On 01/10/2018 05:53 AM, Van De Ven, Arjan wrote: >> ibrs_enabled 2: >> >> sets IBRS always in host > > this is not secure > >> This matches the semantics described here by Tim patchset on lkml: >> >> https://marc.info/?l=linux-kernel&m=151520606320646 > > I will talk to Tim, it's not right. > >
Yes, there's a misunderstanding on my part. Leaving IBRS=1 all the time may not provide full protection on all cpu models. Tim
