Linux Fixes Indirect Branch Predictor Barrier "IBPB" Handling For Older AMD CPUs

Merged today to Linux 6.12 Git were bug fixes to AMD's Indirect Branch Predictor Barrier (IBPB) handling that can be optionally used as part of the Retbleed and Speculative Return Stack Overflow (SRSO) mitigations on older AMD processors.

Indirect Branch Predictor Barriers are not used by default so the impact of this fixing is limited to those that opted into using IBPB for Retbleed/SRSO as part of the various mitigation kernel parameters. The impact is also just for AMD Zen 3 CPUs and older.

AMD Linux engineer Borislav Petkov explained in today's x86 bugs merge:

"This fixes the IBPB implementation of older AMDs (< gen4) that do not flush the RSB (Return Address Stack) so you can still do some leaking when using a "=ibpb" mitigation for Retbleed or SRSO. Fix it by doing the flushing in software on those generations.

IBPB is not the default setting so this is not likely to affect anybody in practice."

So for anyone running on an older AMD processor and opted into using IBPB for the Retbleed/SRSO mitigations, the fixed-up proper handling is now in Linux 6.12 Git and should be back-ported to the stable kernel versions over the coming days.