On Wed, Apr 10, 2024 at 7:35 AM Chao Gao <chao.gao@xxxxxxxxx> wrote: > > From: Daniel Sneddon <daniel.sneddon@xxxxxxxxxxxxxxx> > > Currently KVM disables interception of IA32_SPEC_CTRL after a non-0 is > written to IA32_SPEC_CTRL by guest. The guest is allowed to write any > value directly to hardware. There is a tertiary control for > IA32_SPEC_CTRL. This control allows for bits in IA32_SPEC_CTRL to be > masked to prevent guests from changing those bits. > > Add controls setting the mask for IA32_SPEC_CTRL and desired value for > masked bits. > > These new controls are especially helpful for protecting guests that > don't know about BHI_DIS_S and that are running on hardware that > supports it. This allows the hypervisor to set BHI_DIS_S to fully > protect the guest. > > Suggested-by: Sean Christopherson <seanjc@xxxxxxxxxx> > Signed-off-by: Daniel Sneddon <daniel.sneddon@xxxxxxxxxxxxxxx> > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx> > [ add a new ioctl to report supported bits. Fix the inverted check ] > Signed-off-by: Chao Gao <chao.gao@xxxxxxxxx> This looks quite Intel-centric. Isn't this feature essentially the same as AMD's V_SPEC_CTRL? Can't we consolidate the code, rather than having completely independent implementations for AMD and Intel?
