Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp7848071pxb; Fri, 19 Feb 2021 00:17:42 -0800 (PST) X-Google-Smtp-Source: ABdhPJyTAIdR1wREf9wc7k5liEWMBX33zEE8M+PnOWPtEtKRVVIhfbd8YfUmM/wnz1TD6QY4BFWA X-Received: by 2002:a17:906:5855:: with SMTP id h21mr7694913ejs.552.1613722662422; Fri, 19 Feb 2021 00:17:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613722662; cv=none; d=google.com; s=arc-20160816; b=z2ZfXKxO4XxpxzFviizbIFRZJGqv5dgqrmLuFvnEMTZLAE9OVkNUDj6a2GPNCgcufR BdkInVdkWzCAbzxtl7Ob+6Yf/qri5yF+XWwu3KqjZbhAYaBrvD9ZytD7sjhuwSGsOROV E7aCNGysFXO0q5KrkcuNjMK0zr1egD6kY5cqRNQh1QK2XKBEICJZLz48Q8AlC29dT5gB 5l1gnnrMYVcJGQ+PjkPBE4TE+kF/0yjqSw3HPi0zDsfYV5IY1qBIVD0+NA1UGED8+8Md YPZV2KKi0XFxHdgCQlXQ36WaBndZWAJCK0GHUQFh6qEmhjTROHDPFrzjDrE/RtMeBO3t f9Uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=iKkX0WJXYByG8vi3X4oORfaFYIkpvbsgkXGHehFlrZc=; b=In7whXYtGCmU0NPKf+zaIzwogpGfZ2qRCoZ1M2VWGXgGXJ5tqiRa8jeHXN9+cvgSbZ T5X/5/PVK8crpgG3fGaeufi6xrSx5QNrUZjCMtAt0i5Xr1QwVj0Qtg9GM5G1cleCm4c0 zXRLbfgL0LJ7FWH95UwHSMCuKUYi0H0MK8iDqGSA4G0wsUqpSIKdW03YEldE9ncsa5oE DEwy/WdTE1NmvXFpDfc5LlWThGf0Ub8H+HBMT6nGJWsRGhWUxWN2k4mi0KYWMNEqsM0g HcoyMc6HS48xCsjZh07g4kJB4xLnIoMmzuBqmo2udzUvVTvhSKUMaREPjLjvTRMs0G+5 mGZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=Hh1E7kOp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x9si5929871ejc.94.2021.02.19.00.17.17; Fri, 19 Feb 2021 00:17:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=merlin.20170209 header.b=Hh1E7kOp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229639AbhBSIQ1 (ORCPT + 99 others); Fri, 19 Feb 2021 03:16:27 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48044 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229555AbhBSIQ0 (ORCPT ); Fri, 19 Feb 2021 03:16:26 -0500 Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A3EC6C061574 for ; Fri, 19 Feb 2021 00:15:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=iKkX0WJXYByG8vi3X4oORfaFYIkpvbsgkXGHehFlrZc=; b=Hh1E7kOp5VqB5OAMemDHzN96/O nXdNszBn0WoTQmZdnd5o0ZA+iKfQw8+yEGQNtGLiY10s19d3zAyxs+H5zNtaL61SjkMufhuPRbqC9 VBouh9kfPjUq641fUax9tYxoWBnn7GkS8KRlqzqC13vX9cCg0ZHMAOSAHzh2ioSTop+8e+RG6lNdb cmMQoQDEe49HjKafMnZtlmbtd9IlbO36Z/yi3pG/mHR0b94imzIbrZRTkg+F2lQjss7M4vGouNbaM /+Zod/jHU3IFx94ZOhMsoxEfWflcsN2i8s9Taw9xBPwcdbwf7QOCc7cmgEq5onMHyq57wRtiGhFTU a8NZ8+mg==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=worktop.programming.kicks-ass.net) by merlin.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1lD0wQ-0006IM-2W; Fri, 19 Feb 2021 08:15:10 +0000 Received: by worktop.programming.kicks-ass.net (Postfix, from userid 1000) id 55CDE9864D5; Fri, 19 Feb 2021 09:15:07 +0100 (CET) Date: Fri, 19 Feb 2021 09:15:07 +0100 From: Peter Zijlstra To: Borislav Petkov Cc: x86@kernel.org, tony.luck@intel.com, pjt@google.com, linux-kernel@vger.kernel.org, r.marek@assembler.cz, jpoimboe@redhat.com, jikos@kernel.org, Dave Hansen , Andrew Cooper Subject: Re: [RFC PATCH] x86/retpolines: Prevent speculation after RET Message-ID: <20210219081507.GC59023@worktop.programming.kicks-ass.net> References: <20210218165938.213678824@infradead.org> <20210218184639.GF4214@zn.tnic> <20210218190231.GA59023@worktop.programming.kicks-ass.net> <20210218191138.GH4214@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20210218191138.GH4214@zn.tnic> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 18, 2021 at 08:11:38PM +0100, Borislav Petkov wrote: > On Thu, Feb 18, 2021 at 08:02:31PM +0100, Peter Zijlstra wrote: > > On Thu, Feb 18, 2021 at 07:46:39PM +0100, Borislav Petkov wrote: > > > Both vendors speculate after a near RET in some way: > > > > > > Intel: > > > > > > "Unlike near indirect CALL and near indirect JMP, the processor will not > > > speculatively execute the next sequential instruction after a near RET > > > unless that instruction is also the target of a jump or is a target in a > > > branch predictor." > > > > Right, the way I read that means it's not a problem for us here. > > Look at that other thread: the instruction *after* the RET can be > speculatively executed if that instruction is the target of a jump or it > is in a branch predictor. Right, but that has nothing to do with the RET instruction itself. You can speculatively execute any random instruction by training the BTB, which is I suppose the entire point of things :-) So the way I read it is that: RET does not 'leak' speculation, but if you target the instruction after RET with any other speculation crud, ofcourse you can get it to 'run'. And until further clarified, I'll stick with that :-)