Linux Landing Change To Allow STIBP When Using Legacy IBRS
Since a change last year, the Linux kernel hasn't enabled STIBP when using IBRS. However, the performance-hurting legacy IBRS is cleared on return to user-space for performance reasons but in turn that leaves user-space vulnerable to cross-thread attacks. So STIBP can now be ena bled while having legacy IBRS active in order to fend off those user-space attacks.
Legacy IBRS is used in just older Intel CPUs prior to the introduction of eIBRS.
I wrote about this issue in more detail last month in Linux Inadvertently Has Been Leaving IBRS-Mitigated Systems Without STIBP.
Now that it's been sent in via x86/urgent it should land today ahead of Linux 6.3-rc1. This change should also in turn be back-ported to supported stable kernel series as well in the days ahead.