Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

[Paul Turner]

On Mon, Jan 8, 2018 at 5:21 PM, Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:
> On Mon, Jan 08, 2018 at 05:16:02PM -0800, Andi Kleen wrote:
>> > If we clear the registers, what the hell are you going to put in the
>> > RSB that helps you?
>>
>> RSB allows you to control chains of gadgets.
>
> I admit the gadget thing is a bit obscure.
>
> There's another case we were actually more worried about:
>
> On Skylake and Broadwell when the RSB underflows it will fall back to the

(Broadwell without Microcode)

> indirect branch predictor, which can be poisoned and we try to avoid
> using with retpoline. So we try to avoid underflows, and this filling
> helps us with that.
>
> Does that make more sense?

The majority of the confusion does not stem from this being complicated.
It's that there's been great reluctance to document the details which
are different -- or changed by the microcode -- even at a high level
such as this.
Because of this, some of the details instead include vague "things are
different on Skylake" notes, with no exposition.

>
> -Andi