On Tue, Nov 19, 2024 at 11:27:50PM -0800, Josh Poimboeuf wrote: > eIBRS protects against RSB underflow/poisoning attacks. Adding > retpoline to the mix doesn't change that. Retpoline has a balanced > CALL/RET anyway. > > So the current full RSB filling on VMEXIT with eIBRS+retpoline is > overkill. Disable it (or do the VMEXIT_LITE mitigation if needed). > > Suggested-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx> > Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx> Reviewed-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
