Re: [PATCH] x86/bugs: protect against userspace-userspace spectreRSB

[Jiri Kosina]

On Wed, 25 Jul 2018, Josh Poimboeuf wrote:

> > The article "Spectre Returns! Speculation Attacks using the Return Stack
> > Buffer" [1] describes two new (sub-)variants of spectrev2-like attack,
> > making use solely of the RSB contents even on CPUs that don't fallback to
> > BTB on RSB underflow (Skylake+).
> > 
> > Mitigate userspace-userspace attacks by always unconditionally filling RSB on
> > context switch when generic spectrev2 mitigation has been enabled.
> > 
> > [1] https://arxiv.org/pdf/1807.07940.pdf
> > 
> > Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
> 
> While I generally agree with this patch, isn't it odd that we would do
> RSB filling on every context switch, but almost never do IBPB?

Yeah, I have actually been wondering exactly the same, but that's what we 
have been doing so far on SKL+, so I didn't really want to mix this aspect 
in.

I actually believe that in the name of consistency we should've been doing 
the RSB fills under the same conditions we're issuing IBPB even on SKL+; I 
can resend a patch that re-adjusts that, if that's the consensus.

Thanks,

-- 
Jiri Kosina
SUSE Labs