On 09/01/2018 16:19, Arjan van de Ven wrote: > On 1/9/2018 7:00 AM, Liran Alon wrote: >> >> ----- arjan@xxxxxxxxxxxxxxx wrote: >> >>> On 1/9/2018 3:41 AM, Paolo Bonzini wrote: >>>> The above ("IBRS simply disables the indirect branch predictor") was my >>>> take-away message from private discussion with Intel. My guess is that >>>> the vendors are just handwaving a spec that doesn't match what they have >>>> implemented, because honestly a microcode update is unlikely to do much >>>> more than an old-fashioned chicken bit. Maybe on Skylake it does >>>> though, since the performance characteristics of IBRS are so different >>>> from previous processors. Let's ask Arjan who might have more >>>> information about it, and hope he actually can disclose it... >>> >>> IBRS will ensure that, when set after the ring transition, no earlier >>> branch prediction data is used for indirect branches while IBRS is >>> set Let me ask you my questions, which are independent of L0/L1/L2 terminology. 1) Is vmentry/vmexit considered a ring transition, even if the guest is running in ring 0? If IBRS=1 in the guest and the host is using IBRS, the host will not do a wrmsr on exit. Is this safe for the host kernel? 2) How will the future processors work where IBRS should always be =1? Will they still need IBPB? If I get a vmexit from a guest with IBRS=1, and do a vmentry to the same VMCS *but with a different VPID*, will the code running after the vmentry share BTB entries with code running before the vmexit? Thanks, Paolo