO18eZejnYl0JWDcjEOcsaUZBx afmqIRnWW/pLhE/5k85pdxlQ2uVuLw8oCsEGcxm8Odg6mRA0dxk9VlGaiL1CqkqjZ32/ KISw8lHG0qJFtUfHfl/g2gbugdQuj7/3RXrhgO8C8DPCuJyoQaUPRi2Q7kmDdD4jDGt/ wpsA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:date:message-id:autocrypt:from:references:cc:to :subject:dkim-signature; bh=+3/iSVnwYT5IrR943nixKcMolUtapCprO1UBu0S+y6c=; fh=y8m6Fr2jpwuS2BiNNt6poYkPp1o+XP6PL0ElOTrboUI=; b=U++Gd8Cr53wie+tNVIthQ3UjNoZlrgV2d7JQqtRNe2may6xviMq4l1J/bo3kO7Pb4z +ISiL075BwMVYtOiTxkJOObZQTT0Kxb+Rp5o5eySIKjcqWjPIbOzt56J+zENLwJrQ2+J kqte3ikda4l7HahdcZMcIM5iGgLeMLJwG4ygTXpyi2grONug07vmHfkKIAci5HpGlCm6 PdMo+fLNeKI9ZqehomfNTehmnjpnbKGP1EElKQg+iXNwC5Lc+E68hvuYto1sV+RNr2an MXkiTBU33SGCORtIRcpcSN7IQi2q1TzXB0aQdQJvGMiGgJ5WTB97FXaeOKlJQqSGp9s+ TCWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mailbox.org header.s=mail20150812 header.b=daDWkoaa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mailbox.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q6-20020a63cc46000000b00563e1d607bcsi8036851pgi.411.2023.08.14.03.11.53; Mon, 14 Aug 2023 03:12:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@mailbox.org header.s=mail20150812 header.b=daDWkoaa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=mailbox.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233521AbjHNJst (ORCPT + 99 others); Mon, 14 Aug 2023 05:48:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34816 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234349AbjHNJsi (ORCPT ); Mon, 14 Aug 2023 05:48:38 -0400 Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [80.241.56.152]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5416A3 for ; Mon, 14 Aug 2023 02:48:37 -0700 (PDT) Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4RPV2l5JNKz9sn0; Mon, 14 Aug 2023 11:48:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1692006511; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=+3/iSVnwYT5IrR943nixKcMolUtapCprO1UBu0S+y6c=; b=daDWkoaa8pl9ST4eQ4ONuW0KzOFqJWrsGPCKBmkF+PEn7TSKgxvuRJBe2wMTcGgECE0f9e 1efVEvO4SC7hzVSYOHzAcxSTRRyHyPpmIbaQsWzc/w8AWiWit/Ic8bAK9ZiIv5nnH5I65P RT1RqlZ2UVZPgaBCxMcrLBxJLuxHURrugywD2207/QBvKS5XQ/cgvt0zFxdVLE11LCNpeC g39ghx/U6KAnR/o0vwbdrB5XnV7WpdOYKx/PUkxAl52CY+19zE7IxXtGDyembc6Q+L/Cjm k4+XyQ/j90AQa25F7KGnewWv7o6i27JykWpF8aMWeO5GCCf/bSXK5XO6WwLxAg== Subject: Re: Does srso safe RET mitigation require microcode update? To: Borislav Petkov , Xi