top | item 16221018

(no title)

davidlt | 8 years ago

On ARM (A64, A32, T32) we get CSDB barrier, but it's a hint instruction instead of going via MSR registers.

From whitepaper CSDB is 1101_0101_0000_0011_0010_0010_100_11111

Here some snippets from ARM manuals:

HINT instruction:

1101 0101 0000 0011 0010 0010 100 11111 CRm = 0010 op2 = 100

Some encodings described here are not allocated in this revision of the architecture, and behave as NOPs. (This is important)

Hints 18 to 23 variant Applies when CRm == 0010 && op2 != 00x. HINT #<imm>

Hint is encoded in CRm:op2 pair, existing similar:

0010:000 ESB // Error Synchronization Barrier 0010:001 PSB CSYNC // Profiling Synchronization Barrier

Thus in assembler this is written:

hint #0x14

Which is a NOP if SOC does not understand this hint. It's being used here: http://lkml.iu.edu/hypermail/linux/kernel/1801.0/04191.html

and also here: https://github.com/ARM-software/speculation-barrier/blob/mas... (which is being upstreamed to compilers in cross-platform generic form IIRC)

ARM whitepaper states that conditional selection/conditional move is enough on most ARM implementations. If it's not the case then the new CSDB solves the problem. On older CPUs it's still a NOP.

X-Gene disables branch prediction: http://lkml.iu.edu/hypermail/linux/kernel/1801.2/06482.html

ThunderX2 branch prediction hardening: https://patchwork.kernel.org/patch/10151975/

discuss

bonzini|8 years ago

CSDB is for Spectre variant 1. The post is about variant 2.

readittwice|8 years ago

Thanks for the nice writeup!