Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-92849

RHEL-10 spectre2 improvements - Don't fill RSB on context switch with eIBRS

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Task Task
    • Resolution: Cannot Reproduce
    • Icon: Undefined Undefined
    • None
    • None
    • kernel / Networking
    • None
    • rhel-net-core
    • ssg_networking
    • None
    • False
    • Hide

      None

      Show
      None
    • None

      Hello everyone:

       

      It looks like there is a commit which should be backported to RHEL:

      commit 27ce8299bc1ec6df8306073785ff82b30b3cc5ee
Author: Josh Poimboeuf <jpoimboe@kernel.org>
Date:   Tue Apr 8 14:47:34 2025 -0700

    x86/bugs: Don't fill RSB on context switch with eIBRS
    
    User->user Spectre v2 attacks (including RSB) across context switches
    are already mitigated by IBPB in cond_mitigation(), if enabled globally
    or if either the prev or the next task has opted in to protection.  RSB
    filling without IBPB serves no purpose for protecting user space, as
    indirect branches are still vulnerable.
    
    User->kernel RSB attacks are mitigated by eIBRS.  In which case the RSB
    filling on context switch isn't needed, so remove it.
    
    Suggested-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
    Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
    Signed-off-by: Ingo Molnar <mingo@kernel.org>
    Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
    Reviewed-by: Amit Shah <amit.shah@amd.com>
    Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
    Link: https://lore.kernel.org/r/98cdefe42180358efebf78e3b80752850c7a3e1b.1744148254.git.jpoimboe@kernel.org

      But this isn't something that PE would handle as it is related to Spectre. Perhaps we need to add a new ticket for that one.

      There's an Emerald Rapids issue for which jpoimboe@redhat.com had a theory, but I'm not entirely sure where we stand on that or what the next steps should be.

      > I am wondering if "rep movsb" is actually slower than the manual copy for the small buffer sizes, at least on Emerald Rapids. I'll build a kernel to test that theory (along with the other fixes).

      And it looks like this issue has been addressed:

      https://issues.redhat.com/browse/RHEL-70187

       

      Please note that this issue is followup of 

      https://issues.redhat.com/browse/RHEL-40027

      In the original jira, there was a discussion about two separate performance affecting issues, it became long and bloated, so we decided to split this spectre related patch into separate jira, and close the original one.

       

      Thank you for understanding, feel free to drop comment if there is something unclear. 

       

       

              nst-kernel-bugs nst-kernel-bugs
              aokuliar Adam Okuliar
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: