On Fri, 16 Nov 2018, Tim Chen wrote: > Create PRCTL interface to restrict an application's indirect branch > speculation. This will protect the application against spectre v2 attack > from another application. > > Invocations: > Check indirect branch speculation status with > - prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, 0, 0, 0); > > Enable indirect branch speculation with > - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_ENABLE, 0, 0); > > Disable indirect branch speculation with > - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_DISABLE, 0, 0); > > Force disable indirect branch speculation with > - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIR_BRANCH, PR_SPEC_FORCE_DISABLE, > 0, 0); > > See Documentation/userspace-api/spec_ctrl.rst.
I think that the fact that this talks about "indirect branch predictions" in general terms, but really controls only the SMT aspect of it (STIBP), as quite confusing. So I believe it should either be renamed, or actually control semantics of IBPB as well, no? Thanks, -- Jiri Kosina SUSE Labs
