Does srso safe RET mitigation require microcode update?

From: Xi Ruoyao
Date: Mon Aug 14 2023 - 05:01:35 EST

Next message: Fei Shao: "Re: [PATCH v4,3/3] drm/mediatek: dp: Add the audio divider to mtk_dp_data struct"
Previous message: Dapeng Mi: "Re: [PATCH] KVM: x86/pmu: Manipulate FIXED_CTR_CTRL MSR with macros"
Next in thread: Borislav Petkov: "Re: Does srso safe RET mitigation require microcode update?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

There seems a difference between Documentation/admin-guide/hw-
vuln/srso.rst and the actual behavior. The documentation says:

First of all, it is required that the latest microcode be loaded for
mitigations to be effective.

And:

* 'Vulnerable: no microcode':

The processor is vulnerable, no microcode extending IBPB
functionality to address the vulnerability has been applied.

Per the text, if there is no firmware update, the system is just
vulnerable. But on a real Zen 3 system, the spec_rstack_overflow file
contains "Mitigation: safe RET, no microcode".

So we are puzzled now: is this system vulnerable or mitigated?

--
Xi Ruoyao <xry111@xxxxxxxxxxx>
School of Aerospace Science and Technology, Xidian University

Next message: Fei Shao: "Re: [PATCH v4,3/3] drm/mediatek: dp: Add the audio divider to mtk_dp_data struct"
Previous message: Dapeng Mi: "Re: [PATCH] KVM: x86/pmu: Manipulate FIXED_CTR_CTRL MSR with macros"
Next in thread: Borislav Petkov: "Re: Does srso safe RET mitigation require microcode update?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]