Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934317AbeAJPma (ORCPT + 1 other); Wed, 10 Jan 2018 10:42:30 -0500 Received: from userp2120.oracle.com ([156.151.31.85]:59336 "EHLO userp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752849AbeAJPm2 (ORCPT ); Wed, 10 Jan 2018 10:42:28 -0500 Date: Wed, 10 Jan 2018 10:41:38 -0500 From: Konrad Rzeszutek Wilk To: Paolo Bonzini Cc: Arjan van de Ven , Nadav Amit , Liran Alon , jmattson@google.com, x86@kernel.org, dwmw@amazon.co.uk, bp@alien8.de, aliguori@amazon.com, thomas.lendacky@amd.com, rkrcmar@redhat.com, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Subject: Re: [PATCH 3/8] kvm: vmx: pass MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD down to the guest Message-ID: <20180110154138.GE29272@char.us.oracle.com> References: <222d0a6b-820f-4d7c-a616-ac89f77c3c09@default> <834e9b46-5d59-a81e-8cda-5f576964e1cb@redhat.com> <9360a280-228d-26d9-5561-6688aa67881c@linux.intel.com> <91d41f66-d744-e8b0-89f0-a167d3a3918c@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <91d41f66-d744-e8b0-89f0-a167d3a3918c@redhat.com> User-Agent: Mutt/1.8.3 (2017-05-23) X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8769 signatures=668652 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=693 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1801100219 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Wed, Jan 10, 2018 at 03:28:43PM +0100, Paolo Bonzini wrote: > On 10/01/2018 15:06, Arjan van de Ven wrote: > > On 1/10/2018 5:20 AM, Paolo Bonzini wrote: > >> * a simple specification that does "IBRS=1 blocks indirect branch > >> prediction altogether" would actually satisfy the specification just as > >> well, and it would be nice to know if that's what the processor actually > >> does. > > > > it doesn't exactly, not for all. > > > > so you really do need to write ibrs again. > > Okay, so "always set IBRS=1" does *not* protect against variant 2. Thanks, And what is the point of this "always set IBRS=1" then? Are there some other things lurking in the shadows? > > Paolo