On Fri, 2018-01-26 at 09:19 -0800, Linus Torvalds wrote: > On Fri, Jan 26, 2018 at 1:11 AM, David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > > > > > > Do we need to look again at the fact that we've disabled the RSB- > > stuffing for SMEP? > Absolutely. SMEP helps make people a lot less worried about things, > but it doesn't fix the "BTB only contains partial addresses" case. > > But did we do that "disable stuffing with SMEP"? I'm not seeing it. In > my tree, it's only conditional on X86_FEATURE_RETPOLINE. That's the vmexit one. The one on context switch is in commit c995efd5a7 and has its own X86_FEATURE_RSB_CTXSW which in kernel/cpu/bugs.c is turned on for (!SMEP || Skylake). The "low bits of the BTB" issue probably means that wants to be X86_FEATURE_RETPOLINE too. Despite Intel's doc saying otherwise. (Intel's doc also says to do it on kernel entry, but we elected to do it on context switch instead since *that's* when the imbalances show up in the RSB.)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
