Linux Reworks AMD Zen 1 Divide-By-Zero Mitigation After Original Fix Inadequate

Following last week's AMD Inception vulnerability another AMD Zen CPU bug came to light and that was performing a divide by zero on Zen 1 could end up leaking data with this DIV0 speculation bug. The original workaround was performing a dummy division 0/1 within the #DE exception handler but that's now turned out to be inadequate.

AMD Linux engineer Borislav Petkov has published a new patch that reworks the original AMD Zen 1 DIV0 speculation bug workaround. He explains with the new patch:

"Initially, it was thought that doing an innocuous division in the #DE handler would take care to prevent any leaking of old data from the divider but by the time the fault is raised, the speculation has already advanced too far and such data could already have been used by younger operations.

Therefore, do the innocuous division on every exit to userspace so that userspace doesn't see any potentially old data from integer divisions in kernel space.

Do the same before VMRUN too, to protect host data from leaking into the guest too."

The patch to now carry out a dummy 0/1 operation on every exit to user-space has been picked up by TIP.git's x86/urgent branch. This patch will be sent out this week for Linux 6.5-rc7 and then be back-ported to the stable kernel series that since last week have already been released with the original and inadequate workaround.

Again, this divide-by-zero bug is just present with Zen 1 processors. At least carrying out a single 0/1 dummy operation doesn't come with overhead unlike other CPU security mitigations of recent times.