11787 Kernel needs to be built with retpolines
11788 Kernel needs to generally use RSB stuffing
Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: John Levon <john.levon@joyent.com>

@@ -40,22 +40,24 @@
  *    has been executed after this to make sure any pending speculations are
  *    captured. In general, this should be handled by the fact that callers of
  *    this are either going to change privilege levels or halt, which makes
  *    these operations safer.
  */
-        ENTRY_NP(x86_md_clear_noop)
-        ret
-        SET_SIZE(x86_md_clear_noop)
 
         /*
-         * This uses the microcode based means of flushing state. VERW will
-         * clobber flags.
+         * By default, x86_md_clear is disabled until the system determines that
+         * it both needs MDS related mitigations and we have microcode that
+         * provides the needed functionality.
+         *
+         * The VERW instruction clobbers flags which is why it's important that
+         * we save and restore them here.
          */
-        ENTRY_NP(x86_md_clear_verw)
+        ENTRY_NP(x86_md_clear)
+        ret
         pushfq
         subq    $8, %rsp
         mov     %ds, (%rsp)
         verw    (%rsp)
         addq    $8, %rsp
         popfq
         ret
-        SET_SIZE(x86_md_clear_verw)
+        SET_SIZE(x86_md_clear)