http://xiaoliniess.space/index.php/2018/01/07/spectre-meltdown-and
-cpu-speculative-execution-issues/
這邊有解釋Google的Retpoline機制是怎麼運作的
簡單的說 就是利用ret取代了jmp 透過對編譯器的修改
去愚弄CPU的預測載入機制 這篇也提到了 由於AMD的運作機制不一樣
一樣的code Intel展開以後的asm會比AMD的複雜 也因此AMD理論上會受到比較低的懲罰
那回到這次的問題 為什麼Intel會這麼急著推出更複雜的機制
而不是單純靠引入Retpoline機制呢?
https://lwn.net/Articles/745111/
All relevant CPUs have the ability to speculate on RET using the return stack
buffer (RSB)—that's what makes retpolines work in the first place. The
problem with Skylake (and presumably also Kaby Lake and later) is that if the
RSB is empty, it can speculate RETs using the normal branch predictor
mechanisms, which are vulnerable to Spectre.
Forcing an empty RSB is not trivial—it can happen on IRQs (including SMM
interrupts), or if the call stack gets more than 16 entries deep (old entries
get popped off on CALL, and then on the 17th RET, you've forgotten where you
originally came from). The question is how to weigh the risk of such
nontrivial attacks versus the cost of enabling IBRS.
LWN這邊的討論給了個可能的答案:
由於Skylake (甚至是以後的CPU? 看LKML的討論沒說不過可以合理懷疑7/8代都有?)
即使套用了Retpoline機制 也會因為更"先進"的分支預測技術
跳過了Retpoline的保護 也就是說 6代(以後?)的Intel CPU單靠Retpoline依然受到威脅
現在問題就是 為了完善保護開啟IBRS機制 vs 極嚴重的性能懲罰
到底你要選哪一個