Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode

[Jiri Kosina]

On Mon, 3 Dec 2018, Tim Chen wrote:

> > Can we please just fix this stupid lie?
> > 
> > Yes, Intel calls it "STIBP" and tries to make it out to be about the
> > indirect branch predictor being per-SMT thread.
> > 
> > But the reason it is unacceptable is apparently because in reality it just
> > disables indirect branch prediction entirely. So yes, *technically* it's
> > true that that limits indirect branch prediction to just a single SMT
> > core, but in reality it is just a "go really slow" mode.
> > 
> > If STIBP had actually just keyed off the logical SMT thread, we wouldn't
> > need to have worried about it in the first place.
> > 
> > So let's document reality rather than Intel's Pollyanna world-view.
> > 
> > Reality matters. It's why we had to go all this. Lying about things
> > and making it appear like it's not a big deal was why the original
> > patch made it through without people noticing.
> > 
> 
> 
> To make the usage of STIBP and its working principles clear,
> here are some additional explanations of STIBP from our Intel
> HW architects.  This should also help answer some of the questions
> from Thomas and others on STIBP's usages with IBPB and IBRS.

Thanks a lot, this indeed does shed some light.

I have one question though:

[ ... snip ... ]
> On processors with enhanced IBRS support, we recommend setting IBRS to 1
> and left set. 

Then why doesn't CPU with EIBRS support acutally *default* to '1', with 
opt-out possibility for OS?

Thanks,

-- 
Jiri Kosina
SUSE Labs