[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y/d9qajJnR/ZcHvB@zn.tnic>
Date: Thu, 23 Feb 2023 15:52:25 +0100
From: Borislav Petkov <bp@...en8.de>
To: KP Singh <kpsingh@...nel.org>
Cc: linux-kernel@...r.kernel.org, pjt@...gle.com, evn@...gle.com,
jpoimboe@...nel.org, tglx@...utronix.de, x86@...nel.org,
hpa@...or.com, peterz@...radead.org,
pawan.kumar.gupta@...ux.intel.com, kim.phillips@....com,
alexandre.chartre@...cle.com, daniel.sneddon@...ux.intel.com,
corbet@....net, bp@...e.de, linyujun809@...wei.com,
jmattson@...gle.com
Subject: Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction
between IBRS and STIBP
On Tue, Feb 21, 2023 at 07:49:08PM +0100, KP Singh wrote:
> ... Consequently, STIBP needs to be explicitly
> + enabled to guard against cross-thread attacks in userspace.
needs?
That sounds like something the user needs to do. But we do it by
default. Let's rephrase:
"Systems which support enhanced IBRS (eIBRS) enable IBRS protections once at
boot and they're automatically protected against Spectre v2 variant
attacks, including cross-thread branch target injections on SMT systems
(STIBP). IOW, eIBRS enables STIBP too.
Legacy IBRS systems clear the IBRS bit on exit to userspace and
therefore explicitly enable STIBP for that."
Simple.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
Powered by blists - more mailing lists