Comments on existing SRSO mitigations + VMSCAPE + Zen 5

[Rongronggg9]

Thanks for your impressive work!

---

While glancing through the pull for Linux to mitigate VMSCAPE, I noticed:

 * 'Mitigation: IBPB on VMEXIT':

   IBPB is issued on every VM-exit. This occurs when other mitigations like
   RETBLEED or SRSO are already issuing IBPB on VM-exit.

I recalled that my Zen 5 (Ryzen AI 365) laptop has utilized IBPB on VMEXIT to mitigate guest-host SRSO (Zen 5 CPUs are not vulnerable to user-kernel SRSO) since 2025 (I always use an up-to-date stable kernel). This made me curious how you could reproduce VMSCAPE on a Ryzen 5 9600X in 2025.

It turned out the patchset enabling IBPB on VMEXIT to mitigate SRSO (merged in 6.14) was never backported to any LTS kernels. The downstream Linux 6.8 kernel from Ubuntu didn't backport it either. This answered my question.

---

IIUC:

For Linux 6.14+ on Zen 5 non-EYPC CPUs, IBPB is issued on VMEXIT by default. This is the same as your originally proposed VMSCAPE mitigation. Thus, Zen 5 non-EPYC CPUs should be invulnerable to VMSCAPE even if they run outdated Linux 6.14+.

For Linux 6.14+ on Zen 5 EYPC CPUs, they probably utilize BpSpecReduce to mitigate guest-host SRSO by default (also never backported to LTS). Is BpSpecReduce sufficient to mitigate VMSCAPE? I didn't see the paper mentioning it - or did I miss anything?

---

The next thing (not quite related to VMSCAPE) I thought of:

If the IBPB on VMEXIT SRSO mitigation patchset were never backported, LTS kernels must have done something else to mitigate guest-host SRSO on Zen 5... Or, really?

It seemed no. The patchset marking Zen 5 vulnerable to (guest-host) SRSO and the one introducing IBPB on VMEXIT SRSO mitigation are the same patchset. As a result, LTS kernels didn't mark Zen 5 as vulnerable to (guest-host) SRSO until the VMSCAPE mitigation. This made me ask: were pre-VMSCAPE LTS kernels vulnerable to guest-host SRSO on Zen 5?

Luckily, the backported VMSCAPE mitigation patchsets happened to enable SRSO mitigation on Zen 5 for LTS kernels as well.

---

Disclaimer:

I haven't tried reproducing VMSCAPE because of the lack of documentation.
I am not a professional Linux kernel developer (yet?).
I opened the issue just for commentary purposes.

[sparchatus]

Hi! Thanks for your in-depth comments.

We have not looked at BpSpecReduce as a mitigation. The AMD documentation is not very helpful for understanding what it does.

It does seem weird what is going on with SRSO mitigations on AMD Zen 5...