On 01/11/2018 04:40 PM, Joseph Myers wrote: > On Thu, 11 Jan 2018, Jeff Law wrote: > >>> Well, given retpolines are largely kernel relevant right now we don't >>> need to care here. >> That's still TBD as far as I can tell. I certainly hope we don't have >> to go retpolines in user space, at least not in the general case. I'm >> holding out hope that the kernel folks are going to save the day. > > I'd presume that just about any userspace process could have sensitive > data in its address space (e.g. cp, if it happens to be copying it at the > time). Yup.
> Is the expectation that the kernel will use IBRS/IBPB/STIBP > globally to shield processes from branch prediction state created by other > processes? (As far as I can tell, microcode enabling IBRS/IBPB/STIBP is > only available for Ivy Bridge-EX and later at present, though I can't > locate any official Intel status information on microcode updates for > Spectre that have been released or are planned.) I'm not sure of all the details of how it's supposed to work (assuming it can) nor how much may or may not be covered by NDAs. So it's probably best to just stick with my statement that I hope that the kernel folks can save the day here. jeff
