On Tue, Jan 9, 2018 at 8:02 PM, Dave Hansen <dave.han...@intel.com> wrote:
> On 01/09/2018 05:06 PM, Thomas Gleixner wrote:
>> --- a/arch/x86/kernel/cpu/bugs.c
>> +++ b/arch/x86/kernel/cpu/bugs.c
>> @@ -79,6 +79,7 @@ enum spectre_v2_mitigation_cmd {
>> SPECTRE_V2_CMD_RETPOLINE,
>> SPECTRE_V2_CMD_RETPOLINE_GENERIC,
>> SPECTRE_V2_CMD_RETPOLINE_AMD,
>> + SPECTRE_V2_CMD_IBRS,
>> };
>
> A few nits on this:
>
> IBRS should not default on anywhere, which goes double when retpolines
> are available.
>
> I think I'd also prefer that we separate the IBRS and retpoline enabling
> so that you can do both if you want. They do nearly the same thing in
> practice, but I can't convince myself that you never ever need IBRS once
> retpolines are in place.
Fairly strong agreement here. IBRS being separately configurable gives
us an option for the paranoid, and allows distros to ship with it off
by default.
