Re: [RH72 Spectre] ibpb_enabled = 1 leads to hard LOCKUP under x86_64 host machine
From: Andrea Arcangeli
Date: Sat Jan 20 2018 - 10:22:48 EST
Hello everyone,
On Sat, Jan 20, 2018 at 01:56:08PM +0000, Van De Ven, Arjan wrote:
> well first of all don't use IBRS, use retpoline
This issue triggers in the IBPB code during user to user context
switch and IBPB is still needed there no matter if kernel is using
retpolines or if it uses kernel IBRS. In fact IBPB is still needed
there even if retpolines+user_ibrs is used or if
always_ibrs/ibrs_enabled=2 is used (IBRS doesn't protect from the
poison generated in the same predictor mode, "especially" in future
CPUs).
Only retpolining all userland would avoid IBPB here, but I doubt you
suggest that.
Kernel retpolines or kernel IBRS would make zero difference for
this specific issue.
> and if Andrea says this was a known issue in their code then I think that closes the issue.
>
It's an implementation bug we inherited from the merge of a CPU vendor
patch and I can confirm it's already closed. The fix has been already
shipped with the wave 2 update in fact and some other versions even
had the bug fixed since the very first wave on 0day.
That deadlock nuisance only ever triggered in artificial QA testcases
and even then it wasn't easily reproducible.
We already moved the follow ups in vendor BZ to avoid using bandwidth
here.
Thank you!
Andrea