Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call

From: Dave Hansen
Date: Mon Sep 28 2020 - 19:21:29 EST

Next message: Dmitry Torokhov: "Re: [PATCH] Input: Add nopnp quirk for Acer Aspire 5 A515"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: trackpoint - enable Synaptics trackpoints"
In reply to: H.J. Lu: "Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Next in thread: Andy Lutomirski: "Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/28/20 3:06 PM, H.J. Lu wrote:
>> I'm open to do either solution. My thinking was to initially do things
>> vsgx.S local (i.e. consider ALTERNATIVE post upstreaming) and use the
>> above solution but I'm also fine doing ALTERNATIVE. Dave kindly briefed
>> on details how that thing works and it should be perfectly usable for
>> our use case.
>>
> Since SHSTK and IBT are enabled per process, not the whole machine,
> are you going to patch vDSO on a per-process basis?

No.

Retpolines mitigate Spectre v2 attacks. If you're not vulnerable to
Spectre v2, you don't need retpolines.

All processors which support CET *also* have hardware mitigations
against Spectre v2 and don't need retpolines. Here's all of the
possibilities:

CET=y, BUG_SPECTRE_V2=y: does not exist
CET=n, BUG_SPECTRE_V2=y: vulnerable, use retpoline
CET=y, BUG_SPECTRE_V2=n: no retpoline, not vulnerable
CET=n, BUG_SPECTRE_V2=n: no retpoline, not vulnerable

Next message: Dmitry Torokhov: "Re: [PATCH] Input: Add nopnp quirk for Acer Aspire 5 A515"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: trackpoint - enable Synaptics trackpoints"
In reply to: H.J. Lu: "Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Next in thread: Andy Lutomirski: "Re: [PATCH v38 21/24] x86/vdso: Implement a vDSO for Intel SGX enclave call"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]