Does srso safe RET mitigation require microcode update?

From: Xi Ruoyao
Date: Mon Aug 14 2023 - 05:01:35 EST


Hi,

There seems a difference between Documentation/admin-guide/hw-
vuln/srso.rst and the actual behavior. The documentation says:

First of all, it is required that the latest microcode be loaded for
mitigations to be effective.

And:

* 'Vulnerable: no microcode':

The processor is vulnerable, no microcode extending IBPB
functionality to address the vulnerability has been applied.

Per the text, if there is no firmware update, the system is just
vulnerable. But on a real Zen 3 system, the spec_rstack_overflow file
contains "Mitigation: safe RET, no microcode".

So we are puzzled now: is this system vulnerable or mitigated?

--
Xi Ruoyao <xry111@xxxxxxxxxxx>
School of Aerospace Science and Technology, Xidian University