On 18/01/2018 18:08, Dave Hansen wrote: > On 01/18/2018 08:37 AM, Josh Poimboeuf wrote: >>> >>> --- a/Documentation/admin-guide/kernel-parameters.txt >>> +++ b/Documentation/admin-guide/kernel-parameters.txt >>> @@ -3932,6 +3932,7 @@ >>> retpoline - replace indirect branches >>> retpoline,generic - google's original retpoline >>> retpoline,amd - AMD-specific minimal thunk >>> + ibrs - Intel: Indirect Branch Restricted >>> Speculation >> Are there plans to add spectre_v2=ibrs_always to prevent SMT-based >> attacks? > > What does "ibrs_always" mean to you? > > There is a second bit in the MSR (STIBP) that is intended to keep > hyperthreads from influencing each-other. That is behavior is implicit > when IBRS is enabled.
Yeah, I think we should have a mode to always leave that enabled, or always set IBRS=1. > I think ibrs_always *should* probably be kept to refer to the future > CPUs that can safely leave IBRS enabled all the time. Is that "safely" or "without throwing performance down the drain"? Does "always IBRS=1" *hinder* the mitigation on existing processor, as long as you reset IBRS=1 on kernel entry and vmexit? Or is it just slow? Paolo
