Re: [PATCH] x86: vmx: Allow direct access to MSR_IA32_SPEC_CTRL
From: David Woodhouse
Date: Sun Jan 28 2018 - 15:57:04 EST
On Sun, 2018-01-28 at 12:53 -0800, Andy Lutomirski wrote:
>
> > I believe it does. Guest kernel is protected from any guest userspace
> > predictions learned before IBRS was last set to 1 in *any* mode,
> > including host.
>
> Hmm, you're probably right.
>
> I would love to know what awful hack Intel did that resulted in these semantics.
I am not convinced I ever really want to know. I just want it all to go
away in a future CPU with a SPCTR_NO bit in IA32_ARCH_CAPABILITIES.
(Not the IBRS_ALL interim hack).
I think it's a mixture of ongoing checking, and a barrier. And perhaps
varying proportions of each, in different CPU generations. By defining
it thus, they can actually implement it *either* way.Attachment:
smime.p7s
Description: S/MIME cryptographic signature