[GTALUG] more on Spectre v2
D. Hugh Redelmeier
hugh at mimosa.com
Sun Feb 4 13:29:11 EST 2018
Spectre v2 is really complicated to deal with. Just read this
recent thread in the LKML
<https://lkml.org/lkml/2018/1/20/158>
I'm impressed how well written those messages are.
Intel Skylake CPUs are particularly problematic. Those are most of the
"6th generation Core" processors and some of the "7th generation Core".
<https://en.wikipedia.org/wiki/Skylake_(microarchitecture)>
The indirect branch predictor is a big problem. The retpoline deals with
most cases. On Skylake, this predictor is used in another case: for
return instructions that cause underflow in the call/return predictor
stack.
That means that EVERY return instruction is suspect, and the cost of being
suspect is high. OK, if you can prove that the call/return predictor
stack has not underflowed, you can just do a return. But how?
The best fix is not on the table: it would be great if Intel could patch
microcode so that the return predictor did not fall back to the indirect
branch predictor. It sounds easy, but I infer that it is not technically
possible.
More information about the talk
mailing list