Re: [Xen-devel] (partial) Spectre v2 mitigation without on Skylake IBRS

On 26/02/18 10:44, Jan Beulich wrote:
> All,
> if running PV Linux on older Xen (4.5 and earlier) is relevant, it may be
> necessary to use a mechanism other than IBRS to mitigate Spectre v2
> on Skylake. That is because the new MSR value can't be migrated
> prior to migration v2. Of course one option would be to retrofit some
> mechanism into newer Xen versions that makes them accept whatever
> extension to e.g. struct hvm_hw_cpu one might want to invent for
> the older Xen versions. But that doesn't seem very desirable.

Can you please elaborate a little bit more what the real problem is?

I _think_ you are referring to the problem that a pv kernel would want
to use IBRS for mitigation of Spectre V2 and after a migration that
setting would be lost.

If this is the case I believe the easiest solution would be to let the
kernel set the MSR again after leaving suspended state. suspend/resume
require hooks in pv kernels after all.


