On Tue, Nov 19, 2024 at 11:27:51PM -0800, Josh Poimboeuf wrote: > User->user Spectre v2 attacks (including RSB) across context switches > are already mitigated by IBPB in cond_mitigation(), if enabled globally > or if at least one of the tasks has opted in to protection. RSB filling Is below less ambiguous? s/if at least one of the tasks/if previous or the next task/ > without IBPB serves no purpose for protecting user space, as indirect > branches are still vulnerable. > > User->kernel RSB attacks are mitigated by eIBRS. In which case the RSB > filling on context switch isn't needed. Fix that. > > While at it, update and coalesce the comments describing the various RSB > mitigations. > > Suggested-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx> > Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx> Reviewed-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
