from the commit:

commit 02fb68711ba6d540087999d7cd4a67c16b69f2c0
Author: Jiri Kosina <jkosina@suse.cz>
Date: Tue Sep 25 14:38:55 2018 +0200

x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation

commit 53c613fe6349994f023245519265999eed75957f upstream.

STIBP is a feature provided by certain Intel ucodes / CPUs. This feature
(once enabled) prevents cross-hyperthread control of decisions made by
indirect branch predictors.

Enable this feature if

- the CPU is vulnerable to spectre v2
- the CPU supports SMT and has SMT siblings online
- spectre_v2 mitigation autoselection is enabled (default)

After some previous discussion, this leaves STIBP on all the time, as wrmsr
on crossing kernel boundary is a no-no. This could perhaps later be a bit
more optimized (like disabling it in NOHZ, experiment with disabling it in
idle, etc) if needed.

Note that the synchronization of the mask manipulation via newly added
spec_ctrl_mutex is currently not strictly needed, as the only updater is
already being serialized by cpu_add_remove_lock, but let's make this a
little bit more future-proof.


Back to top

Apparently the "on by default" behavior or "used for everything" is on the way out, as the devs did not expect the kind of performance hit that resulted: lkml.iu.edu/hypermail/linux/kernel/1811.2/01328.html

It can be disabled currently with the boot flag "nospectre_v2".
Back to top

Ah, gotcha. I went ahead and reverted the commit until they add a flag to disable just STIBP by itself. The latest liquorix release includes the reverted commit:

github.com/zen-kernel/zen-kernel/commit/15e9f950c2a7f55461f1c0856d4d1b361af3d759
Back to top