On 10/01/2018 16:41, Konrad Rzeszutek Wilk wrote: > On Wed, Jan 10, 2018 at 03:28:43PM +0100, Paolo Bonzini wrote: >> On 10/01/2018 15:06, Arjan van de Ven wrote: >>> On 1/10/2018 5:20 AM, Paolo Bonzini wrote: >>>> * a simple specification that does "IBRS=1 blocks indirect branch >>>> prediction altogether" would actually satisfy the specification just as >>>> well, and it would be nice to know if that's what the processor actually >>>> does. >>> >>> it doesn't exactly, not for all. >>> >>> so you really do need to write ibrs again. >> >> Okay, so "always set IBRS=1" does *not* protect against variant 2. Thanks, > > And what is the point of this "always set IBRS=1" then? Are there some other > things lurking in the shadows? The idea was that: 1) for workloads that are very kernel-heavy "always set IBRS=1" would be faster than flipping it on kernel entry/exit, 2) skipping the IBRS=1 write on vmexit would be a nice optimization because most vmexits come from guest ring 0. But apparently it's a non-starter. :( Paolo
