On Fri, 2018-01-26 at 17:29 +0000, David Woodhouse wrote: > On Fri, 2018-01-26 at 09:19 -0800, Linus Torvalds wrote: > > On Fri, Jan 26, 2018 at 1:11 AM, David Woodhouse wrote: > > > Do we need to look again at the fact that we've disabled the RSB- > > > stuffing for SMEP? > > > > Absolutely. SMEP helps make people a lot less worried about things, > > but it doesn't fix the "BTB only contains partial addresses" case. > > > > But did we do that "disable stuffing with SMEP"? I'm not seeing it. In > > my tree, it's only conditional on X86_FEATURE_RETPOLINE. > > That's the vmexit one. The one on context switch is in > commit c995efd5a7 and has its own X86_FEATURE_RSB_CTXSW which in > kernel/cpu/bugs.c is turned on for (!SMEP || Skylake). > > The "low bits of the BTB" issue probably means that wants to be > X86_FEATURE_RETPOLINE too. Despite Intel's doc saying otherwise. > > (Intel's doc also says to do it on kernel entry, but we elected to do > it on context switch instead since *that's* when the imbalances show up > in the RSB.) Note, we've switched from talking about BTB to RSB here, so this is a valid concern if the *RSB* only has the low bits of the target.