On Mon, 19 Apr 2021, Bertrand Marquis wrote: > Hi Julien, > > > On 18 Apr 2021, at 19:03, Julien Grall <[email protected]> wrote: > > > > From: Julien Grall <[email protected]> > > > > Some CPUs can speculate past a RET instruction and potentially perform > > speculative accesses to memory before processing the return. > > > > There is no known gadget available after the RET instruction today. > > However some of the registers (such as in check_pending_guest_serror()) > > may contain a value provided by the guest. > > > > In order to harden the code, it would be better to add a speculation > > barrier after each RET instruction. The performance impact is meant to > > be negligeable as the speculation barrier is not meant to be > > architecturally executed. > > > > Rather than manually inserting a speculation barrier, use a macro > > which overrides the mnemonic RET and replace with RET + SB. We need to > > use the opcode for RET to prevent any macro recursion. > > > > This patch is only covering the assembly code. C code would need to be > > covered separately using the compiler support. > > > > Note that the definition of the macros sb needs to be moved earlier in > > asm-arm/macros.h so it can be used by the new macro. > > > > This is part of the work to mitigate straight-line speculation. > > > > Signed-off-by: Julien Grall <[email protected]> > Reviewed-by: Bertrand Marquis <[email protected]>
Acked-by: Stefano Stabellini <[email protected]>
