Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP

From: Borislav Petkov
Date: Thu Feb 23 2023 - 09:52:34 EST

Next message: Daniel Wagner: "Re: [PATCH] Add quirk for ADATA SX6000PNP"
Previous message: Hyeonggon Yoo: "Re: [PATCH v3 16/35] mm/mmap: write-lock VMAs before merging, splitting or expanding them"
In reply to: KP Singh: "[PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP"
Next in thread: KP Singh: "Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 21, 2023 at 07:49:08PM +0100, KP Singh wrote:
> ... Consequently, STIBP needs to be explicitly
> + enabled to guard against cross-thread attacks in userspace.

needs?

That sounds like something the user needs to do. But we do it by
default. Let's rephrase:

"Systems which support enhanced IBRS (eIBRS) enable IBRS protections once at
boot and they're automatically protected against Spectre v2 variant
attacks, including cross-thread branch target injections on SMT systems
(STIBP). IOW, eIBRS enables STIBP too.

Legacy IBRS systems clear the IBRS bit on exit to userspace and
therefore explicitly enable STIBP for that."

Simple.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Daniel Wagner: "Re: [PATCH] Add quirk for ADATA SX6000PNP"
Previous message: Hyeonggon Yoo: "Re: [PATCH v3 16/35] mm/mmap: write-lock VMAs before merging, splitting or expanding them"
In reply to: KP Singh: "[PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP"
Next in thread: KP Singh: "Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]