Re: [RFC PATCH v1 10/15] KVM: VMX: Use WRMSRNS or its immediate form when available

From: Borislav Petkov
Date: Mon Mar 31 2025 - 16:39:29 EST

Next message: Rob Herring: "Re: [net-next RFC PATCH v4 6/6] dt-bindings: net: Document support for Aeonsemi PHYs"
Previous message: Stefan Wahren: "Re: [PATCH v3 0/4] net: mtip: Add support for MTIP imx287 L2 switch driver"
In reply to: Konrad Rzeszutek Wilk: "Re: [RFC PATCH v1 10/15] KVM: VMX: Use WRMSRNS or its immediate form when available"
Next in thread: Andrew Cooper: "Re: [RFC PATCH v1 10/15] KVM: VMX: Use WRMSRNS or its immediate form when available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 31, 2025 at 04:27:23PM -0400, Konrad Rzeszutek Wilk wrote:
> Is that the right path forward?
>
> That is replace the MSR write to disable speculative execution with a
> non-serialized WRMSR? Doesn't that mean the WRMSRNS is speculative?

Ha, interesting question.

If the WRMSR is non-serializing, when do speculative things like indirect
branches and the like get *actually* cleared and can such a speculation window
be used to leak branch data even if IBRS is actually enabled for example...

Fun.

This change needs to be run by hw folks and I guess until then WRMSRNS should
not get anywhere near mitigation MSRs like SPEC_CTRL or PRED_CMD...

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Next message: Rob Herring: "Re: [net-next RFC PATCH v4 6/6] dt-bindings: net: Document support for Aeonsemi PHYs"
Previous message: Stefan Wahren: "Re: [PATCH v3 0/4] net: mtip: Add support for MTIP imx287 L2 switch driver"
In reply to: Konrad Rzeszutek Wilk: "Re: [RFC PATCH v1 10/15] KVM: VMX: Use WRMSRNS or its immediate form when available"
Next in thread: Andrew Cooper: "Re: [RFC PATCH v1 10/15] KVM: VMX: Use WRMSRNS or its immediate form when available"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]