On Fri, 23 Nov 2018, Thomas Gleixner wrote: > > So I'm wondering, shouldn't > > firmware_restrict_branch_speculation_start()/_end() > > also enable/disable STIBP? It already enabled/disables IBRS. > > IBRS includes STIBP.
True. > We don't use IBRS in the kernel otherwise because you'd have to do more > MSR writes on the protection boundaries. Just for the record -- we do have an option for IBRS in our distro kernel on SKL+ systems. There definitely is a measurable performance impact, but the MSR writes on protection boundaries are totally cheap compared to the actual IBRS runtime operation effect. -- Jiri Kosina SUSE Labs