Single Thread Indirect Branch Predictors (STIBP) is an indirect branch control mechanism that restricts the sharing of branch prediction between logical processors on a core. A processor supports STIBP if it enumerates CPUID.(EAX=7H,ECX=0):EDX as 1. STIBP can be used to help mitigate Branch Target Injection.
As noted in descriptions of Indirect Branch Prediction and Intel® Hyper-Threading Technology (Intel® HT Technology)”, logical processors sharing a core may share indirect branch predictors, allowing one logical processor to control the predicted targets of indirect branches by another logical processor of the same core. Setting bit 1 (STIBP) of the
IA32_SPEC_CTRL MSR on a logical processor prevents the predicted targets of indirect branches on any logical processor of that core from being controlled by software that executes (or executed previously) on another logical processor of the same core.
Recall that indirect branch predictors are never shared across cores. Thus, the predicted target of an indirect branch executed on one core can never be affected by software operating on a different core. It is not necessary to set
IA32_SPEC_CTRL.STIBP to isolate indirect branch predictions from software operating on other cores.
Many processors do not allow the predicted targets of indirect branches to be controlled by software operating on another logical processor, regardless of STIBP. These include processors on which Intel Hyper-Threading Technology is not enabled and those that do not share indirect branch predictors between logical processors. To simplify software enabling and enhance workload migration, STIBP may be enumerated (and setting
IA32_SPEC_CTRL.STIBP allowed) on such processors.
A processor may enumerate support for the
IA32_SPEC_CTRL MSR (e.g., by enumerating CPUID.(EAX=7H,ECX=0):EDX as 1) but not for STIBP (CPUID.(EAX=7H,ECX=0):EDX is enumerated as 0). On such processors, execution of
IA32_SPEC_CTRL ignores the value of bit 1 (STIBP) and does not cause a general-protection exception (#GP) if bit 1 of the source operand is set. It is expected that this fact will simplify virtualization in some cases.
As described in the Indirect Branch Restricted Speculation (IBRS) overview, enabling IBRS prevents software operating on one logical processor from controlling the predicted targets of indirect branches executed on another logical processor. For that reason, it is not necessary to enable STIBP when IBRS is enabled.
Enabling STIBP on one logical processor of a core with Intel Hyper-Threading Technology may affect branch prediction on other logical processors of the same core. For this reason, software should disable STIBP (by clearing
IA32_SPEC_CTRL.STIBP) prior to entering a sleep state (for example, by executing
MWAIT) and re-enable STIBP upon wakeup and prior to executing any indirect branch.
Note References in this document to indirect branches are only to near call indirect, near jump indirect, and near return instructions. Refer to Speculative Execution Side Channel Mitigations for further details.
Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources