On 01/04/2018 08:51 PM, Andy Lutomirski wrote: > Do we need an arch_prctl() to enable IBRS for user mode?
Eventually, once the dust settles. I think there's a spectrum of paranoia here, that is roughly (with increasing paranoia): 1. do nothing 2. do retpoline 3. do IBRS in kernel 4. do IBRS always I think you're asking for ~3.5. Patches for 1-3 are out there and 4 is pretty straightforward. Doing a arch_prctl() is still straightforward, but will be a much more niche thing than any of the other choices. Plus, with a user interface, we have to argue over the ABI for at least a month or two. ;)
