AMD Inception / SRSO Mitigation Further Cleaned Up With Linux 6.7

Since the AMD Inception vulnerability was made public in August there were kernel patches merged that day and since then there's been a few rounds of clean-ups and fixes for this mitigation code formally known as the Speculative Return Stack Overflow (SRSO). With Linux 6.7, more SRSO mitigation clean-ups have been merged.

Last week the x86/bugs updates were merged for Linux 6.7 with the following highlights:

- A bunch of improvements, cleanups and fixlets to the SRSO mitigation machinery and other, general cleanups to the hw mitigations code, by Josh Poimboeuf

- Improve the return thunk detection by objtool as it is absolutely important that the default return thunk is not used after returns have been patched. Future work to detect and report this better is pending

- Other misc cleanups and fixes

Among the fixes are for properly enabling SBPB for possible future hardware that is fixed against SRSO, ensuring the actual mitigation used is properly printed if a requested mitigation isn't possible, fixing vulnerability reporting in case of missing CPU microcode, improving instruction cache locality for alias mitigation, and a variety of other low-level code changes and clean-ups.

Those unfamiliar with the AMD SRSO mitigation or other background information on the problem affecting Zen CPUs with various mitigation routes depending upon the generation and presence of updated CPU microcode can be found via the kernel documentation.

Completely separate but also on the CPU mitigation front, Linux 6.7 also further adjusts the Intel IBRS mitigation.