Re: [PATCH 6/7] x86/svm: Set IBPB when running a different VCPU

[Arjan van de Ven]

On 1/9/2018 7:00 AM, Liran Alon wrote:
> ----- arjan@xxxxxxxxxxxxxxx wrote:
>
> > On 1/9/2018 3:41 AM, Paolo Bonzini wrote:
> > > The above ("IBRS simply disables the indirect branch predictor") was
> > my
> > > take-away message from private discussion with Intel.  My guess is
> > that
> > > the vendors are just handwaving a spec that doesn't match what they
> > have
> > > implemented, because honestly a microcode update is unlikely to do
> > much
> > > more than an old-fashioned chicken bit.  Maybe on Skylake it does
> > > though, since the performance characteristics of IBRS are so
> > different
> > > from previous processors.  Let's ask Arjan who might have more
> > > information about it, and hope he actually can disclose it...
> >
> > IBRS will ensure that, when set after the ring transition, no earlier
> > branch prediction data is used for indirect branches while IBRS is
> > set
>
> Consider the following scenario:
> 1. L1 runs with IBRS=1 in Ring0.
> 2. L1 restores L2 SPEC_CTRL and enters into L2.
> 3. L1 VMRUN exits into L0 which backups L1 SPEC_CTRL and enters L2 (using same VMCB).
> 4. L2 populates BTB/BHB with values and cause a hypercall which #VMExit into L0.
> 5. L0 backups L2 SPEC_CTRL and writes IBRS=1.
> 6. L0 restores L1 SPEC_CTRL and enters L1.
> 7. L1 backups L2 SPEC_CTRL and writes IBRS=1.

I'm sorry I'm not familiar with your L0/L1/L2 terminology
(maybe it's before coffee has had time to permeate the brain)