On 01/30/2018 04:16 PM, Paolo Bonzini wrote: > On 30/01/2018 18:48, Raj, Ashok wrote: >>> Certainly not every vmexit! But doing it on every userspace vmexit and >>> every sched_out would not be *that* bad. >> Right.. agreed. We discussed the different scenarios that doing IBPB >> on VMexit would help, and decided its really not required on every exit. >> >> One obvious case is when there is a VMexit and return back to Qemu >> process (witout a real context switch) do we need that to be >> protected from any poisoned BTB from guest? > If the host is using retpolines, then some kind of barrier is needed. I > don't know if the full PRED_CMD barrier is needed, or two IBRS=1/IBRS=0 > writes back-to-back are enough. I think the spec is pretty clear here: protection is only provided *while* IBRS=1. Once it goes back to 0, all bets are off.
