OS-7621: Kernel needs to generally use RSB stuffing


Issue Type:Improvement
Priority:4 - Normal
Created at:2019-02-27T02:34:52.827Z
Updated at:2019-10-22T11:29:22.669Z


Created by:Former user
Reported by:Former user
Assigned to:Former user


Fixed: A fix for this issue is checked into the tree and tested.
(Resolution Date: 2019-08-19T18:40:12.203Z)

Fix Versions

2019-08-29 Zoo York (Release Date: 2019-08-29)


While RSB stuffing is required when implementing retpolines as in OS-7598, we actually need to more generally enable the use of retpolines. In particular, it has been proven that there are various techniques required to mitigate spectre on older systems where RSB stuffing is required. Note, while Skylake+ systems require RSB stuffing to protect them from cases where the kernel is influenced, we also need to perform RSB stuffing to make sure that we clear the state out on context switch and VM entry/exit to get us into a better state for other possible attacks.


Comment by Former user
Created at 2019-08-09T21:25:02.957Z

Testing for this has taken place as part of OS-7598.

Comment by Jira Bot
Created at 2019-08-19T18:37:57.113Z

illumos-joyent commit fae35450c961f8c5a41382adf0e202906b2c4584 (branch master, by Robert Mustacchi)

OS-7598 Kernel needs to be built with retpolines
OS-7621 Kernel needs to generally use RSB stuffing
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>
Approved by: Joshua M. Clulow <jmc@joyent.com>