If enhanced IBRS is engaged, STIBP is redundant in mitigating Spectre v2 user space exploits from hyperthread sibling.
Disable STIBP when enhanced IBRS is used.
Signed-off-by: Tim Chen tim.c.chen@linux.intel.com --- arch/x86/kernel/cpu/bugs.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 3a6f13b..199f27e 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -323,11 +323,16 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) return cmd; }
+/* Determine if STIBP should be always on. */ static bool stibp_needed(void) { if (spectre_v2_enabled == SPECTRE_V2_NONE) return false;
+ /* Using enhanced IBRS makes using STIBP unnecessary. */ + if (static_cpu_has(X86_FEATURE_USE_IBRS_ENHANCED)) + return false; + if (!boot_cpu_has(X86_FEATURE_STIBP)) return false;
@@ -856,6 +861,9 @@ static ssize_t l1tf_show_state(char *buf)
static char *stibp_state(void) { + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) + return ""; + if (x86_spec_ctrl_base & SPEC_CTRL_STIBP) return ", STIBP"; else