Re: [patch V2 05/28] x86/speculation: Disable STIBP when enhanced IBRS is in use
On Sun, Nov 25, 2018 at 07:33:33PM +0100, Thomas Gleixner wrote:
> If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2
> user space exploits from hyperthread sibling.
>
> Disable STIBP when enhanced IBRS is used.
Reviewed-by: Konrad Rzeszutek Wilk
Thank you!
>
> Signed-off-by: Tim Chen
> Signed-off-by: Thomas Gleixner
>
> ---
> arch/x86/kernel/cpu/bugs.c |7 +++
> 1 file changed, 7 insertions(+)
>
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -321,6 +321,10 @@ static bool stibp_needed(void)
> if (spectre_v2_enabled == SPECTRE_V2_NONE)
> return false;
>
> + /* Enhanced IBRS makes using STIBP unnecessary. */
> + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
> + return false;
> +
> if (!boot_cpu_has(X86_FEATURE_STIBP))
> return false;
>
> @@ -846,6 +850,9 @@ static ssize_t l1tf_show_state(char *buf
>
> static char *stibp_state(void)
> {
> + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
> + return "";
> +
> if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
> return ", STIBP";
> else
>
>
Re: [patch V2 05/28] x86/speculation: Disable STIBP when enhanced IBRS is in use
On Sun, Nov 25, 2018 at 07:33:33PM +0100, Thomas Gleixner wrote:
> If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2
> user space exploits from hyperthread sibling.
>
> Disable STIBP when enhanced IBRS is used.
Reviewed-by: Konrad Rzeszutek Wilk
Thank you!
>
> Signed-off-by: Tim Chen
> Signed-off-by: Thomas Gleixner
>
> ---
> arch/x86/kernel/cpu/bugs.c |7 +++
> 1 file changed, 7 insertions(+)
>
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -321,6 +321,10 @@ static bool stibp_needed(void)
> if (spectre_v2_enabled == SPECTRE_V2_NONE)
> return false;
>
> + /* Enhanced IBRS makes using STIBP unnecessary. */
> + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
> + return false;
> +
> if (!boot_cpu_has(X86_FEATURE_STIBP))
> return false;
>
> @@ -846,6 +850,9 @@ static ssize_t l1tf_show_state(char *buf
>
> static char *stibp_state(void)
> {
> + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
> + return "";
> +
> if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
> return ", STIBP";
> else
>
>
[patch V2 05/28] x86/speculation: Disable STIBP when enhanced IBRS is in use
If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2
user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen
Signed-off-by: Thomas Gleixner
---
arch/x86/kernel/cpu/bugs.c |7 +++
1 file changed, 7 insertions(+)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -321,6 +321,10 @@ static bool stibp_needed(void)
if (spectre_v2_enabled == SPECTRE_V2_NONE)
return false;
+ /* Enhanced IBRS makes using STIBP unnecessary. */
+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ return false;
+
if (!boot_cpu_has(X86_FEATURE_STIBP))
return false;
@@ -846,6 +850,9 @@ static ssize_t l1tf_show_state(char *buf
static char *stibp_state(void)
{
+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ return "";
+
if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
return ", STIBP";
else
[patch V2 05/28] x86/speculation: Disable STIBP when enhanced IBRS is in use
If enhanced IBRS is active, STIBP is redundant for mitigating Spectre v2
user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen
Signed-off-by: Thomas Gleixner
---
arch/x86/kernel/cpu/bugs.c |7 +++
1 file changed, 7 insertions(+)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -321,6 +321,10 @@ static bool stibp_needed(void)
if (spectre_v2_enabled == SPECTRE_V2_NONE)
return false;
+ /* Enhanced IBRS makes using STIBP unnecessary. */
+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ return false;
+
if (!boot_cpu_has(X86_FEATURE_STIBP))
return false;
@@ -846,6 +850,9 @@ static ssize_t l1tf_show_state(char *buf
static char *stibp_state(void)
{
+ if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED)
+ return "";
+
if (x86_spec_ctrl_base & SPEC_CTRL_STIBP)
return ", STIBP";
else
