On Tue, Oct 25, 2022 at 09:56:21PM +0200, Johannes Berg wrote:
On Tue, 2022-10-25 at 12:38 -0700, Pawan Gupta wrote:
> And how is sprinking random LFENCEs around better than running with
> spectre_v2=eibrs,retpoline which is the current recommended mitigation
> against all this IIRC (or even eibrs,lfence for lesser values of
> paranoia).
Its a trade-off between performance and spot fixing (hopefully handful
of) gadgets. Even the gadget in question here is not demonstrated to be
exploitable. If this scenario changes, polluting the kernel all over is
definitely not the right approach.
Btw, now I'm wondering - you were detecting these with the compiler
based something, could there be a compiler pass to insert appropriate
things, perhaps as a gcc plugin or something?
I hear it could be a lot of work for gcc. I am not sure if its worth
especially when we can't establish the exploitability of these gadgets.
There are some other challenges like, hot-path sites would prefer to
mask the indexes instead of using a speculation barrier for performance
reasons. I assume adding this intelligence to compilers would be
extremely hard. Also hardware controls and features in newer processors
will make the software mitigations redundant.