Re: [patch V2 27/28] x86/speculation: Add seccomp Spectre v2 user space protection mode
From: Thomas Gleixner
Date: Sun Nov 25 2018 - 17:29:07 EST
On Sun, 25 Nov 2018, Linus Torvalds wrote:
> [ You forgot to fix your quilt setup.. ]
Duh. Should have pinned that package.
> On Sun, 25 Nov 2018, Thomas Gleixner wrote:
> >
> > The mitigation guide documents how STIPB works:
> >
> > Setting bit 1 (STIBP) of the IA32_SPEC_CTRL MSR on a logical processor
> > prevents the predicted targets of indirect branches on any logical
> > processor of that core from being controlled by software that executes
> > (or executed previously) on another logical processor of the same core.
>
> Can we please just fix this stupid lie?
Well, it's not a lie. The above is correct, it just does not tell WHY this
works.
> Yes, Intel calls it "STIBP" and tries to make it out to be about the
> indirect branch predictor being per-SMT thread.
>
> But the reason it is unacceptable is apparently because in reality it just
> disables indirect branch prediction entirely. So yes, *technically* it's
> true that that limits indirect branch prediction to just a single SMT
> core, but in reality it is just a "go really slow" mode.
Indeed. Just checked the documentation again, it's also not clear whether
IBPB is required if STIPB is in use.
Thanks,
tglx