On Sun, 2018-01-28 at 12:53 -0800, Andy Lutomirski wrote: > > > I believe it does. Guest kernel is protected from any guest userspace > > predictions learned before IBRS was last set to 1 in *any* mode, > > including host. > > Hmm, you're probably right. > > I would love to know what awful hack Intel did that resulted in these semantics. I am not convinced I ever really want to know. I just want it all to go away in a future CPU with a SPCTR_NO bit in IA32_ARCH_CAPABILITIES. (Not the IBRS_ALL interim hack). I think it's a mixture of ongoing checking, and a barrier. And perhaps varying proportions of each, in different CPU generations. By defining it thus, they can actually implement it *either* way.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
