On Thu, Nov 01, 2018 at 10:02:14AM +0800, Zhenzhong Duan wrote: > > Hmm, what about the case where we have RETPOLINE runtime disabled? Then > > the CALL_NOSPEC alternative patches in an indirect call again, and the > > retpolines are gone. > > Is RETPOLINE runtime toggle supported in upstream? I don't see such code.
arch/x86/kernel/cpu/bugs.c look for the "nospectre_v2" and related options. That will avoid X86_FEATURE_RETPOLINE from being set, and thus the JMP_NOSPEC and CALL_NOSPEC alternatives will not patch out the indirect jump / call.
