From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83585C43334 for ; Sun, 17 Jul 2022 19:16:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231515AbiGQTQX (ORCPT ); Sun, 17 Jul 2022 15:16:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58382 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229437AbiGQTQW (ORCPT ); Sun, 17 Jul 2022 15:16:22 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDC1ADF1F for ; Sun, 17 Jul 2022 12:16:21 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1658085344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FFwnWRc7IGxS0ZRT94RlPjA97CP88nVxc93qcbHA/Ow=; b=sln340O3/2iUuiJ06gTUqABPkCRF9ZYktow7T/iiFSb9WRp7ZejtXJzn01nZd340pSnOQL 3cRX3zg4nh+3p+EwPSRvFqAbffVCZlYaA1JczX9rT+4vBnQmVw1cwwofL6VdBW3bmUSK1n wE9HdUioMM2slNwBFKLtFlcfTmcBx4fqEfTRSftJdANvgNMzU+M1QYRGbXsMTp19qTUiSX zbyXfwhJKIUtA2aKjxhBZ61CL/asudLLJYjSYxKtEoQKhgYe+7udfWTdCATfK0tErYsFZ2 WnmSKraztplHhYGAqtTzVQtQoH4yC9gVmrZB2XlrjZCJPgacOBwz5uvXeE+vZQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1658085344; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=FFwnWRc7IGxS0ZRT94RlPjA97CP88nVxc93qcbHA/Ow=; b=TVt5jDIyiH0B9YjBQPkEOtWDJoP5moTUaOhdy7Yk9aVVtGCZeiUcUtqvpZi1dqX/3Bc0ix pgxRh6E5l+27GbBg== To: David Laight , LKML Cc: "x86@kernel.org" , Linus Torvalds , Tim Chen , Josh Poimboeuf , Andrew Cooper , Pawan Gupta , Johannes Wikner , Alyssa Milburn , Jann Horn , "H.J. Lu" , Joao Moreira , Joseph Nuzman , Steven Rostedt , Juergen Gross , "Peter Zijlstra (Intel)" , Masami Hiramatsu , Alexei Starovoitov , Daniel Borkmann Subject: RE: [patch 00/38] x86/retbleed: Call depth tracking mitigation In-Reply-To: <24673619e9e2411bb1d5f287aab2aa87@AcuMS.aculab.com> References: <20220716230344.239749011@linutronix.de> <8735ezye00.ffs@tglx> <24673619e9e2411bb1d5f287aab2aa87@AcuMS.aculab.com> Date: Sun, 17 Jul 2022 21:15:44 +0200 Message-ID: <87wncbwnxb.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 17 2022 at 17:56, David Laight wrote: > From: Thomas Gleixner >> On Sun, Jul 17 2022 at 09:45, David Laight wrote: > I was thinking about what happens after the RSB has underflowed. > Which is when (I presume) the BTB based speculation happens. > >> The intra function call in the retpoline is of course adding a RSB entry >> which points to the speculation trap, but that gets popped immediately >> after that by the return which goes to the called function. > > I'm remembering the 'active' instructions in a retpoline being 'push; ret'. > Which is an RSB imbalance. Looking at the code might help to remember correctly: call 1f speculation trap 1: mov %reg, %rsp ret Thanks, tglx