On 1/9/2018 7:00 AM, Liran Alon wrote:
----- arjan@xxxxxxxxxxxxxxx wrote:
On 1/9/2018 3:41 AM, Paolo Bonzini wrote:
The above ("IBRS simply disables the indirect branch predictor") was
my
take-away message from private discussion with Intel. My guess is
that
the vendors are just handwaving a spec that doesn't match what they
have
implemented, because honestly a microcode update is unlikely to do
much
more than an old-fashioned chicken bit. Maybe on Skylake it does
though, since the performance characteristics of IBRS are so
different
from previous processors. Let's ask Arjan who might have more
information about it, and hope he actually can disclose it...
IBRS will ensure that, when set after the ring transition, no earlier
branch prediction data is used for indirect branches while IBRS is
set
Consider the following scenario:
1. L1 runs with IBRS=1 in Ring0.
2. L1 restores L2 SPEC_CTRL and enters into L2.
3. L1 VMRUN exits into L0 which backups L1 SPEC_CTRL and enters L2 (using same VMCB).
4. L2 populates BTB/BHB with values and cause a hypercall which #VMExit into L0.
5. L0 backups L2 SPEC_CTRL and writes IBRS=1.
6. L0 restores L1 SPEC_CTRL and enters L1.
7. L1 backups L2 SPEC_CTRL and writes IBRS=1.
I'm sorry I'm not familiar with your L0/L1/L2 terminology
(maybe it's before coffee has had time to permeate the brain)