* CODE REVIEW: 16413 Post-barrier Return Stack Buffer (PBRSB) fixes can be detected in HW
@ 2024-03-25 17:14 Dan McDonald
0 siblings, 0 replies; only message in thread
From: Dan McDonald @ 2024-03-25 17:14 UTC (permalink / raw)
To: illumos-developer
While pushing the recent RFDS bits through, I realized that two years ago when I inserted Post-Barrier Return Stack Buffer (PBRSB) mitigations, I realized I'd not read the docs on it closely enough w.r.t. affected processors closely enough. Flushing the RSB (the x86_flush_rsb() routine) needs invocation in two POSSIBLE places: VMEXIT, and context-switches. What was done poorly two years ago was WHEN RSB flushes needed to happen.
ON PROCESSORS w/o Enhanced IBRS (eIBRS):
- Flush on context-switch
- NO FLUSHING NEEDED on VMEXIT (currently we do anyway)
ON PROCESSORS w/eIBRS it gets more tricky, as more modern ones can tell you if PBRSB is fixed:
- IF HW SAYS "PBRSB_NO"
- NO FLUSHING NEEDED
- IF HW DOES NOT SAY "PBRSB_NO"
- Flush on context-switch
- ALSO flush on VMEXIT
I've filed: https://www.illumos.org/issues/16413
The code here:
https://code.illumos.org/c/illumos-gate/+/3384
fixes this. This is not under Intel embargo or NDA, as it was published two years ago, but my relative-newness to this area of our kernel kept me from being more precise about when and when-not to flush the RSB back then.
I've tested it somewhat, I have one more set to run on two of the three tested pieces of HW, and notes are in the ticket.
Thanks,
Dan
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-25 17:14 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-25 17:14 CODE REVIEW: 16413 Post-barrier Return Stack Buffer (PBRSB) fixes can be detected in HW Dan McDonald
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).