On Wed, 2018-01-31 at 11:01 +0100, Peter Zijlstra wrote:
> On Tue, Jan 30, 2018 at 09:12:21PM -0600, Josh Poimboeuf wrote:
> > 
> > Or, maybe we should just forget the whole thing and just stick with the
> > dynamic IBRS checks with lfence.  Yes, it's less ideal for the kernel,
> > but adding these acrobatics to objtool also has a cost.
> 
> For now, IBRS seems off the table entirely. But no, I really don't want
> to have to unconditionally eat the LFENCE cost in all those sites.

There's also alternatives. And without the IBRS-on-kernel-entry bits
there aren't that many call sites that really need this anyway and
don't have *other* conditionals that really are runtime-only (like
dumpable etc.).