Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP

From: Borislav Petkov
Date: Thu Feb 23 2023 - 09:52:34 EST


On Tue, Feb 21, 2023 at 07:49:08PM +0100, KP Singh wrote:
> ... Consequently, STIBP needs to be explicitly
> + enabled to guard against cross-thread attacks in userspace.

needs?

That sounds like something the user needs to do. But we do it by
default. Let's rephrase:

"Systems which support enhanced IBRS (eIBRS) enable IBRS protections once at
boot and they're automatically protected against Spectre v2 variant
attacks, including cross-thread branch target injections on SMT systems
(STIBP). IOW, eIBRS enables STIBP too.

Legacy IBRS systems clear the IBRS bit on exit to userspace and
therefore explicitly enable STIBP for that."

Simple.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette