target/i386: introduce ITS_NO to several models

[PATCH 0/5] target/i386: introduce ITS_NO to several models

Jon Kohler posted 5 patches 1 week ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20251106174626.49930-1-jon@nutanix.com

Maintainers: Paolo Bonzini <pbonzini@redhat.com>, Zhao Liu <zhao1.liu@intel.com>

target/i386/cpu.c | 35 +++++++++++++++++++++++++++++++++++
target/i386/cpu.h |  1 +
2 files changed, 36 insertions(+)

Expand all Fold all

[PATCH 0/5] target/i386: introduce ITS_NO to several models

Posted by Jon Kohler 1 week ago

ITS_NO is a synthetic bit that indicates to a guest VM that it is
running on hardware that A) is not vulnerable to ITS vulnerability and
B) will not be migrated to a host that is vulnerable to ITS.

Guests will use ITS_NO to opt out of mitigating against ITS.

Intel Sapphire Rapids and higher are all invulnerable to ITS.

Note: for posterity, add MSR_ARCH_CAP_ITS_NO bit definition, such that
future CPU models can add ITS_NO without needing a sub version for
its-no.

Jon Kohler (5):
  target/i386: Add MSR_IA32_ARCH_CAPABILITIES ITS_NO
  target/i386: introduce SapphireRapids-v5 to expose ITS_NO
  target/i386: introduce GraniteRapids-v4 to expose ITS_NO
  target/i386: introduce SierraForest-v4 to expose ITS_NO
  target/i386: introduce ClearwaterForest-v2 to expose ITS_NO

 target/i386/cpu.c | 35 +++++++++++++++++++++++++++++++++++
 target/i386/cpu.h |  1 +
 2 files changed, 36 insertions(+)

-- 
2.43.0