Re: [PATCH 1/2] x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline

From: Pawan Gupta
Date: Wed Nov 20 2024 - 13:14:32 EST


On Tue, Nov 19, 2024 at 11:27:50PM -0800, Josh Poimboeuf wrote:
> eIBRS protects against RSB underflow/poisoning attacks. Adding
> retpoline to the mix doesn't change that. Retpoline has a balanced
> CALL/RET anyway.
>
> So the current full RSB filling on VMEXIT with eIBRS+retpoline is
> overkill. Disable it (or do the VMEXIT_LITE mitigation if needed).
>
> Suggested-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
> Signed-off-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>

Reviewed-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>