On 01/04/2018 10:33 AM, Borislav Petkov wrote: >> 2. At run time >> echo 0 > /sys/kernel/debug/ibrs_enabled will turn off IBRS >> echo 1 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in kernel >> echo 2 > /sys/kernel/debug/ibrs_enabled will turn on IBRS in both >> userspace and kernel > I am not sure that tristate is really needed. What's wrong with on/off > only?
Lots of things: Distros have the tri-state already deployed. Paranoid people want "IBRS always" aka "ibrs 2". Future CPUs may have cheap-enough IBRS to not be worth switching it.
