On 9/30/2020 12:25 PM, Jarkko Sakkinen wrote:
On Wed, Sep 30, 2020 at 07:09:33PM +0100, Andrew Cooper wrote:
Honestly, my advice would be to leave it unprotected for now. Anyone
who managed to figure out the rest of the practical userspace issues
will probably have a much better idea of what can/should be done in this
case.
If that doesn't sit well with people, then the next best would probably
be LFENCE; CALL *reg/mem; LFENCE to cover as many of the corner cases as
possible without being incompatible with CET. Its not as if this
callback is the slow aspect of entering/exiting SGX mode.
~Andrew
I tend to agree. We cannot drive changes based on unknown unknowns.
And I don't see why we could not add boot time patching of retpoline
even after the code is in the mainline kernel, if something ever
pushes to that direction.
/Jarkko
I agree. It'll be compatible with CET. The overhead of LFENCE is
negligible comparing to entering/exiting SGX mode.
