The point behind the IPBP in vmx_vcpu_load is to prevent one VCPU from
steering the speculative execution of the next. If the VMCS address is
recycled, vmx_vcpu_load doesn't realize that the VCPUs are different,
and so it won't issue the IPBP.
On Thu, Jan 11, 2018 at 5:49 PM, Wanpeng Li <kernellwp@xxxxxxxxx> wrote:
> 2018-01-09 20:03 GMT+08:00 Paolo Bonzini <pbonzini@xxxxxxxxxx>:
>>
>> if (!already_loaded) {
>> @@ -4029,6 +4031,13 @@ static void free_loaded_vmcs(struct loaded_vmcs *loaded_vmcs)
>> free_vmcs(loaded_vmcs->vmcs);
>> loaded_vmcs->vmcs = NULL;
>> WARN_ON(loaded_vmcs->shadow_vmcs != NULL);
>> +
>> + /*
>> + * The VMCS could be recycled, causing a false negative in
>> + * vmx_vcpu_load; block speculative execution.
>> + */
>> + if (have_spec_ctrl)
>> + wrmsrl(MSR_IA32_PRED_CMD, PRED_CMD_IBPB);
>> }
>
> Intel guys told us the recycle is about the address of vmcs, not the
> content. Could you explain more why it matters?
>
> Regards,
> Wanpeng Li
