On Mon, Jan 08, 2018 at 10:49:01AM -0800, Linus Torvalds wrote: > On Mon, Jan 8, 2018 at 9:05 AM, Mark Rutland <mark.rutl...@arm.com> wrote: > > > > I'm a little worried that in the presence of some CPU/compiler > > optimisations, the masking may effectively be skipped under speculation. > > So I'm not sure how robust this is going to be. > > Honestly, I think the masking is a hell of a lot more robust than any > of the "official" fixes. > > More generic data speculation (as opposed to control speculation) is
> (c) isn't actually done in any real CPU's today that I'm aware of > (unless you want to call the return stack data speculation). Maybe not generally, but the GPZ writeup claims that when a load that misses in the cache, some CPUs speculate the value (as all-zeroes). See "Variant 3: Rogue data cache load" in: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html If a CPU speculates a load of a mask as all-zeroes, we're fine. If a CPU can speculate the load of a mask as all-ones, the AND is effectively a NOP. I'll wait for Will to find out what's actually been built... Thanks, Mark.
