Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752562AbeADRPH (ORCPT + 1 other); Thu, 4 Jan 2018 12:15:07 -0500 Received: from mx1.redhat.com ([209.132.183.28]:37166 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751798AbeADRPG (ORCPT ); Thu, 4 Jan 2018 12:15:06 -0500 Subject: Re: Avoid speculative indirect calls in kernel To: Dave Hansen , Andrea Arcangeli Cc: Andrew Cooper , "Woodhouse, David" , "pavel@ucw.cz" , "tim.c.chen@linux.intel.com" , "linux-kernel@vger.kernel.org" , "torvalds@linux-foundation.org" , "tglx@linutronix.de" , "andi@firstfloor.org" , "gnomes@lxorguk.ukuu.org.uk" , "gregkh@linux-foundation.org" References: <20180103230934.15788-1-andi@firstfloor.org> <20180104114231.GB1702@amd> <1515066469.12987.112.camel@amazon.co.uk> <94b12025-b27c-04d2-8726-c07a3af6b265@redhat.com> <7a3584c6-0c00-d807-5130-13d1f4b34102@citrix.com> <20180104162541.GD13348@redhat.com> From: Paolo Bonzini Message-ID: Date: Thu, 4 Jan 2018 18:15:01 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 04 Jan 2018 17:15:06 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On 04/01/2018 18:13, Dave Hansen wrote: > On 01/04/2018 08:25 AM, Andrea Arcangeli wrote: >> It's only where SPEC_CTRL is missing and only IBPB_SUPPORT is >> available, that ibrs 0 ibpb 2 is the only option to fix variant#2 for >> good. > > Could you help us decode what "ibrs 0 ibpb 2" means to you? IBRS 0 = disabled IBRS 1 = only kernel sets IBRS=1 IBRS 2 = indirect branch prediction fully disabled, or do the right thing on future processors IBPB 0 = disabled IBPB 1 = on context switch IBPB 2 = on every kernel or hypervisor entry Thanks, Paolo