Re: [RFC PATCH v2 1/3] x86: cpu/bugs: update SpectreRSB comments for AMD

[Josh Poimboeuf]

On Fri, Nov 15, 2024 at 02:44:12PM +0000, Kaplan, David wrote:
> > On Thu, Nov 14, 2024 at 12:01:16AM -0800, Pawan Gupta wrote:
> > > > For PBRSB, I guess we don't need to worry about that since there
> > > > would be at least one kernel CALL before context switch.
> > >
> > > Right. So the case where we need RSB filling at context switch is
> > > retpoline+CDT mitigation.
> >
> > According to the docs, classic IBRS also needs RSB filling at context switch to
> > protect against corrupt RSB entries (as opposed to RSB underflow).
> 
> Which docs are that?  Classic IBRS doesn't do anything with returns
> (at least on AMD).  The AMD docs say that if you want to prevent
> earlier instructions from influencing later RETs, you need to do the
> 32 CALL sequence.  But I'm not sure what corrupt RSB entries mean
> here, and how it relates to IBRS?

Sorry, by "corrupt", I meant poisoned.  I think we are saying the same
thing.  Classic IBRS doesn't protect against RSB poisoning.

-- 
Josh