Re: [RFC 09/10] x86/enter: Create macros to restrict/unrestrict Indirect Branch Speculation

[David Woodhouse]

On Fri, 2018-01-26 at 14:02 -0500, Konrad Rzeszutek Wilk wrote:
> 
> -ECONFUSED, see ==>
> 
> Is this incorrect then?
> I see:
> 
> 241ÂÂÂÂÂÂÂÂÂ * Skylake era CPUs have a separate issue with *underflow* of theÂÂÂÂÂÂÂ
> 242ÂÂÂÂÂÂÂÂÂ * RSB, when they will predict 'ret' targets from the generic BTB.ÂÂÂÂÂÂ
> 243ÂÂÂÂÂÂÂÂÂ * The proper mitigation for this is IBRS. If IBRS is not supportedÂÂÂÂÂ
> 244ÂÂÂÂÂÂÂÂÂ * or deactivated in favour of retpolines the RSB fill on contextÂÂÂÂÂÂÂ
> 245ÂÂÂÂÂÂÂÂÂ * switch is required.ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ
> 246ÂÂÂÂÂÂÂÂÂ */ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ

No, that's correct (well, except that it's kind of written for a world
where Linus is going to let IBRS anywhere near his kernel, and could
survive being rephrased a little :)

The RSB-stuffing on context switch (or kernel entry) is one of a
*litany* of additional hacks we need on Skylake to make retpolines
safe.

We were adding the RSB-stuffing in this case *anyway* for !SMEP, so it
was trivial enough to add in the (|| Skylake) condition while we were
at it.

Attachment: smime.p7s
Description: S/MIME cryptographic signature