Coded according to the 336996-001.
- rS328625: IBRS support, AKA Spectre hardware mitigation.
Tested on Haswell with recalled microcode.
Unit Tests Skipped
Re-read the citation and the code where you put the note. Your suggestion would result in doing something which is exactly opposite to what is recommended in the 126.96.36.199. If the IA32_ARCH_CAP_IBRS_ALL bit is set, then RSB reset sequence is useless, while jmp 1f would jump right to the sequence. Instead, the paragraph recommends to enable SMEP as the measure.
We always have SMEP turned on if CPU supports it, there is no such action as turning SMEP on after the kernel is booted. So there is nothing to do in the case of enhanced IBRS.
- Disable IBPB on return to usermode
- Ensure that IBPB is enabled on kernel entry before we enable interrupts. Then we do not need to tweak MSRs when re-entering kernel.
- Except for NMI and MCE, where we preserve previous MSR content on entry and restore on exit, to ensure proper nesting.
- Disable IBPB around mwait, Intel claims that if any HT has the control enabled, it hurts the whole core performance.