On Fri, Jan 05, 2018 at 04:37:30PM +0000, David Woodhouse wrote: > You are completely ignoring pre-Skylake here. > > On pre-Skylake, retpoline is perfectly sufficient and it's a *lot* > faster than the IBRS option which is almost prohibitively slow. > > We didn't do it just for fun. And it's working fine; it isn't *that* > complex.
How do you enable IBRS when the CPU switches to SMM? Do you already have this 2-way code emission from gcc and patching with a 3-way alternatives at boot between ibrs and 2 reptoline version emitted by gcc and alternatives between ibrs and ibpb where SPEC_CTRL is missing on some CPU but IBPB_SUPPORT is available? Or are you talking about having done this on a non upstream Xen build only without the 2-way code emission for gcc?
