On 22/02/2018 18:07, Konrad Rzeszutek Wilk wrote: >> Having a paravirt indirect call in the IBRS restore path is not a >> good idea, since we are trying to protect from speculative execution >> of bogus indirect branch targets. It is also slower, so use >> native_wrmsrl on the vmentry path too. > But it gets replaced during patching. As in once the machine boots > the assembler changes from: > > callq *0xfffflbah > > to > wrmsr > > ? I don't think you need this patch. Why not be explicit? According to the spec, PRED_CMD and SPEC_CTRL should be passed down to the guest without interception so it's safe to do this. On the other hand, especially with nested virtualization, I don't think you can absolutely guarantee that the paravirt call will be patched to rdmsr/wrmsr. Paolo
