Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965783AbeAJPcv (ORCPT + 1 other); Wed, 10 Jan 2018 10:32:51 -0500 Received: from mx1.redhat.com ([209.132.183.28]:12010 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752835AbeAJPcr (ORCPT ); Wed, 10 Jan 2018 10:32:47 -0500 Date: Wed, 10 Jan 2018 15:31:08 +0000 From: "Dr. David Alan Gilbert" To: "Woodhouse, David" Cc: Paul Turner , Tom Lendacky , Andi Kleen , LKML , Linus Torvalds , Greg Kroah-Hartman , Tim Chen , Dave Hansen , Thomas Gleixner , Kees Cook , Rik van Riel , Peter Zijlstra , Andy Lutomirski , Jiri Kosina , One Thousand Gnomes Subject: Re: [PATCH v6 00/10] Retpoline: Avoid speculative indirect calls in kernel Message-ID: <20180110153107.GB2451@work-vm> References: <1515363085-4219-1-git-send-email-dwmw@amazon.co.uk> <1515597645.22302.187.camel@amazon.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1515597645.22302.187.camel@amazon.co.uk> User-Agent: Mutt/1.9.1 (2017-09-22) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 10 Jan 2018 15:32:42 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: * Woodhouse, David (dwmw@amazon.co.uk) wrote: > On Mon, 2018-01-08 at 02:42 -0800, Paul Turner wrote: > > > > While the cases above involve the crafting and use of poisoned > > entries.? Recall also that one of the initial conditions was that we > > should avoid RSB underflow as some CPUs may try to use other indirect > > predictors when this occurs. > > I think we should start by deliberately ignoring the CPUs which use the > other indirect predictors on RSB underflow. Those CPUs don't perform > *quite* so badly with IBRS anyway. > > Let's get the minimum amount of RSB handling in to cope with the pre- > SKL CPUs, and then see if we really do want to extend it to make SKL > 100% secure in retpoline mode or not. How do you make decisions on which CPU you're running on? I'm worried about the case of a VM that starts off on an older host and then gets live migrated to a new Skylake. For Intel CPUs we've historically been safe to live migrate to any newer host based on having all the features that the old one had; with the guest still seeing the flags etc for the old CPU. Dave -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK