Re: [PATCH 3/3] x86/bugs: Remove support for Spectre v2 LFENCE "retpolines"

From: Andrew Cooper
Date: Fri Apr 12 2024 - 16:49:44 EST

Next message: Uwe Kleine-König: "Re: [PATCH] clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()"
Previous message: Edgecombe, Rick P: "Re: [PATCH] x86/tdx: Preserve shared bit on mprotect()"
In reply to: Josh Poimboeuf: "Re: [PATCH 3/3] x86/bugs: Remove support for Spectre v2 LFENCE "retpolines""
Next in thread: Josh Poimboeuf: "Re: [PATCH 3/3] x86/bugs: Remove support for Spectre v2 LFENCE "retpolines""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/04/2024 7:10 pm, Josh Poimboeuf wrote:
> I found several bugs where code assumes that X86_FEATURE_RETPOLINE
> actually means retpolines (imagine that!).

Yeah :( One could also imagine a past where that was pointed out, or
just read about it in the archives.

> In fact that feature also
> includes the original AMD LFENCE "retpolines", which aren't in fact
> retpolines.
>
> Really, those "retpolines" should just be removed. They're already
> considered vulnerable due to the fact that the speculative window after
> the indirect branch can still be long enough to do multiple dependent
> loads. And recent tooling makes such gadgets easier to find.

There are two Atom CPUs which are not repotline safe, and for which
Intel released a statement saying "use lfence/jmp" on these.

I'm still trying to find it...

~Andrew

Next message: Uwe Kleine-König: "Re: [PATCH] clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()"
Previous message: Edgecombe, Rick P: "Re: [PATCH] x86/tdx: Preserve shared bit on mprotect()"
In reply to: Josh Poimboeuf: "Re: [PATCH 3/3] x86/bugs: Remove support for Spectre v2 LFENCE "retpolines""
Next in thread: Josh Poimboeuf: "Re: [PATCH 3/3] x86/bugs: Remove support for Spectre v2 LFENCE "retpolines""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]