Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3348C6379F for ; Mon, 20 Feb 2023 19:12:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233087AbjBTTMx (ORCPT ); Mon, 20 Feb 2023 14:12:53 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38806 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232147AbjBTTMt (ORCPT ); Mon, 20 Feb 2023 14:12:49 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3A2E02279D for ; Mon, 20 Feb 2023 11:12:20 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id C0FDFB80DC8 for ; Mon, 20 Feb 2023 19:11:00 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 83B7AC433B4 for ; Mon, 20 Feb 2023 19:10:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1676920259; bh=HYj2JrNoOeQCfF/fA+CMso1srlcz6lsACttDPRCDH1c=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=QBSStRS19Ntd6ywZBG28lu434sDuhidjlN+csFk0l2Za8moi06UTXzpPZjAeY7RWj 7293qhpkI8ipEUcdgZ7anF5MDsIaFSGObagZk+RJsO37amSQxmsPkFKnW093/VfPSJ v8+JEs2Bksj0OLFGAk4ejs+Av3jjg7IkToshnSnX76XEGwe/H8I2AcPhynrFT3DcoU x9wqw2nhovIyJobkhiVbCusY5rkJizNNymUEouKSg13Lp+KqwLlbWJ7SUWsOXCUbUz 6eAGydBR2hFKn9pNTs8sjRKFLDVcG0m4WV+lPmDVAC56g+yimFNS1iTvVm2CPSZ/SK FD+BePJC8VL5w== Received: by mail-ed1-f41.google.com with SMTP id s26so8429490edw.11 for ; Mon, 20 Feb 2023 11:10:59 -0800 (PST) X-Gm-Message-State: AO0yUKUfv+6eDvge/dyAXDyGTaiw3pP4QsyrgM2P6XWAS7nu+/aVOKWs JsKjyWueP8jv2rF5v7EbGq6K4tlUolrw8NXtai1T1g== X-Google-Smtp-Source: AK7set9zPY8xCuDm9jXKfRySwPKynaiEx+hJXoG08HoUM5m1451XL+fCoduFnLrl05xe924cEzonfAjlJycpTN+F8GA= X-Received: by 2002:a50:935b:0:b0:4ae:f648:950b with SMTP id n27-20020a50935b000000b004aef648950bmr1466871eda.7.1676920257643; Mon, 20 Feb 2023 11:10:57 -0800 (PST) MIME-Version: 1.0 References: <20230220163442.7fmaeef3oqci4ee3@treble> <20230220175929.2laflfb2met6y3kc@treble> In-Reply-To: From: KP Singh Date: Mon, 20 Feb 2023 11:10:46 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH RESEND] x86/speculation: Fix user-mode spectre-v2 protection with KERNEL_IBRS To: Borislav Petkov Cc: Josh Poimboeuf , linux-kernel@vger.kernel.org, pjt@google.com, evn@google.com, tglx@linutronix.de, mingo@redhat.com, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, peterz@infradead.org, pawan.kumar.gupta@linux.intel.com, kim.phillips@amd.com, alexandre.chartre@oracle.com, daniel.sneddon@linux.intel.com, =?UTF-8?Q?Jos=C3=A9_Oliveira?= , Rodrigo Branco , Alexandra Sandulescu , Jim Mattson , stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 20, 2023 at 11:02 AM Borislav Petkov wrote: > > On Mon, Feb 20, 2023 at 10:56:38AM -0800, KP Singh wrote: > > Sure, it looks like an omission to me, we wrote a POC on Skylake that > > was able to do cross-thread training with the current set of > > mitigations. > > Right. > > > STIBP with IBRS is still correct if spectre_v2=ibrs had really meant > > IBRS everywhere, > > Yeah, IBRS everywhere got shot down as a no-no very early in the game, > for apparent reasons. As you said in the other thread, this needs to be documented both in the code and the kernel documentation. > > > but just means KERNEL_IBRS, which means only kernel is protected, > > userspace is still unprotected. > > Yes, that was always the intent with IBRS: enable on kernel entry and > disable on exit. > > Thx. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette