Re: STIBP by default.. Revert?

On Sun, 18 Nov 2018, Jiri Kosina wrote:

It's probably not just browsers, but anything running JITed sandboxed code. So the most straightforward way might be the prctl() aproach, where userspace would claim "I do care about this, please fix it up for me". So prctl() + perhaps SECCOMP.

I've just sent SECCOMP handling as a followup to Tim's set.

I still feel like we should make STIBP and IBPB behavior consistent (in a sense they should always be used both, or none of them), but that might be additional 4.21 optimization.

Thanks,