On Sat, 2018-01-20 at 12:28 -0800, Liran Alon wrote: > Isn't it cleaner to check for "boot_cpu_has(X86_FEATURE_IBPB)" both > in svm_vcpu_init_msrpm() and hardware_setup()? Strictly speaking that's a different check. That's checking if we're *using* IBPB, not if it exists. Now that's probably OK here, since we need it for retpoline *and* IBRS- based mitigations. And we *might* argue that 'nospectre_v2' on the host kernel command line should indeed stop us exposing the features to guests. Maybe. But next comes IBRS support, and we definitely *won't* want to make exposing that to guests conditional on X86_FEATURE_IBRS, because in the retpoline case that won't be set and we probably *will* still want to expose it to guests based merely on the fact that it exists. So I think Karim has it right here (modulo the change I already made). If we want a separate control for "don't expose these to guests", we should do that explicitly.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
