On Tue, May 30, 2023 at 06:31:03PM +0100, Andrew Cooper wrote: > I've committed this, but made two tweaks to the commit message. First, > "x86/hvm" in the subject because it's important context at a glance. Sure, that makes sense.
> Second, I've adjusted the bit about PV guests. The reason why we can't > expose it yet is because Xen doesn't currently context switch EFER > between PV guests. > > ~Andrew We could of course context switch EFER sensibly, but what would that mean for Automatic IBRS? It can't be trivially used for domain-to-domain isolation because every domain is in a co-equal protection level. Is there a non-obvious edge that exposing some interface to it gives for PV? The only useful case I can think of is PVH, and that seems to be subsumed by HVM. Alejandro
