Re: [patch 15/24] x86/speculation: Add command line control for indirect branch speculation
From: Borislav Petkov
Date: Thu Nov 22 2018 - 05:10:17 EST
On Thu, Nov 22, 2018 at 10:18:58AM +0100, Peter Zijlstra wrote:
> Right; that retpoline + IBPB case is one that came up earlier when we
> talked about this stuff. The IBPB also helps against app2app BTB ASLR
> attacks. So even if you have userspace retpoline, you might still want
> IBPB.
>
> But yes, this should be relatively straight forward to allow/fix with
> the proposed code.
So I got some feedback from AMD that IBPB on context switch has a
small perf impact and they wouldn't mind it being enabled by default
considering that it provides protection against a lot of attack
scenarios. Basically, what the recommendation says.
But if we go and do opt-in, then they're fine with it being off by
default if we decide to do it so in the kernel.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.