Right. For future CPUs with a well-engineered fix, no extra work should be necessary on VM-entry. However, for current CPUs, we have to ensure that host kernel addresses can't be deduced from by the guest. IBPB may be sufficient, but Intel's slide deck doesn't make that clear. On Wed, Jan 10, 2018 at 9:23 AM, Nadav Amit <nadav.amit@xxxxxxxxx> wrote: > Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote: > >> On 10/01/2018 18:14, Jim Mattson wrote: >>>>> If (a) is true, does "IBRS ALL THE TIME" usage is basically a CPU >>>>> change to just create all BTB/BHB entries to be tagged with >>>>> prediction-mode at creation-time and that tag to be compared to current >>>>> prediction-mode when CPU attempts to use BTB/BHB? >>>> >>>> I hope so, and I hope said prediction mode includes PCID/VPID too. >>> >>> Branch prediction entries should probably be tagged with PCID, VPID, >>> EP4TA, and thread ID...the same things used to tag TLB contexts. >> >> But if so, I don't see the need for IBPB. > > It is highly improbable that a microcode patch can change how prediction > entries are tagged. IIRC, microcode may change the behavior of instructions > and “assists" (e.g., TLB miss). Not much more than that. >
