Re: [PATCH 0/7] IBRS patch series

From: David Woodhouse
Date: Fri Jan 05 2018 - 09:28:57 EST

Next message: Alexandre Belloni: "[PATCH v2 0/6] clocksource: rework Atmel TCB timer driver"
Previous message: Thomas Gleixner: "[PATCH V2] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN"
In reply to: Paul Turner: "Re: [PATCH 0/7] IBRS patch series"
Next in thread: Van De Ven, Arjan: "RE: [PATCH 0/7] IBRS patch series"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2018-01-05 at 03:52 -0800, Paul Turner wrote:
>
> These are also mitigatable; the retpoline sequence itself will never
> result in an RSB underflow.

Unless an event occurs which clears the RSB between the CALL and the
RET of the retpoline.

> So long as the underlying binary satisfies the precondition that it
> will not underflow its own RSB.
>
> Then we if we subsequently guarantee never to _reduce_ the number of
> entries in its RSB at any point remote to its own execution, then the
> precondition is preserved and underflow will not occur.

The problem is that underflow can occur not only on a retpoline, but
also on *any* bare ret.

Unless we want to do something evil like turning them all into a
sequence of 'call $+1; sub $8, %rsp; ret' and narrowing the race window
for that 'external event' to be negligible.

On the whole, since IBRS doesn't perform as badly on Skylake+ as it
does on earlier CPUs, it makes more sense just to use IBRS on Skylake+.

Unless we *only* have retpoline, of course, in which case we use that.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Alexandre Belloni: "[PATCH v2 0/6] clocksource: rework Atmel TCB timer driver"
Previous message: Thomas Gleixner: "[PATCH V2] x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN"
In reply to: Paul Turner: "Re: [PATCH 0/7] IBRS patch series"
Next in thread: Van De Ven, Arjan: "RE: [PATCH 0/7] IBRS patch series"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]