Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1764FC61DA4 for ; Thu, 23 Feb 2023 14:52:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234365AbjBWOwd (ORCPT ); Thu, 23 Feb 2023 09:52:33 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229502AbjBWOwc (ORCPT ); Thu, 23 Feb 2023 09:52:32 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 414A059424 for ; Thu, 23 Feb 2023 06:52:31 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id BD4D41EC06F0; Thu, 23 Feb 2023 15:52:29 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1677163949; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=OeGccNjEKIzTcdNPG0OK8Ij5ep1oHfZDb+0nQEmJ8ac=; b=di6slqu4z7knGSd162T6wARwGYrk/V2cILlZFAPTqeHz3IwUy3MVFyG7rA+8NxOjal+T8d 5IT7O73fUAPlPW8yYAMyyRcWJN2tRi+JE97YvXJCOkkMAUYUO0N4cEe0BWxFMljKwfCVhH vJGzol48LX3PvW8klT0AS/0KqFryKXQ= Date: Thu, 23 Feb 2023 15:52:25 +0100 From: Borislav Petkov To: KP Singh Cc: linux-kernel@vger.kernel.org, pjt@google.com, evn@google.com, jpoimboe@kernel.org, tglx@linutronix.de, x86@kernel.org, hpa@zytor.com, peterz@infradead.org, pawan.kumar.gupta@linux.intel.com, kim.phillips@amd.com, alexandre.chartre@oracle.com, daniel.sneddon@linux.intel.com, corbet@lwn.net, bp@suse.de, linyujun809@huawei.com, jmattson@google.com Subject: Re: [PATCH v2 2/2] Documentation/hw-vuln: Document the interaction between IBRS and STIBP Message-ID: References: <20230221184908.2349578-1-kpsingh@kernel.org> <20230221184908.2349578-2-kpsingh@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230221184908.2349578-2-kpsingh@kernel.org> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 21, 2023 at 07:49:08PM +0100, KP Singh wrote: > ... Consequently, STIBP needs to be explicitly > + enabled to guard against cross-thread attacks in userspace. needs? That sounds like something the user needs to do. But we do it by default. Let's rephrase: "Systems which support enhanced IBRS (eIBRS) enable IBRS protections once at boot and they're automatically protected against Spectre v2 variant attacks, including cross-thread branch target injections on SMT systems (STIBP). IOW, eIBRS enables STIBP too. Legacy IBRS systems clear the IBRS bit on exit to userspace and therefore explicitly enable STIBP for that." Simple. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette