On Mon, Dec 02, 2024 at 03:35:21PM -0800, Pawan Gupta wrote: > It is in this doc: > > https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html > I hope those URLs remain more stable than past experience shows. > "Processors with enhanced IBRS still support the usage model where IBRS is > set only in the OS/VMM for OSes that enable SMEP. To do this, such > processors will ensure that guest behavior cannot control the RSB after a > VM exit once IBRS is set, even if IBRS was not set at the time of the VM > exit." ACK, thanks. Now, can we pls add those excerpts to Documentation/ and point to them from the code so that it is crystal clear why it is ok? Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette
