On Wed, 2018-01-10 at 13:47 +0100, Jiri Kosina wrote: > On Wed, 10 Jan 2018, Andrea Arcangeli wrote: > > > Perhaps the confusing come from "less privileged prediction mode" and > > you thought that meant "less privileged ring mode". It says "predction > > mode" not ring 3. > > Well, prediction mode is defined by "CPL3 vs CPL0-2" and "VMX root vs VMX > non-root", with obvious ordering of privileges. > > So if IBRS is set, branch predictor will not allow the predicted target to > be influenced by code that executed in less privileged prediction mode > before value of '1' IBRS mode was last written to, and that's pretty much > it.
The operative words in that sentence being, "before the IBRS mode was last written with a value of 1". If it worked as Andrea suggests, then there would be absolutely no point in the patches we've seen which add the IBRS-frobbing on syscall entry and vmexit. The "IBRS all the time" feature is something we get on *future* hardware, not current hardware.
smime.p7s
Description: S/MIME cryptographic signature
