On Sat, Sep 3, 2022 at 8:30 PM Jim Mattson <jmattson@xxxxxxxxxx> wrote: > > On Sat, Sep 3, 2022 at 4:50 PM Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote: > > > [*] Not 100% true - if STIBP gets disabled by the guest, there's a small > > window of opportunity where the SMT sibling can help force a > > retbleed attack on a RET between the MSR write and the vmrun. But > > that's really unrealistic IMO. > > That was my concern. How big does that window have to be before a > cross-thread attack becomes realistic, and how do we ensure that the > window never gets that large? Per https://developer.amd.com/wp-content/resources/111006-B_AMD64TechnologyIndirectBranchControlExtenstion_WP_7-18Update_FNL.pdf: When this bit is set in processors that share branch prediction information, indirect branch predictions from sibling threads cannot influence the predictions of other sibling threads. It does not say that upon clearing IA32_SPEC_CTRL.STIBP, that only *future* branch prediction information will be shared. If all existing branch prediction information is shared when IA32_SPEC_CTRL.STIBP is clear, then there is no window.