* David Woodhouse <[email protected]> wrote:
> On Thu, 2018-01-25 at 12:34 +0100, Thomas Gleixner wrote:
> >
> > This stuff is really a master piece of trainwreck engineering.
> >
> > So yeah, whatever we do we end up with a proper mess. Lets go for a
> > blacklist and hope that we'll have something which holds at some
> > foreseeable day in the future.
> >
> > The other concern I have is IBRS vs. IBPB. Are we sufficiently sure that
> > IBPB is working on those IBRS blacklisted ucode revisions? Or should we
> > just play safe and not touch any of this at all when we detect a
> > blacklisted one?
>
> That isn't sufficiently clear to me. I've changed it back to blacklist
> *everything* for now, to be safe. If at any point Intel want to get
> their act together and give us coherent information to the contrary, we
> can change to separate IBPB/IBRS blacklists.
Yes.
I also agree that blacklists are the fundamentally correct approach here: a
bit-rotting blacklist is far better to users than a bit-rotting whitelist,
assuming that the number of CPU and microcode bugs goes down with time.
Thanks,
Ingo
