Actions
Bug #11788
closed
Kernel needs to generally use RSB stuffing
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:
Description
http://smartos.org/bugview/OS-7621
While RSB stuffing is required when implementing retpolines as in #11787, we actually need to more generally enable the use of retpolines. In particular, it has been proven that there are various techniques required to mitigate spectre on older systems where RSB stuffing is required. Note, while Skylake+ systems require RSB stuffing to protect them from cases where the kernel is influenced, we also need to perform RSB stuffing to make sure that we clear the state out on context switch and VM entry/exit to get us into a better state for other possible attacks.
Related issues
Updated by
Updated by Joshua M. Clulow over 3 years ago
- Related to Bug #11787: Kernel needs to be built with retpolines added
Updated by Electric Monk over 3 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 65f204200cf9a50fd6bad4093ee0b07bc35105ac
commit 65f204200cf9a50fd6bad4093ee0b07bc35105ac
Author: Robert Mustacchi <rm@joyent.com>
Date: 2019-10-22T09:03:00.000Z
11787 Kernel needs to be built with retpolines
11788 Kernel needs to generally use RSB stuffing
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>
Reviewed by: Paul Winder <paul@winders.demon.co.uk>
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Approved by: Joshua M. Clulow <josh@sysmgr.org>
Actions