On Fri, 2018-01-19 at 16:25 +0100, Paolo Bonzini wrote:
> Without retpolines, KVM userspace is not protected from the guest
> poisoning the BTB, because there is no IBRS-barrier on the vmexit
> path.
> So there are two more IBPBs that are needed if retpolines are
> enabled:
> 
> 1) in kvm_sched_out
> 
> 2) at the end of vcpu_run

Hm, yes. That does seem reasonable. Can we make it conditional so it
only happens *if* we end up back in userspace, and not for a VM-
>kernel->VM transition?

And can I have a patch against
http://git.infradead.org/users/dwmw2/linux-retpoline.git/shortlog/refs/heads/ibpb-upstream
please (see the XX in that top commit too).

I'm still putting that together, and the IBRS bits on top; getting on
an airplane to spend some more quality time with it now...