Hello, As part of some follow up improvements to my VIRT_SPEC_CTRL series we have been discussing what the usage of SSBD should be for the hypervisor itself. There's currently a `spec-ctrl=ssbd` option [0], that has an out of date description, as now SSBD is always offered to guests on AMD hardware, either using SPEC_CTRL or VIRT_SPEC_CTRL.
It has been pointed out by Andrew that toggling SSBD on AMD using VIRT_SPEC_CTRL or the non-architectural way (MSR_AMD64_LS_CFG) can have a high impact on performance, and hence switching it on every guest <-> hypervisor context switch is likely a very high performance penalty. It's been suggested that it could be more appropriate to run Xen with the guest SSBD selection on those systems, however that clashes with the current intent of the `spec-ctrl=ssbd` option. I hope I have captured the expressed opinions correctly in the text above. I see two ways to solve this: * Keep the current logic for switching SSBD on guest <-> hypervisor context switch, but only use it if `spec-ctrl=ssbd` is set on the command line. * Remove the logic for switching SSBD on guest <-> hypervisor context switch, ignore setting of `spec-ctrl=ssbd` on those systems and run hypervisor code with the guest selection of SSBD. Which has raised me the question of whether there's an use case for always running hypervisor code with SSBD enabled, or that's no longer relevant if we always offer guests a way for them to toggle the setting when required. I would like to settle on a way forward, so we can get this fixed before 4.17. Thanks, Roger. [0] https://xenbits.xen.org/docs/unstable/misc/xen-command-line.html#spec-ctrl-x86
