From: Peter Zijlstra <peterz@infradead.org>
To: Borislav Petkov <bp@alien8.de>
Cc: x86@kernel.org, tony.luck@intel.com, pjt@google.com,
linux-kernel@vger.kernel.org, r.marek@assembler.cz,
jpoimboe@redhat.com, jikos@kernel.org,
Dave Hansen <dave.hansen@intel.com>,
Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [RFC PATCH] x86/retpolines: Prevent speculation after RET
Date: Fri, 19 Feb 2021 09:15:07 +0100 [thread overview]
Message-ID: <20210219081507.GC59023@worktop.programming.kicks-ass.net> (raw)
In-Reply-To: <20210218191138.GH4214@zn.tnic>
On Thu, Feb 18, 2021 at 08:11:38PM +0100, Borislav Petkov wrote:
> On Thu, Feb 18, 2021 at 08:02:31PM +0100, Peter Zijlstra wrote:
> > On Thu, Feb 18, 2021 at 07:46:39PM +0100, Borislav Petkov wrote:
> > > Both vendors speculate after a near RET in some way:
> > >
> > > Intel:
> > >
> > > "Unlike near indirect CALL and near indirect JMP, the processor will not
> > > speculatively execute the next sequential instruction after a near RET
> > > unless that instruction is also the target of a jump or is a target in a
> > > branch predictor."
> >
> > Right, the way I read that means it's not a problem for us here.
>
> Look at that other thread: the instruction *after* the RET can be
> speculatively executed if that instruction is the target of a jump or it
> is in a branch predictor.
Right, but that has nothing to do with the RET instruction itself. You
can speculatively execute any random instruction by training the BTB,
which is I suppose the entire point of things :-)
So the way I read it is that: RET does not 'leak' speculation, but if
you target the instruction after RET with any other speculation crud,
ofcourse you can get it to 'run'.
And until further clarified, I'll stick with that :-)
next prev parent reply other threads:[~2021-02-19 8:16 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-18 16:59 [RFC][PATCH 0/2] x86/retpoline: Retpoline on a diet Peter Zijlstra
2021-02-18 16:59 ` [RFC][PATCH 1/2] x86/retpoline: Simplify retpolines Peter Zijlstra
2021-02-22 11:36 ` Peter Zijlstra
2021-02-18 16:59 ` [RFC][PATCH 2/2] x86/retpoline: Compress retpolines Peter Zijlstra
2021-02-19 7:14 ` Borislav Petkov
2021-02-22 11:27 ` Peter Zijlstra
2021-02-18 18:46 ` [RFC PATCH] x86/retpolines: Prevent speculation after RET Borislav Petkov
2021-02-18 19:02 ` Peter Zijlstra
2021-02-18 19:11 ` Borislav Petkov
2021-02-19 8:15 ` Peter Zijlstra [this message]
2021-02-19 12:08 ` Andrew Cooper
2021-02-19 9:28 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210219081507.GC59023@worktop.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=andrew.cooper3@citrix.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=jikos@kernel.org \
--cc=jpoimboe@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pjt@google.com \
--cc=r.marek@assembler.cz \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.