ITS_NO is a synthetic bit that indicates to a guest VM that it is running on hardware that A) is not vulnerable to ITS vulnerability and B) will not be migrated to a host that is vulnerable to ITS.
Guests will use ITS_NO to opt out of mitigating against ITS. Intel Sapphire Rapids and higher are all invulnerable to ITS. Note: for posterity, add MSR_ARCH_CAP_ITS_NO bit definition, such that future CPU models can add ITS_NO without needing a sub version for its-no. Jon Kohler (5): target/i386: Add MSR_IA32_ARCH_CAPABILITIES ITS_NO target/i386: introduce SapphireRapids-v5 to expose ITS_NO target/i386: introduce GraniteRapids-v4 to expose ITS_NO target/i386: introduce SierraForest-v4 to expose ITS_NO target/i386: introduce ClearwaterForest-v2 to expose ITS_NO target/i386/cpu.c | 35 +++++++++++++++++++++++++++++++++++ target/i386/cpu.h | 1 + 2 files changed, 36 insertions(+) -- 2.43.0
