Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2 protection with KERNEL_IBRS

From: Dave Hansen
Date: Mon Feb 20 2023 - 10:39:02 EST

Next message: Daniel Lezcano: "Re: [PATCH v1 07/17] thermal/hwmon: Use the thermal API instead tampering the internals"
Previous message: Ard Biesheuvel: "Re: [syzbot] upstream-arm64 build error"
In reply to: Borislav Petkov: "Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2 protection with KERNEL_IBRS"
Next in thread: Andrew Cooper: "Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2 protection with KERNEL_IBRS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/20/23 06:31, Borislav Petkov wrote:
> This above probably wants to say that you need to write 1 on CPL change
> because it has a flushing behavior of killing user prediction entries.

Right. The naive way of looking at IBRS is that setting IBRS=1
mitigates spectre-v2. But, as the documentation says, just _leaving_ it
set to 1 is not good enough. It must be actively rewritten in order to
get the strongest semantics.

It's still rather early in the morning, but I'm also quite confused
about what exactly the problem is here. The patch and the changelog
aren't especially clear. I'll need to stare at it with a cup of coffee
before I can give any coherent better suggestions, though.

Next message: Daniel Lezcano: "Re: [PATCH v1 07/17] thermal/hwmon: Use the thermal API instead tampering the internals"
Previous message: Ard Biesheuvel: "Re: [syzbot] upstream-arm64 build error"
In reply to: Borislav Petkov: "Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2 protection with KERNEL_IBRS"
Next in thread: Andrew Cooper: "Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2 protection with KERNEL_IBRS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]