Spectre 2 ibrs states


#1

Regarding the IndirectBranchRestriciveSpeculation fix for Spectre 2

On Trident I checked the state of the ibrs with
sysctl hw.ibrs_active
It came back false, meaning speculative execution was NOT restricted.
I discovered the ability to disable ibrs was true, that is, the configurable
sysctl hw.ibrs_disable
was true.

To ensure the ibrs could NOT be disabled I used
sudo sysctl hw.ibrs_disable=0

Then,
sysctl hw.ibrs_active
came back true.

For this to persist, however, across re-starts of the pc I edited
/etc/sysctl.conf
by adding
hw.ibrs_disable=0

So, shouldn’t the modification to sysctl.conf be part of the Trident installation?

Steve


#2

head over to https://github.com/project-trident and file a Pull Request


#3

Last I heard there were performance impacts to a lot of the Spectre mitigations, so that may be why it is not enabled by default.


#4

Thanks Rod,

From the site it seems I’d have to create a fork or branch of Project trident to create a pull request - which is way out of my league.

Are you sure?

I’m willing to give it a go - but reticent I might stuff it up!

Steve


#5

the original code was a piece of dung. machines took a major performance hit