> On Wed, Jan 10, 2018 at 12:12:53PM +0000, David Woodhouse wrote: > > IBRS is like a barrier. You must write it between the 'problematic' > > loading of the branch targets, and the kernel code which might be > > affected. > > > > You cannot, on current hardware, merely set it once and forget about > > it. That is not sufficient. > > I think you've got it all wrong...
Andrea: David is right. The specification draft that you have also makes this clear. You can't just set IBRS once and call it good; you do need to write it on entering the kernel.
