Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

On Mon, Jan 8, 2018 at 5:21 PM, Andi Kleen wrote: > On Mon, Jan 08, 2018 at 05:16:02PM -0800, Andi Kleen wrote: >> > If we clear the registers, what the hell are you going to put in the >> > RSB that helps you? >> >> RSB allows you to control chains of gadgets. > > I admit

Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

On Mon, Jan 8, 2018 at 5:21 PM, Andi Kleen wrote: > On Mon, Jan 08, 2018 at 05:16:02PM -0800, Andi Kleen wrote: >> > If we clear the registers, what the hell are you going to put in the >> > RSB that helps you? >> >> RSB allows you to control chains of gadgets. > > I admit the gadget thing is a

Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

> > On Skylake and Broadwell when the RSB underflows it will fall back to the  > > indirect branch predictor, which can be poisoned and we try to avoid > > using with retpoline. So we try to avoid underflows, and this filling > > helps us with that. > > That's no longer true for Broadwell with

Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

> > On Skylake and Broadwell when the RSB underflows it will fall back to the  > > indirect branch predictor, which can be poisoned and we try to avoid > > using with retpoline. So we try to avoid underflows, and this filling > > helps us with that. > > That's no longer true for Broadwell with

Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

On Mon, 2018-01-08 at 17:21 -0800, Andi Kleen wrote: > On Mon, Jan 08, 2018 at 05:16:02PM -0800, Andi Kleen wrote: > > > If we clear the registers, what the hell are you going to put in the > > > RSB that helps you? > >  > > RSB allows you to control chains of gadgets. > > I admit the gadget

Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

On Mon, 2018-01-08 at 17:21 -0800, Andi Kleen wrote: > On Mon, Jan 08, 2018 at 05:16:02PM -0800, Andi Kleen wrote: > > > If we clear the registers, what the hell are you going to put in the > > > RSB that helps you? > >  > > RSB allows you to control chains of gadgets. > > I admit the gadget

Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

On Mon, Jan 08, 2018 at 05:16:02PM -0800, Andi Kleen wrote: > > If we clear the registers, what the hell are you going to put in the > > RSB that helps you? > > RSB allows you to control chains of gadgets. I admit the gadget thing is a bit obscure. There's another case we were actually more

Re: [PATCH v6 11/10] x86/retpoline: Avoid return buffer underflows on context switch II

On Mon, Jan 08, 2018 at 05:16:02PM -0800, Andi Kleen wrote: > > If we clear the registers, what the hell are you going to put in the > > RSB that helps you? > > RSB allows you to control chains of gadgets. I admit the gadget thing is a bit obscure. There's another case we were actually more