>> The problem is that we can end up with a guest running extra BHI >> mitigations >> while this is not needed. Could we inform the guest that eIBRS is not >> available >> on the system so a Linux guest doesn't run with extra BHI mitigations? > >Well, that's why Intel specified some MSRs at 0x5000xxxx. Yes. But note that there is a subtle difference. Those MSRs are used for guest to communicate in-used software mitigations to the host. Such information is stable across migration. Here we need the host to communicate that eIBRS isn't available to the guest. this isn't stable as the guest may be migrated from a host without eIBRS to one with it. > >Except I don't know anyone currently interested in implementing them, >and I'm still not sure if they work correctly for some of the more >complicated migration cases. Looks you have the same opinion on the Intel-defined virtual MSRs as Sean. If we all agree the issue here and the effectivenss problem of the short BHB-clearing sequence need to be resolved and don't think the Intel-defined virtual MSRs can handle all cases correctly, we have to define a better interface through community collaboration as Sean suggested.
