On Fri, Mar 24, 2023 at 2:16 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > On Wed, Mar 01, 2023, Takahiro Itazuri wrote: > > VMMs retrieve supported CPUID features via KVM_GET_SUPPORTED_CPUID to > > construct CPUID information to be passed to KVM_SET_CPUID2. Most CPUID > > feature bits related to speculative attacks are propagated from host > > CPUID. AMD processors have AMD-specific IBRS related bits in CPUID > > Fn8000_0008_EBX (ref: AMD64 Architecture Programmer's Manual Volume 3: > > General-Purpose and System Instructions) and some bits are not > > propagated to guests. > > > > Enable propagation of these bits to guests, so that guests can see the > > same security information as the host without VMM action. Usually, I can count on Sean for the semantic nitpick: This propagates bits only to the userspace VMM. They may make it to the guest. They may not.
