> > >>> Even if the guest doesn't have/support IBRS_ALL, and is frobbing the > >>> (now emulated) MSR on every kernel entry/exit, that's *still* going to > >>> be a metric shitload faster than what it *thought* it was doing. > > Is there any indication/log to the admin that VM doesn't know about > IBRS_ALL and is constantly uselessly writing to an emulated MSR? > > While it's probably true that the overhead in time is similar to (or > better than) an actual IBRS MSR write, if the admin/user knows the VM > needs updating, then there's a fighting chance that they might do so.
the guest is not the problem; guests obviously will already honor if Enhanced IBRS is enumerated. The problem is mixed migration pools where the hypervisor may need to decide to not pass this enumeration through to the guest.