[PATCH 0/5] x86: CVE-2017-5715, aka Spectre

[Joseph Myers]

On Thu, 11 Jan 2018, Jeff Law wrote:

> > Well, given retpolines are largely kernel relevant right now we don't
> > need to care here.
> That's still TBD as far as I can tell.  I certainly hope we don't have
> to go retpolines in user space, at least not in the general case.  I'm
> holding out hope that the kernel folks are going to save the day.

I'd presume that just about any userspace process could have sensitive 
data in its address space (e.g. cp, if it happens to be copying it at the 
time).  Is the expectation that the kernel will use IBRS/IBPB/STIBP 
globally to shield processes from branch prediction state created by other 
processes?  (As far as I can tell, microcode enabling IBRS/IBPB/STIBP is 
only available for Ivy Bridge-EX and later at present, though I can't 
locate any official Intel status information on microcode updates for 
Spectre that have been released or are planned.)

-- 
Joseph S. Myers
joseph@codesourcery.com