From: Peter Zijlstra <peterz@infradead.org>
To: Borislav Petkov <bp@alien8.de>
Cc: x86@kernel.org, tony.luck@intel.com, pjt@google.com,
linux-kernel@vger.kernel.org, r.marek@assembler.cz,
jpoimboe@redhat.com, jikos@kernel.org,
Dave Hansen <dave.hansen@intel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [RFC PATCH] x86/retpolines: Prevent speculation after RET
Date: Thu, 18 Feb 2021 20:02:31 +0100 [thread overview]
Message-ID: <20210218190231.GA59023@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20210218184639.GF4214@zn.tnic>
On Thu, Feb 18, 2021 at 07:46:39PM +0100, Borislav Petkov wrote:
> Both vendors speculate after a near RET in some way:
>
> Intel:
>
> "Unlike near indirect CALL and near indirect JMP, the processor will not
> speculatively execute the next sequential instruction after a near RET
> unless that instruction is also the target of a jump or is a target in a
> branch predictor."
Right, the way I read that means it's not a problem for us here.
> AMD:
>
> "Some AMD processors when they first encounter a branch do not stall
> dispatch and use the branches dynamic execution to determine the target.
> Therefore, they will speculatively dispatch the sequential instructions
> after the branch. This happens for near return instructions where it is
> not clear what code may exist sequentially after the return instruction.
> This behavior also occurs with jmp/call instructions with indirect
> targets. Software should place a LFENCE or another dispatch serializing
> instruction after the return or jmp/call indirect instruction to prevent
> this sequential speculation."
>
> The AMD side doesn't really need the LFENCE because it'll do LFENCE;
> JMP/CALL <target> due to X86_FEATURE_RETPOLINE_AMD, before it reaches
> the RET.
It never reached the RET.
So all in all, I really don't see why we'd need this.
Now, if AMD were to say something like: hey, that retpoline is pretty
awesome, we ought to use that instead of an uconditional LFENCE, then
sure, but as is, I don't think so.
next prev parent reply other threads:[~2021-02-18 19:43 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-18 16:59 [RFC][PATCH 0/2] x86/retpoline: Retpoline on a diet Peter Zijlstra
2021-02-18 16:59 ` [RFC][PATCH 1/2] x86/retpoline: Simplify retpolines Peter Zijlstra
2021-02-22 11:36 ` Peter Zijlstra
2021-02-18 16:59 ` [RFC][PATCH 2/2] x86/retpoline: Compress retpolines Peter Zijlstra
2021-02-19 7:14 ` Borislav Petkov
2021-02-22 11:27 ` Peter Zijlstra
2021-02-18 18:46 ` [RFC PATCH] x86/retpolines: Prevent speculation after RET Borislav Petkov
2021-02-18 19:02 ` Peter Zijlstra [this message]
2021-02-18 19:11 ` Borislav Petkov
2021-02-19 8:15 ` Peter Zijlstra
2021-02-19 12:08 ` Andrew Cooper
2021-02-19 9:28 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210218190231.GA59023@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pjt@google.com \
--cc=r.marek@assembler.cz \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.