Re: [PATCH] x86/spectre: Expand test for vulnerability to empty RSB exploits

From: Jim Mattson
Date: Mon Aug 20 2018 - 12:22:33 EST


On Mon, Aug 20, 2018 at 9:00 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote:
>
> On Tue, 7 Aug 2018, Jim Mattson wrote:
>
> > Skylake-era Intel CPUs are vulnerable to exploits of empty RSB
> > conditions. On hardware, platform vulnerability can be determined
> > simply by checking the processor's DisplayModel/DisplayFamily
> > signature. However, when running in a VM, the operating system should
> > also query IA32_ARCH_CAPABILITIES.RSBA[bit 2], a synthetic bit that
> > can be set by a hypervisor to indicate that the VM might run on a
> > vulnerable physical processor, regardless of the
> > DisplayModel/DisplayFamily reported by CPUID.
> >
> > Note that IA32_ARCH_CAPABILITIES.RSBA[bit 2] is always clear on
> > hardware, so the DisplayModel/DisplayFamily check is still required.
> >
> > For all of the details, see the Intel white paper, "Retpoline: A
> > Branch Target Injection Mitigation" (document number 337131-001),
> > section 5.3: Virtual Machine CPU Identification.
> >
> > Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> > Reviewed-by: Peter Shier <pshier@xxxxxxxxxx>
>
> That has been superseeded by:
>
> fdf82a7856b3 ("x86/speculation: Protect against userspace-userspace spectreRSB")
>
> right? At least it does not apply anymore...

Right. It doesn't appear that Skylake CPUs get any special treatment any more.