On CPUs with eIBRS ("enhanced Indirect Branch Restricted Speculation")

or IBT enabled the kernel, the hardware should the attacks which
retpolines were created to prevent.  In those cases, retpolines
should be a net negative for security as they are an indirect branch
gadget.  They're also slower.
 * use -mretpoline-external-thunk to give us control of the code
   used for indirect branches
 * default to using a retpoline as before, but marks it and the
   other ASM kernel retpolines for code patching
 * if the CPU has eIBRS, then enable it
 * if the CPU has eIBRS *or* IBT, then codepatch the three different
   retpolines to just indirect jumps

make clean && make config required after this

ok kettenis@

0 files changed, 0 insertions, 0 deletions