commit | b4135eda402637e5da261db895bf7ec8f067cf31 | [log] [tgz] |
---|---|---|
author | Venkatesh Srinivas <venkateshs@google.com> | Wed Jan 22 17:44:53 2020 +0000 |
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | Wed Jan 22 17:44:53 2020 +0000 |
tree | cfb24279a91c9d547fa35940058e9d630e84c2b3 | |
parent | 85fff8a35408917585010d2036b09b39a86952d8 [diff] |
[kernel][x86] Spectre V2: Flush RAS on context switches, not every kernel entry x86 processors consult a hardware stack to predict target addresses of RET instructions. The behavior of RAS/RSBs are well-documented, so they are used as a core structure in Spectre V2 indirect branch target poisoning defenses (retpolines); however RSBs themselves may be attacked and are sometimes susceptible to underflow (SpectreRSB and Skylake underflow). To protect against RSB attacks (cross-process and user->kernel), we conservatively overwrote the RSB on all kernel entries in an earlier commit. That was unnecessary - potentially poisoned RSB entries can only be consumed by RETs not paired with CALLs. This situation is only possible in the context switch code and on #VMExits. Move the RSB flush out of the kernel entries to the context switch code. Also add a TODO to the x86_mwait() idle code - certain idle states clear the RSB and open underflow attacks. Bug: 33667 Spectre mitigations? Bug: 12540 Speculative Execution Mitigations. Change-Id: I67d1d0e18eb64581f8faa77920f486b457ee4da1
Pink + Purple == Fuchsia (a new operating system)
Fuchsia is a modular, capability-based operating system. Fuchsia runs on modern 64-bit Intel and ARM processors.
Fuchsia is an open source project with a code of conduct that we expect everyone who interacts with the project to respect.
See Getting Started.
See fuchsia.dev.