Ruoyao Cc: x86@kernel.org, linux-kernel@vger.kernel.org References: <79c179acaa6ec4e1cf112ae2dfce8370694a5089.camel@xry111.site> <20230814091012.GAZNnvdD6JX/4E679D@fat_crate.local> From: Rainer Fiebig Autocrypt: addr=jrf@mailbox.org; prefer-encrypt=mutual; keydata= mQINBFohwNMBEADSyoSeizfx3D4yl2vTXfNamkLDCuXDN+7P5/UbB+Kj/d4RTbA/w0fqu3S3 Kdc/mff99ypi59ryf8VAwd3XM19beUrDZVTU1/3VHn/gVYaI0/k7cnPpEaOgYseemBX5P2OV ZE/MjfQrdxs80ThMqFs2dV1eHnDyNiI3FRV8zZ5xPeOkwvXakAOcWQA7Jkxmdc3Zmc1s1q8p ZWz77UQ5RRMUFw7Z9l0W1UPhOwr/sBPMuKQvGdW+eui3xOpMKDYYgs7uN4Ftg4vsiMEo03i5 qrK0mfueA73NADuVIf9cB2STDywF/tF1I27r+fWns1x9j/hKEPOAf4ACrNUdwQ9qzu7Nj9rz 2WU8sjneqiiED2nKdzV0gDnFkvXY9HCFZR2YUC2BZNvLiUJ1PROFDdNxmdbLZAKok17mPyOR MU0VQ61+PNjS8nsnAml8jnpzpcvLcQxR7ejRAV6w+Dc7JwnuQOiPS6M7x5FTk3QTPL+rvLFJ 09Nb3ooeIQ/OUQoeM7pW8ll8Tmu2qSAJJ+3O002ADRVU1Nrc9tM5Ry9ht5zjmsSnFcSe2GoJ Knu1hyXHDAvcq/IffOwzdeVstdhotBpf058jlhFlfnaqXcOaaHZrlHtrKOfQQZrxXMfcrvyv iE2yhO8lUpoDOVuC1EhSidLd/IkCyfPjfIEBjQsQts7lepDgpQARAQABtB9SYWluZXIgRmll YmlnIDxqcmZAbWFpbGJveC5vcmc+iQJWBBMBCABAAhsjBwsJCAcDAgEGFQgCCQoLBBYCAwEC HgECF4AWIQTrLHk+ME24YHaolcbw4fcmJYr49QUCYVlg+QUJGnvH3QAKCRDw4fcmJYr49Wta EADHXEnPxIsw5dM0Brphds0y12D0YGc2fBuTeyEDltuJIJNNLkzRw3wTOJ/muUHePlyWQigf cTieAP4UZmZkR+HtZdbasop+cIqjNrjeU1i+aiNaDf/j6JMKaXVtaXfTbwA0DFJ2olS7Ito/ v7WPf5zJa7BnWFa5VbMQw2T68gOGpMuQky9se58ylQcpjBD2QVJiL5w36JTZpG84GfvQnFdl Fu9dh6/bYDUiTVYWbWCYNoDiEam3GEgsPxWMyb2R9nkBDEUKp9jDxu/iJl5nbX2+hoLDcD7v zM+sEeXLgwn5OyRxKiFYLAaNPUow+J8JG7NUWHVvuHtiu4ykNfoIghyxPENs5N/nndJt5KDq kWHlXhJOyC6eDCt/47Ylykau/bDlfrmgfoEoLt8X59sZaQAgkV0yjrPl4bEW61eGvcjracj5 lsDP15MITm+OND3LLSg9Jxz8LOYs6enLxy7OmFIJF685XDhtDdvGSVCbdB4Ndhygw8HiDxnZ hh4ByX+N/v60g3IdoFXc7v8GIDMTtSukOwKlm44jENcFZBjjC518OH1ugLcbnR/f+vT9L7tO fDNahD1nrLNsOtZKkW1Ieztl7EEz8IUZzjMqXuEWSEZn0luE8j6FnuTr1JId8WL9AqM/vcVY /UN8v4d4bUvjQ2+k0U3aMsumw+Y5PUsiFfy+gLkCDQRaIcDTARAAwhbtQAUmZG/rkpR/6/xr 7jRqi5Z3M5LZNw4lW9k4nBpQDAP/rLVuREnz/upm314P9i5iN9g2wsbReZBJ9KiUxT39KD5p 99KZGIH0elgZy+nDnb3oQLbtAr8+ox1ThOyOEJ7iX378txc1JD9IWJuv6YLMlkXa4ZuuAMCq KUvCChEjcHhZ+Ecb8OX8GwIKUoklWhoHR7OcMqAkjdhA698FkWNkgIeqMiTN/hBJ9u010ZeB 82ibDAKSMetMRxflCwThrVrfrOr5+ZkJvoN5r+Jy1ulk8OOnDOjvqXoUcee5zdloZymeY3f7 zebddvPmuiR0qXX0KYeSbhNF1GugLgbYeU2ev0nZ74F6vTwLUraRjKUzk0bq6SELlNMriS2x Wj7zDB2XtzUdTHPYSgFDKGYxRqiM7KJbheCL7gD1wxUGRf14yJISXmDX/fZhsFrZ/NF3UqxJ nLCz9lqyMCvT8prJjlAQu0zcFcrGAYVBNeJMAKlukMllRMgWdSLmJQiDC5JMaXoEeXdGpIv8 