On Fri, 2018-01-26 at 14:02 -0500, Konrad Rzeszutek Wilk wrote:
> 
> -ECONFUSED, see ==>
> 
> Is this incorrect then?
> I see:
> 
> 241          * Skylake era CPUs have a separate issue with *underflow* of the       
> 242          * RSB, when they will predict 'ret' targets from the generic BTB.      
> 243          * The proper mitigation for this is IBRS. If IBRS is not supported     
> 244          * or deactivated in favour of retpolines the RSB fill on context       
> 245          * switch is required.                                                  
> 246          */                       

No, that's correct (well, except that it's kind of written for a world
where Linus is going to let IBRS anywhere near his kernel, and could
survive being rephrased a little :)

The RSB-stuffing on context switch (or kernel entry) is one of a
*litany* of additional hacks we need on Skylake to make retpolines
safe.

We were adding the RSB-stuffing in this case *anyway* for !SMEP, so it
was trivial enough to add in the (|| Skylake) condition while we were
at it.