On Wed, Aug 31, 2022 at 04:22:03PM +0800, Chao Gao wrote: > On Tue, Aug 30, 2022 at 04:42:19PM -0700, Jim Mattson wrote: > >Don't we need a software BHB-clearing sequence on VM-exit for Intel > >parts that don't report IA32_ARCH_CAPABILITIES.BHI_NO? What am I > >missing? > > I think we need the software mitigation on parts that don't support/enable > BHI_DIS_S of IA32_SPEC_CTRL MSR and don't enumerate BHI_NO. > > Pawan, any idea? Intel doesn't recommend any BHI mitigation on VM exit. The guest can't make risky system calls (e.g. unprivileged eBPF) in the host, so the previously proposed attacks aren't viable, and in general the exposed attack surface to a guest is much smaller (with no syscalls). If defense-in-depth paranoia is desired, the BHB-clearing sequence could be an alternative in the absence of BHI_DIS_S/BHI_NO. Thanks, Pawan
