Re: [PATCH v2 1/2] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline

From: Borislav Petkov
Date: Tue Dec 03 2024 - 07:27:43 EST

Next message: Dmitry Baryshkov: "Re: [PATCH v5 9/9] drm/vc4: hdmi: use drm_atomic_helper_connector_hdmi_update_edid()"
Previous message: Dmitry Baryshkov: "Re: [PATCH v1 4/4] misc: fastrpc: Add debugfs support for fastrpc"
In reply to: Pawan Gupta: "Re: [PATCH v2 1/2] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline"
Next in thread: Josh Poimboeuf: "Re: [PATCH v2 1/2] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 02, 2024 at 03:35:21PM -0800, Pawan Gupta wrote:
> It is in this doc:
>
> https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html
>

I hope those URLs remain more stable than past experience shows.

> "Processors with enhanced IBRS still support the usage model where IBRS is
> set only in the OS/VMM for OSes that enable SMEP. To do this, such
> processors will ensure that guest behavior cannot control the RSB after a
> VM exit once IBRS is set, even if IBRS was not set at the time of the VM
> exit."

ACK, thanks.

Now, can we pls add those excerpts to Documentation/ and point to them from
the code so that it is crystal clear why it is ok?

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Dmitry Baryshkov: "Re: [PATCH v5 9/9] drm/vc4: hdmi: use drm_atomic_helper_connector_hdmi_update_edid()"
Previous message: Dmitry Baryshkov: "Re: [PATCH v1 4/4] misc: fastrpc: Add debugfs support for fastrpc"
In reply to: Pawan Gupta: "Re: [PATCH v2 1/2] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline"
Next in thread: Josh Poimboeuf: "Re: [PATCH v2 1/2] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]