On Thu, Nov 22, 2018 at 10:18:58AM +0100, Peter Zijlstra wrote: > Right; that retpoline + IBPB case is one that came up earlier when we > talked about this stuff. The IBPB also helps against app2app BTB ASLR > attacks. So even if you have userspace retpoline, you might still want > IBPB. > > But yes, this should be relatively straight forward to allow/fix with > the proposed code.
So I got some feedback from AMD that IBPB on context switch has a small perf impact and they wouldn't mind it being enabled by default considering that it provides protection against a lot of attack scenarios. Basically, what the recommendation says. But if we go and do opt-in, then they're fine with it being off by default if we decide to do it so in the kernel. -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.