Taming STIBP

Posted Dec 1, 2018 9:55 UTC (Sat) by pbonzini (subscriber, #60935)
In reply to: Taming STIBP by hmh
Parent article: Taming STIBP

Ring 0 is not using the indirect branch predictor on affected processors, all indirect branches are patched at runtime to use retpolines instead.

Taming STIBP

Posted Dec 1, 2018 19:29 UTC (Sat) by hmh (subscriber, #3838) [Link]

Thanks, that explains everything!

Taming STIBP

Posted Dec 5, 2018 18:37 UTC (Wed) by raistlin (guest, #37586) [Link] (1 responses)

Yep. Or, if one does not use retpoline, and uses IBRS instead (e.g., on future hardware where that may be faster, or as Xen does already, in some cases), that --I mean setting IBRS when entering ring 0-- prevents BTB updates done in ring 3 to affect branches in context with more privilege (like ring 0). Or so I've understood. :-D

Taming STIBP

Posted Dec 6, 2018 9:59 UTC (Thu) by hmh (subscriber, #3838) [Link]

That's how I understood it as well, but...

While it is likely to be true for "enhanced IBRS" (the one you leave always on, and which doesn't exist quite yet), for the current crop of processors that are way too prone to leak fleeting images of a future past, IMHO it is a IBRS property better tested before being trusted to exist.

After all, it is all about ghosts, and ghosts are tricky ;-)