RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation

From: Thomas Gleixner
Date: Sun Jul 17 2022 - 15:16:26 EST

Next message: kernel test robot: "[atishp04:kvm_perf_rfc_buildtest 15/24] WARNING: modpost: vmlinux.o(.text+0xa708): Section mismatch in reference from the function early_memremap_prot() to the function .init.text:early_ioremap()"
Previous message: Thomas Gleixner: "Re: [patch 02/38] x86/cpu: Use native_wrmsrl() in load_percpu_segment()"
In reply to: David Laight: "RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Next in thread: Thomas Gleixner: "Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Jul 17 2022 at 17:56, David Laight wrote:
> From: Thomas Gleixner
>> On Sun, Jul 17 2022 at 09:45, David Laight wrote:
> I was thinking about what happens after the RSB has underflowed.
> Which is when (I presume) the BTB based speculation happens.
>
>> The intra function call in the retpoline is of course adding a RSB entry
>> which points to the speculation trap, but that gets popped immediately
>> after that by the return which goes to the called function.
>
> I'm remembering the 'active' instructions in a retpoline being 'push; ret'.
> Which is an RSB imbalance.

Looking at the code might help to remember correctly:

call 1f
speculation trap
1: mov %reg, %rsp
ret

Thanks,

tglx

Next message: kernel test robot: "[atishp04:kvm_perf_rfc_buildtest 15/24] WARNING: modpost: vmlinux.o(.text+0xa708): Section mismatch in reference from the function early_memremap_prot() to the function .init.text:early_ioremap()"
Previous message: Thomas Gleixner: "Re: [patch 02/38] x86/cpu: Use native_wrmsrl() in load_percpu_segment()"
In reply to: David Laight: "RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Next in thread: Thomas Gleixner: "Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]