Retpoline Is Still Being Improved Upon For Intel Skylake/Kabylake

While initial support for Retpoline was merged into the Linux 4.15 Git kernel last week and is now being backported to some supported Linux kernel series, there is still additional work ongoing for properly mitigating Spectre v2 on Intel Skylake CPUs and newer.

It turns out Skylake CPUs and newer require additional patches to fully mitigate against the Spectre Variant Two vulnerability. These newer CPUs can fallback to a potentially poisoned indirect branch predictor when a return buffer underflows. Andi Kleen of Intel has sent out a new patch series dubbed "RETPOLINE_UNDERFLOW" that gets enabled by default for Skylake CPUs and newer.

Specifically this RETPOLINE_UNDERFLOW mode gets turned on for Skylake mobile/desktop, Skylake X and Kabylake mobile/desktop hardware at this time.

The set of four patches for Retpoline underflow protection can currently be found on the kernel mailing list. These patches have yet to land in Linux 4.15 or any other kernel branch.

No benchmark results of the impact of this latest addition to Retpoline are yet available. David Woodhouse of Amazon responded that they are looking at using the alternative IBRS (Indirect Branch Restricted Speculation) support on Skylake and use it by default rather than Retpoline.