On Mon, Feb 20, 2023 at 9:59 AM Josh Poimboeuf jpoimboe@kernel.org wrote:
On Mon, Feb 20, 2023 at 06:46:04PM +0100, Borislav Petkov wrote:
On Mon, Feb 20, 2023 at 08:34:42AM -0800, Josh Poimboeuf wrote:
We will never enable IBRS in user space. We tried that years ago and it was very slow.
Then I don't know what this is trying to fix.
We'd need a proper bug statement in the commit message what the problem is. As folks have established, the hw vuln mess is a whole universe of crazy. So without proper documenting, this spaghetti madness will be completely unreadable.
Agreed, and there seems to be a lot of confusion around this patch. I think I understand the issue, let me write up a new patch which is hopefully clearer.
Feel free to write a patch, but I don't get the confusion.
Well, we disable IBRS userspace (this is KENREL_IBRS), because it is slow. Now if a user space process wants to protect itself from cross thread training, it should be able to do it, either by turning STIBP always on or using a prctl to enable. With the current logic, it's unable to do so. All of this is mentioned in the commit message.
-- Josh