Linux Patch Posted For Cross-Hyperthread Spectre Mitigation With STIBP

The latest Linux kernel patch coming to light in the Spectre space is by SUSE's Jiri Kosina for enabling cross-hyperthreaded Spectre V2 STIBP mitigation.

STIBP is short for Single Thread Indirect Branch Predictors and is supported by certain Intel CPUs and microcodes. What STIBP provides on supported CPUs/microcodes is from indirect branch predictions from being controlled by the sibling hyper-thread.

STIBP along with the already-supported Indirect Branch Restricted Speculation (IBRS) and Indirect Branch Predictor Barrier (IBPB) are their main techniques for mitigating branch target injections.

The patch is quite simple as it's just for setting the appropriate model specific register (MSR) for STIBP. This support is recommended for systems vulnerable to Spectre Variant Two, CPUs having SMT (Hyper Threading, in the case of Intel CPUs), and using the default auto-selected Spectre V2 mitigation mode.

This small patch is already marked for back-porting to existing stable Linux kernel branches once it lands in 4.19 mainline. As far as what microcode revisions and CPUs support STIBP, that doesn't seem to be publicly well documented yet.