[Webkit-unassigned] [Bug 188145] Hardcoded LFENCE instruction
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 30 09:23:58 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=188145
--- Comment #12 from karogyoker2+webkit at gmail.com ---
I've created a new patch. Now it has Spectre mitigation also for machines without SSE2.
It is using the slower CPUID instruction instead of LFENCE, but it is still better than an instant app crash.
My idea of withdrawing support for non-SSE2 X86 machines was just a quick, not well thought idea and I already regretted that I mentioned it. Please, don't make obsolete those machines if it is possible to fix this issue without obsoleting a lot of CPUs.
Let me quote Michael Catanzaro, developer at Igalia[1]:
"For WebKitGTK+, SSE2 instructions are forbidden (except when building for x86_64) because that's what our distributors require. But I doubt all developers are aware of this, and I also doubt anybody ever tests on such old hardware. So it might require some effort to audit the codebase for unwanted SSE2 instructions to make sure they're not there and fix them if so."
So, it isn't really an option to not support non-SSE2 machines.
Also, even if there is no Spectre mitigation for some cases, it can be OK. For example, in case of a Windows build, the LFENCE instruction is not emitted[2]. Furthermore, there are no Spectre mitigations for MIPS (even though some newer MIPS processors are affected too[3]), but let me correct if I'm wrong. There are also controversies if LFENCE is "adequate enough for protecting against Spectre"[4].
Personally, I believe that the reasoning that WebKit can abandon non-SSE2 users because Microsoft also abandoned them (despite their product's end of life has not come yet), is not valid. Especially that they didn't do it on purpose. Additionally, Linux still cares about non-SSE2 users because if it cannot detect a serializing LFENCE instruction in the CPU then it switches to full generic retpoline (at it can be seen in the attached crashlog).
Theoretically, if there would be a decision to abandon non-SSE2 CPUs, it would be still needed to give a proper error message to the user instead of an app crash. But this would also require development, it would be easier to just use my patch (if it is accepted).
[1]: https://bugs.webkit.org/show_bug.cgi?id=187701#c7
[2]: https://bugs.webkit.org/show_bug.cgi?id=188149
[3]: https://www.mips.com/forums/topic/mips-mitigations-for-side-channel-vulnerabilities-on-speculative-execution-cpus/
[4]: https://bugs.webkit.org/show_bug.cgi?id=188145#c11
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180730/a45f43e9/attachment-0001.html>
More information about the webkit-unassigned
mailing list