LgH+yU3tkKjXvkjwGywcXuL28ZScap3iJj08B8HWHmlL5b3pCkZv1w87SSF+FarrWl4F4u4U j+u2r7/NEZVmJ0GpNHNwkYFQiX1Coky6+Ga1/gXUBP6grI9eZOMD+qtsJC1JVPY8VIsjq/47 R1tBTKoiANQ/M+MAEQEAAYkCPAQYAQgAJgIbDBYhBOsseT4wTbhgdqiVxvDh9yYlivj1BQJh WuePBQkae8fdAAoJEPDh9yYlivj1GmsP/AwKF5WPyg3M1e7YPAYc3vsp2RQccnIjQ62MYxbz VWFs32GT0FyeIBzzT5aaVNyWzumNSyp51LC29AeqL/LXel9bUCzg3v0g5UutXAh9XYnWvgD6 12U4WlFUPmSVKz7B1kf9fwFfOUyRnT1Ayf91GDW9vTP2yWboXqelQdawa1Wl7G+C+unyuu3q OoPkNu65g6ZanO66ycXz6BDOlfCP7WPhcdyi85PuaJhXGbOysKS/m+tptS7XStqp+9Hvj1pj 3pajr5Nktufg3+QLQTj7iUowMnHdClY5d5c34gayzXHIZw9pSM4u4NStEGUTHk9JVRNd09A0 J3PzCngz9isv6Cdi7dZH4ivjOqXnD3Wq6Dwmu2RaBciQx8fuM58o6VBQ2cQa00QRT96UPWph G5BEGryzI0IxAmQtNDwneJx+jscGmMWvm4PkTViBnRcJtlJVO0lR5tWjscVG4TgBIo1M5qmi t0GfVUkS4E8AhVNtPG1Z5vl7JkfX3irc4ld58j1STfhLuos5l4X+7lRncpbYCsuk9rz1Bjh8 r/bUbqMkpj7m27JXi7cHIOtZ4up9O0O8WFdPpLRmy6GS67czo5dpV3CowY9LtZ0+0JmnUd59 kutl2mu4Qd3cGFbZB4J8J3p+wtsx7bujP38lQvmqpyGTUtyoGO9nOL0X5Xi95CAqapnE Message-ID: <0338eb8b-6b60-313c-e6eb-faca071c5227@mailbox.org> Date: Mon, 14 Aug 2023 11:47:54 +0200 MIME-Version: 1.0 In-Reply-To: <20230814091012.GAZNnvdD6JX/4E679D@fat_crate.local> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-MBO-RS-ID: e0c5fb48d271c902ebb X-MBO-RS-META: 4nauzaknhgqm6qniw4efc58j4bp63mt3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am 14.08.23 um 11:10 schrieb Borislav Petkov: > On Mon, Aug 14, 2023 at 05:00:12PM +0800, Xi Ruoyao wrote: >> So we are puzzled now: is this system vulnerable or mitigated? > > Read the whole options text here: > > https://kernel.org/doc/html/latest/admin-guide/hw-vuln/srso.html > > Does it explain it better? Not really, IMO. The text says: "First of all, it is required that the latest microcode be loaded for mitigations to be effective. [...]" According to that: no latest microcode - system is vulnerable. Later: "* 'Mitigation: safe RET': Software-only mitigation. It complements the extended IBPB microcode patch functionality by addressing User->Kernel and Guest->Host transitions protection." Now, what does that mean: partial mitigation or also no mitigation without microcode? And if the latest microcode is indeed needed for "Safe RET": why do users of AMD's "consumer" Zens have to wait weeks or even longer for an AGESA instead of being able to simply compile the microcode into the kernel and get rid of the problem in a few minutes? Thanks. Rainer