On 10/01/2018 06:03, Nadav Amit wrote: >> >> Of course the code will become something like >> >> if (using_ibrs || vmx->spec_ctrl != 0) >> wrmsrl(MSR_IA32_SPEC_CTRL, host_ibrs); >> >> optimizing the case where the host is using retpolines. > Excuse my ignorance: Can you point me to the specifications that mention “we > should set IBRS bit even if it was already set on every #VMExit” ? All I have is some PowerPoint slides from Intel. :( They say: --- A near indirect jump/call/return may be affected by code in a less privileged prediction mode that executed AFTER IBRS mode was last written with a value of 1. There is no need to clear IBRS before writing it with a value of 1. Unconditionally writing it with a value of 1 after the prediction mode change is sufficient. VMX non-root is considered a less privileged prediction mode than VM root. CPL 3 is considered a less privileged prediction mode than CPL0, 1, 2. Some processors may enhance IBRS such that it isolates prediction modes effectively and at higher performance if left set instead of being set when enter OS and VMM and cleared when entering applications. [This is] enumerated by IA32_ARCH_CAPABILITIES[1]. --- (Yes, it literally says VM root, not VMX root). But I think this is an awful specification. For two reasons: * a simple specification that does "IBRS=1 blocks indirect branch prediction altogether" would actually satisfy the specification just as well, and it would be nice to know if that's what the processor actually does. * the future case with enhanced IBRS still requires the expensive IBPB when switching between applications or between guests, where the PCID/VPID (and PCID/VPID invalidation) could be used to remove that need. Paolo