11787 Kernel needs to be built with retpolines
11788 Kernel needs to generally use RSB stuffing
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>

*** 1189,1199 ****
          movq    %rdi, %r12
          call    dtrace_instr_size
          addq    %rax, %r12
          movq    %r12, REGOFF_RIP(%rbp)
          INTR_POP
!         call    *x86_md_clear
          jmp     tr_iret_auto
          /*NOTREACHED*/
  3:
          leaq    dtrace_badflags(%rip), %rdi
          xorl    %eax, %eax
--- 1189,1199 ----
          movq    %rdi, %r12
          call    dtrace_instr_size
          addq    %rax, %r12
          movq    %r12, REGOFF_RIP(%rbp)
          INTR_POP
!         call    x86_md_clear
          jmp     tr_iret_auto
          /*NOTREACHED*/
  3:
          leaq    dtrace_badflags(%rip), %rdi
          xorl    %eax, %eax
*** 1595,1615 ****
          /*
           * Return to 32-bit userland
           */
          ALTENTRY(sys_rtt_syscall32)
          USER32_POP
!         call    *x86_md_clear
          jmp     tr_iret_user
          /*NOTREACHED*/
  
          ALTENTRY(sys_rtt_syscall)
          /*
           * Return to 64-bit userland
           */
          USER_POP
          ALTENTRY(nopop_sys_rtt_syscall)
!         call    *x86_md_clear
          jmp     tr_iret_user
          /*NOTREACHED*/
          SET_SIZE(nopop_sys_rtt_syscall)
  
          /*
--- 1595,1615 ----
          /*
           * Return to 32-bit userland
           */
          ALTENTRY(sys_rtt_syscall32)
          USER32_POP
!         call    x86_md_clear
          jmp     tr_iret_user
          /*NOTREACHED*/
  
          ALTENTRY(sys_rtt_syscall)
          /*
           * Return to 64-bit userland
           */
          USER_POP
          ALTENTRY(nopop_sys_rtt_syscall)
!         call    x86_md_clear
          jmp     tr_iret_user
          /*NOTREACHED*/
          SET_SIZE(nopop_sys_rtt_syscall)
  
          /*