Additionally, if you look at the changelogs for old ABL, it seems like this policy decision (only supporting for PRO SKUs) has always been implemented in firmware:
Well, the FDIV bug is simpler. AFAICT this whole thing is tied up in the relationship between DVFS, silicon aging, and being able to have guarantees about clock reliability. That seems hard to reason about when you give BIOS vendors and users the ability to do over-volting/over-clocking (and of course, it's worse when you are maybe relying on all this in certain situations to try and approach parity with other hardware vendors who are taping out machines on CMOS processes that are more mature than yours).
afaict part of the messaging behind this quake is about the worry that big Sanriku earthquakes like this might make it easier for the northeast part of the trench to unlock (closer to Aomori and Hokkaido, where the Japan Trench starts turning into the Kuril Trench).
No reason that the rate of subduction has to be the same everywhere. Some of the plate boundaries might be moving into each other in different directions too, the coupling between plates is not necessarily the same everywhere.
Anyway, in the case of Cascadia, remember that the lack of big earthquakes over the past 100 years is probably telling you that we just happen to live in a time where strain is accumulating (D:)
The idea here is about maintaining a "path history"!
When looking up a register that tracks the "local" history of outcomes for a particular branch, you want to have a hash function that captures enough context to distinguish
the different situations where that branch might be encountered.
Apart from folding a long "global history" of recent outcomes and mixing in the current program counter, I think many modern machines also mix in the target addresses of recently-taken branches.
Probably because it's very likely that both AMD and Intel have had engineers working on this sort of thing for a long time, and they're now deciding to collectively hash out whatever the solution is going to be for both of them.
I'm not arguing MPX was a good solution, just that it's silly to assume folks designing x86 machines have been totally ignoring developments in that space for the past ten years.
fwiw "knee-jerk reaction to Apple MIE" is not exactly the right characterization of this. MPX existed and faded away, and it's not very surprising that x86-world would wait for someone else to try shipping hardware support for memory safety features before trying again.
I wonder if this is in response to FineIBT trying to figure out what to use as an undefined opcode? Apparently 0xd6 is being reserved as undefined going forward:
Yeah totally. It's really easy to forget about the fact that x86 is abstracting a lot of stack operations away from you (and obviously that's part of why it's a useful abstraction!).
I wonder if anyone has actually measured what the code size savings from this look like for typical programs, that would be an interesting read.
RISC trope is to expose a "link register" and expect the programmer to manage storage for a return address, but if call/ret manage this for you auto-magically you're at least saving some space whenever dealing with non-leaf functions.
didn't realize that since the last time i looked at these docs, seems like they've added lots of nice block diagrams for all the different parts of the machine. neat!
Since everyone is upset about the lack of technical details in the article, I'll try:
The takeaway from that paper (imo, afaict) is that guest userspace can influence indirect predictor entries in KVM host userspace. I don't really know anything about Xen, but presumably it is unaffected because there is no Xen host userspace, just a tiny hypervisor running privileged code in the host context. With KVM, Linux userspace is still functional in the host context.
Presumably, the analogy to host kernel/userspace in KVM is dom0, but in Xen this is a guest VM.
If cross-guest cases are mitigated in Xen (like in the case of KVM, see Table 2 in the paper), you'd expect that this attack just doesn't apply to Xen. Apart from there being no interesting host userspace, IBPB/STIBP might be enough to insulate other guests from influencing dom0. If you're already taking the hit of resetting the predictors when entering dom0, presumably you are not worried about this particular bug.
Not even true: Arm, Intel, AMD, and most other hardware vendors (who are actively making an effort to support Linux on their parts) actually publish useful[^1] documentation.
edit: Also, not knocking the Qualcomm folks working on Linux here, just observing that the lack of hardware documentation doesn't exactly help reeling in contributors.
[^1]: Maybe in some cases not as useful as it could be when bringing up some OS on hardware, but certainly better than nothing
Not surprising considering I haven't seen a programming manual or actual datasheet for these things in the first place. Usually helps if you tell the community how to interact with your hardware ..
> preventing instructions from issuing seems like too hard of a requirement
If this were the case, you could perform SYSCALL in the shadow of a mispredicted branch, and then try to use it to leak data from privileged code.
When the machine encounters an instruction that changes privilege level, you need to validate that you're on a correct path before you start scheduling and executing instructions from another context. Otherwise, you might be creating a situation where instructions in userspace can speculatively influence instructions in the kernel (among probably many other things).
That's why you typically make things like this drain the pipeline - once all younger instructions have retired, you know that you're on a correct [not-predicted] path through the program.
edit: Also, here's a recent example[^1] of how tricky these things can be (where SYSCALL isn't even serializing enough to prevent effects in one privilege level from propagating to another)
(Sorry for the self-plug but) I also wrote a bit about the behavior of PREFETCH recently in case anyone is interested in this sort of thing.
See this example (for Linux on AMD):
https://github.com/amd/firmware_binaries/blob/main/cezanne/P...
AFAICT the situation here is, it should have never been enabled for these consumer parts in the first place.