Re: [PATCH] x86/bugs: protect against userspace-userspace spectreRSB
From: Jiri Kosina
Date: Wed Jul 25 2018 - 09:50:50 EST
On Wed, 25 Jul 2018, Josh Poimboeuf wrote:
> > The article "Spectre Returns! Speculation Attacks using the Return Stack
> > Buffer" [1] describes two new (sub-)variants of spectrev2-like attack,
> > making use solely of the RSB contents even on CPUs that don't fallback to
> > BTB on RSB underflow (Skylake+).
> >
> > Mitigate userspace-userspace attacks by always unconditionally filling RSB on
> > context switch when generic spectrev2 mitigation has been enabled.
> >
> > [1] https://arxiv.org/pdf/1807.07940.pdf
> >
> > Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
>
> While I generally agree with this patch, isn't it odd that we would do
> RSB filling on every context switch, but almost never do IBPB?
Yeah, I have actually been wondering exactly the same, but that's what we
have been doing so far on SKL+, so I didn't really want to mix this aspect
in.
I actually believe that in the name of consistency we should've been doing
the RSB fills under the same conditions we're issuing IBPB even on SKL+; I
can resend a patch that re-adjusts that, if that's the consensus.
Thanks,
--
Jiri Kosina
SUSE Labs