On Tue, Sep 06, 2022 at 04:41:26PM -0700, Jim Mattson wrote: >This looks like a souped-up version of AMD's X86_FEATURE_V_SPEC_CTRL. >From https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/branch-history-injection.html: > >When “virtualize IA32_SPEC_CTRL” VM-execution control is enabled, the >processor supports virtualizing MSR writes and reads to >IA32_SPEC_CTRL. This VM-execution control is enabled when the tertiary >processor-based VM-execution control bit 7 is set and the tertiary >controls are enabled. The support for this VM-execution control is >enumerated by bit 7 of the IA32_VMX_PROCBASED_CTLS3 MSR (0x492). > >Is anyone working on kvm support for this yet? (Intel?) Chen is working on it. He has some patches already and is working on the testing and review with security experts. The plan is to post patches in ww40 or ww41. Do you have any questions/concerns about enabling "virtualize IA32_SPEC_CTRL" in KVM?