> From: Paolo Bonzini > Sent: Thursday, May 3, 2018 5:20 PM > > On 03/05/2018 03:27, Wanpeng Li wrote: > > So for 1) guest->guest attacks 2) guest/ring3->host/ring3 attacks 3) > > guest/ring0->host/ring0 attacks, if IBPB is enough to protect these > > three scenarios and retpoline is not needed? > > In theory yes, in practice if you want to do that IBPB is much more > expensive than retpolines, because you'd need an IBPB on vmexit or a > cache flush on vmentry. > yes if HT is disabled. otherwise IBPB alone is not sufficient since it's just one-time effect while poison from sibling thread can happen anytime. in latter case retpoline or IBRS is expected to use with IBPB in conjunction as a full mitigation. Thanks Kevin
