[v1] RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation

RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation

Thomas Gleixner posted 38 patches 3 years, 9 months ago

Diff against v1 v1 v1 v1 v1 v1 v1 v1

Only 0 patches received!

There is a newer version of this series

RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation

Posted by Thomas Gleixner 3 years, 9 months ago

On Sun, Jul 17 2022 at 17:56, David Laight wrote:
> From: Thomas Gleixner
>> On Sun, Jul 17 2022 at 09:45, David Laight wrote:
> I was thinking about what happens after the RSB has underflowed.
> Which is when (I presume) the BTB based speculation happens.
>
>> The intra function call in the retpoline is of course adding a RSB entry
>> which points to the speculation trap, but that gets popped immediately
>> after that by the return which goes to the called function.
>
> I'm remembering the 'active' instructions in a retpoline being 'push; ret'.
> Which is an RSB imbalance.

Looking at the code might help to remember correctly:

        call   1f
        speculation trap
1:      mov     %reg, %rsp
        ret

Thanks,

        tglx