[kernel][x86] Spectre V2: Flush RAS on context switches, not every kernel entry

x86 processors consult a hardware stack to predict target addresses of
RET instructions. The behavior of RAS/RSBs are well-documented, so they
are used as a core structure in Spectre V2 indirect branch target poisoning
defenses (retpolines); however RSBs themselves may be attacked and are
sometimes susceptible to underflow (SpectreRSB and Skylake underflow).

To protect against RSB attacks (cross-process and user->kernel), we
conservatively overwrote the RSB on all kernel entries in an earlier
commit.

That was unnecessary - potentially poisoned RSB entries can only be
consumed by RETs not paired with CALLs. This situation is only possible
in the context switch code and on #VMExits. Move the RSB flush out of
the kernel entries to the context switch code.

Also add a TODO to the x86_mwait() idle code - certain idle states clear
the RSB and open underflow attacks.

Bug: 33667 Spectre mitigations?
Bug: 12540 Speculative Execution Mitigations.

Change-Id: I67d1d0e18eb64581f8faa77920f486b457ee4da1
7 files changed
tree: cfb24279a91c9d547fa35940058e9d630e84c2b3
  1. boards/
  2. build/
  3. bundles/
  4. docs/
  5. examples/
  6. garnet/
  7. peridot/
  8. products/
  9. scripts/
  10. sdk/
  11. src/
  12. third_party/
  13. tools/
  14. zircon/
  15. .clang-format
  16. .clang-tidy
  17. .dir-locals.el
  18. .gitattributes
  19. .gitignore
  20. .gn
  21. .style.yapf
  22. AUTHORS
  23. BUILD.gn
  24. CODE_OF_CONDUCT.md
  25. CONTRIBUTING.md
  26. LICENSE
  27. OWNERS
  28. PATENTS
  29. README.md
  30. rustfmt.toml
README.md

Fuchsia

Pink + Purple == Fuchsia (a new operating system)

What is Fuchsia?

Fuchsia is a modular, capability-based operating system. Fuchsia runs on modern 64-bit Intel and ARM processors.

Fuchsia is an open source project with a code of conduct that we expect everyone who interacts with the project to respect.

How can I build and run Fuchsia?

See Getting Started.

Where can I learn more about Fuchsia?

See fuchsia.dev.