On 11/02/2018 00:39, David Woodhouse wrote: > Using retpoline ensures the kernel is safe because it doesn't contain > any indirect branches, but firmware still can — and we make calls into > firmware at runtime. Where the IBRS microcode support is available, use > that before calling into firmware. > > While doing that, I noticed that we were calling C functions without > telling the compiler about the call-clobbered registers. Stop that. > > This also contains the always_inline fix for the performance problem > introduced by retpoline in KVM code, and fixes some other issues with > the per-vCPU KVM handling for the SPEC_CTRL MSR. > > Finally, update the microcode blacklist to reflect the latest > information from Intel. > > v2: Drop IBRS_ALL patch for the time being > Add KVM MSR fixes (karahmed) > Update microcode blacklist > > > > David Woodhouse (4): > x86/speculation: Update Speculation Control microcode blacklist > Revert "x86/speculation: Simplify > indirect_branch_prediction_barrier()" > KVM: x86: Reduce retpoline performance impact in > slot_handle_level_range() > x86/speculation: Use IBRS if available before calling into firmware > > KarimAllah Ahmed (2): > X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs > KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR > bitmap > > arch/x86/include/asm/apm.h | 6 ++++++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/efi.h | 17 +++++++++++++++-- > arch/x86/include/asm/nospec-branch.h | 32 ++++++++++++++++++++++++++++---- > arch/x86/include/asm/processor.h | 3 --- > arch/x86/kernel/cpu/bugs.c | 18 +++++++++++------- > arch/x86/kernel/cpu/intel.c | 4 ---- > arch/x86/kvm/mmu.c | 10 +++++----- > arch/x86/kvm/vmx.c | 7 ++++--- > drivers/watchdog/hpwdt.c | 3 +++ > 10 files changed, 73 insertions(+), 28 deletions(-) > Acked-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>