On Wed, Sep 30, 2020 at 02:46:05PM -0700, Dave Hansen wrote: > On 9/30/20 2:36 PM, Jarkko Sakkinen wrote: > > 1. Full reptoline is the safest alternative and we have it done already. > > I wouldn't feel _quite_ comfortable saying this. > > LFENCEs have architecturally defined behavior. Retpolines have zero > future guarantees in the architecture. I'll take an LFENCE that (versus > a retpoline) is: > > 1. Less code > 2. Never has to be patched > 3. Never causes functional problems (like with CET) > 4. Has architectural semantics > > The only advantage retpolines offer is that they have a well-defined > mitigations on existing microarchitectures. > > To me, an LFENCE is waaaaaaay "safer". This is a buy-in argument for me. We know that CET-SS breaks RETPOLINE, which can be solved by applying boot time patching. However, there could be however many other features that could conflict with it in yet non-existing microarchitectures, which would make the patching process tedious to manage over time. Essentially, we will end up maintaining the backward and forward compatibility forever in software. That does not sound too motivating, agreed. "Plain" LFENCE does not possess this issue as it is fully contained to the microarchitecture. Thus, software does not have to do anything to maintain backward and forward compatibility, which means that the SGX vDSO continues to functionally work even in the old kernel images to forseeable future. To summarize, we will use LFENCE as it has overally the best characteristics for the vDSO when balancing between security and keeping things functionally working. Do I have the correct understanding of your argument? Just sanity checking before I change any part of the code or documentation. /Jarkko
