> -Original Message-
> From: Jan Beulich
> Sent: 01 July 2020 13:27
> To: Andrew Cooper
> Cc: Xen-devel ; Wei Liu ; Roger
> Pau Monné
> ; Paul Durrant
> Subject: Re: [PATCH for-4.14] x86/spec-ctrl: Protect against CALL/JMP
> straight-line speculation
>
> On 01.07.2020 13:58, Andrew Cooper wrote:
> > Some x86 CPUs speculatively execute beyond indirect CALL/JMP instructions.
> >
> > With CONFIG_INDIRECT_THUNK / Retpolines, indirect CALL/JMP instructions are
> > converted to direct CALL/JMP's to __x86_indirect_thunk_REG(), leaving just a
> > handful of indirect JMPs implementing those stubs.
> >
> > There is no architectrual execution beyond an indirect JMP, so use INT3 as
> > recommended by vendors to halt speculative execution. This is shorter than
> > LFENCE (which would also work fine), but also shows up in logs if we do
> > unexpected execute them.
> >
> > Signed-off-by: Andrew Cooper
>
> Reviewed-by: Jan Beulich
Release-acked-by: Paul Durrant