On Mon, Feb 20, 2023 at 9:59 AM Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote: > > On Mon, Feb 20, 2023 at 06:46:04PM +0100, Borislav Petkov wrote: > > On Mon, Feb 20, 2023 at 08:34:42AM -0800, Josh Poimboeuf wrote: > > > We will never enable IBRS in user space. We tried that years ago and it > > > was very slow. > > > > Then I don't know what this is trying to fix. > > > > We'd need a proper bug statement in the commit message what the problem > > is. As folks have established, the hw vuln mess is a whole universe of > > crazy. So without proper documenting, this spaghetti madness will be > > completely unreadable. > > Agreed, and there seems to be a lot of confusion around this patch. I > think I understand the issue, let me write up a new patch which is > hopefully clearer. Feel free to write a patch, but I don't get the confusion. Well, we disable IBRS userspace (this is KENREL_IBRS), because it is slow. Now if a user space process wants to protect itself from cross thread training, it should be able to do it, either by turning STIBP always on or using a prctl to enable. With the current logic, it's unable to do so. All of this is mentioned in the commit message. > > -- > Josh
