Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation

From: David Woodhouse
Date: Sun Feb 04 2018 - 15:23:16 EST

Next message: Andy Lutomirski: "Re: [RFC 1/3] seccomp: add a return code to trap to userspace"
Previous message: Pali RohÃr: "Re: Dell docking station & Dell Embedded Controller & PS/2 devices"
In reply to: Thomas Gleixner: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Next in thread: David Woodhouse: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2018-02-04 at 19:43 +0100, Thomas Gleixner wrote:
>
> __x86_return_thunk would look like this:
>
> __x86_return_thunk:
> ÂÂÂÂÂÂÂÂtestlÂÂÂ$0xf, PER_CPU_VAR(call_depth)
> ÂÂÂÂÂÂÂÂjnzÂÂÂÂÂ1fÂÂÂÂÂÂ
> ÂÂÂÂÂÂÂÂstuff_rsb
> ÂÂ 1:
> ÂÂÂÂÂÂÂÂdeclÂÂÂÂPER_CPU_VAR(call_depth)
> ÂÂÂÂÂÂÂÂret
>
> The call_depth variable would be reset on context switch.

Note that the 'jnz' can be predicted taken there, allowing the CPU to
speculate all the way to the 'ret'... and beyond.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Andy Lutomirski: "Re: [RFC 1/3] seccomp: add a return code to trap to userspace"
Previous message: Pali RohÃr: "Re: Dell docking station & Dell Embedded Controller & PS/2 devices"
In reply to: Thomas Gleixner: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Next in thread: David Woodhouse: "Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]