On Wed, 25 Jul 2018, Josh Poimboeuf wrote: > > The article "Spectre Returns! Speculation Attacks using the Return Stack > > Buffer" [1] describes two new (sub-)variants of spectrev2-like attack, > > making use solely of the RSB contents even on CPUs that don't fallback to > > BTB on RSB underflow (Skylake+). > > > > Mitigate userspace-userspace attacks by always unconditionally filling RSB > > on > > context switch when generic spectrev2 mitigation has been enabled. > > > > [1] https://arxiv.org/pdf/1807.07940.pdf > > > > Signed-off-by: Jiri Kosina <[email protected]> > > While I generally agree with this patch, isn't it odd that we would do > RSB filling on every context switch, but almost never do IBPB?
Yeah, I have actually been wondering exactly the same, but that's what we have been doing so far on SKL+, so I didn't really want to mix this aspect in. I actually believe that in the name of consistency we should've been doing the RSB fills under the same conditions we're issuing IBPB even on SKL+; I can resend a patch that re-adjusts that, if that's the consensus. Thanks, -- Jiri Kosina SUSE Labs
