http://xiaoliniess.space/index.php/2018/01/07/spectre-meltdown-and
-cpu-speculative-execution-issues/
这边有解释Google的Retpoline机制是怎么运作的
简单的说 就是利用ret取代了jmp 透过对编译器的修改
去愚弄CPU的预测加载机制 这篇也提到了 由于AMD的运作机制不一样
一样的code Intel展开以后的asm会比AMD的复杂 也因此AMD理论上会受到比较低的惩罚
那回到这次的问题 为什么Intel会这么急着推出更复杂的机制
而不是单纯靠引入Retpoline机制呢?
https://lwn.net/Articles/745111/
All relevant CPUs have the ability to speculate on RET using the return stack
buffer (RSB)—that's what makes retpolines work in the first place. The
problem with Skylake (and presumably also Kaby Lake and later) is that if the
RSB is empty, it can speculate RETs using the normal branch predictor
mechanisms, which are vulnerable to Spectre.
Forcing an empty RSB is not trivial—it can happen on IRQs (including SMM
interrupts), or if the call stack gets more than 16 entries deep (old entries
get popped off on CALL, and then on the 17th RET, you've forgotten where you
originally came from). The question is how to weigh the risk of such
nontrivial attacks versus the cost of enabling IBRS.
LWN这边的讨论给了个可能的答案:
由于Skylake (甚至是以后的CPU? 看LKML的讨论没说不过可以合理怀疑7/8代都有?)
即使套用了Retpoline机制 也会因为更"先进"的分支预测技术
跳过了Retpoline的保护 也就是说 6代(以后?)的Intel CPU单靠Retpoline依然受到威胁
现在问题就是 为了完善保护开启IBRS机制 vs 极严重的性能惩罚
到底你要选哪一个