If Enhanced IBRS is selected as the mitigation technique for spectre v2, the IBRS bit in SPEC_CTRL MSR is set once at boot time and never cleared. Kernel also has to make sure that IBRS bit remains set after VMEXIT because the guest might have cleared the bit. This is already covered by the existing x86_spec_ctrl_set_guest() and x86_spec_ctrl_restore_host() speculation control functions.
Enhanced IBRS still requires IBPB for full mitigation.
[........]
Note: Based on kernel version "Linux 4.18.17" and to be applied on both "Linux 4.18.17" and "Linux 4.14.79". Please note that git am doesn't apply this patch smoothly on 4.14.79 because of line fuzz, so please use "patch -p1". Didn't want to spam the mailing list by sending a duplicate patch and hence sending single patch for two stable
releases.
Sending valid patches is never "spam", don't be afraid to do that.
Thanks for explaining it. I will never hesitate again to send valid patches.
I've queued this up now, please verify I got it right.
Sure! I looked at the patches and they look good to me.
Regards, Sai