On Mon, 2018-01-08 at 19:08 +0100, Paolo Bonzini wrote: > > + if (have_spec_ctrl && vmx->spec_ctrl != 0) > + wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl); > + I think this one probably *is* safe even without an 'else lfence', which means that the CPU can speculate around it, but it wants a comment explaining that someone has properly analysed it and saying precisely why.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature