Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation

From: Joao Moreira
Date: Tue Jul 19 2022 - 13:58:45 EST

Next message: Luis Chamberlain: "Re: [PATCH] module: kunit: Load .kunit_test_suites section when CONFIG_KUNIT=m"
Previous message: Bernd Petrovitsch: "Re: [PATCH] This is a send email test."
In reply to: Sami Tolvanen: "Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Next in thread: David Laight: "RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Clang always uses r11 for the indirect call with retpolines, so we'd
need to use another register. Nevertheless, splitting the constant into
two instructions would solve the call target gadget issue.

Yeah, it clicked later yesterday. But, FWIIW, R10 is also considered a scratch register, although used for passing static chain pointers which I think is not a thing in kernel context. Last case scenario we can always do liveness analysis and I doubt we'll have a significant (if any) number of spills.

If we are comparing through registers, I would suggest using a sub instruction instead of a cmp, as this will destroy the contents of the register and prevent it from being re-used on further unprotected indirect branches, if any exists.

Next message: Luis Chamberlain: "Re: [PATCH] module: kunit: Load .kunit_test_suites section when CONFIG_KUNIT=m"
Previous message: Bernd Petrovitsch: "Re: [PATCH] This is a send email test."
In reply to: Sami Tolvanen: "Re: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Next in thread: David Laight: "RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]