Re: [PATCH] x86/retpoline: Fill return stack buffer on vmexit

From: David Woodhouse
Date: Wed Jan 10 2018 - 20:13:10 EST


On Thu, 2018-01-11 at 01:04 +0000, David Woodhouse wrote:
> On Wed, 2018-01-10 at 18:14 -0600, Tom Lendacky wrote:
> > On 1/10/2018 5:47 PM, David Woodhouse wrote:
> > > Now smoke tested with Intel VT-x, but not yet on AMD. Tom, would you be
> > > able to do that?
> > Yes, I'll try to get to it as soon as I can, but it might be tomorrow
> > (morning).
> Thanks. I've pushed an updated version to
> http://git.infradead.org/users/dwmw2/linux-retpoline.git/

Oh, and the RSB-stuffing on kernel entry from userspace turns out now
to be an AMD-only thing, because it's for !SMEP && !PTI.

So we'll want to make up an appropriate feature bit and then do
'FILL_RETURN_BUFFER %a_reg X86_FEATURE_STUFF_RSB_K2U' in the
appropriate places in entry*.S. I think some of Tim's patch set already
highlighted the places it was needed?

With that, I think we have the final details for retpoline worked out
for everything except Skylake. And seriously, screw Skylake at least
for now. It can use IBRS, or take its chances with the additional
problems it might have.

Attachment: smime.p7s
Description: S/MIME cryptographic signature