From nobody Sun Feb 8 06:56:22 2026 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B32011922C5 for ; Fri, 23 Aug 2024 18:53:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439233; cv=none; b=oBfx8nOovE0a3iWTo7EF/mpnM8LReOIfatgH5Ti1hd9qhhiuTUu4dBR5X8vR8dmRzyo589BbqchVBHFq3diqlaEaOyLlO/gXqM6cxfyt55Ut7FMP1gXAHjA9HSsQbm0kEl17KKrXy0zfeiDq+B+ez+KYxUcUREUbk2lmHdygvss= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439233; c=relaxed/simple; bh=DbKaS9v1hLowfyFA8YQtCHNg0LVk6j3k68viAaH4Ds4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Content-Type; b=jLyvb6PAmld43xnmqcyt2GruM6meuRtJStFDT0IH96qhwhnaOeAkm+ijL1qK4AF1WZYi/TmW1djK9c7NfVhBiTG1SIFLKGr8ESKbJc5jwBziipAbH5qx8gTf3wKeVu0Y/SsV1YYrfjsYX7ffwW3fPsIq50X9YmMKnFQpXxoZn3M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=SIglpl5b; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SIglpl5b" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6ac83a71d45so39616557b3.3 for ; Fri, 23 Aug 2024 11:53:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1724439231; x=1725044031; darn=vger.kernel.org; h=to:from:subject:message-id:references:mime-version:in-reply-to:date :from:to:cc:subject:date:message-id:reply-to; bh=KwMz41rbAs2jbwtsewipMfgHdQI9fhKtFZZhcI6NPZQ=; b=SIglpl5bZPDomhELz8oeoutz/1F8flJgR2x64o3hT48VMIBeBy7n11zVgxOctbUk3X 4C1JSOOeH+aMFJ1qEAJ9etODDQs+yCiyBbQxnR7MQNBNobUnMfyNmWnAHoTTY3xyZYPt 82fOqII5HTxi/UJKoAAApU+iYhqgmvte9NEf2DtgCgjtL9lAkUDoE+3YfLSrF9wTEyQr /1jlm0NWyDyjNDyMKnMoi7ZdHDZYz4XpE7tjFOlfmRFeyD2DEHdyeJ/lNcEc1ioddpRH XjbYPVcNOfUPbHjd+cJIOkOSH8SXyQwBalarP6pke/fypUIHHDUvIGQKwe/82yzC47AW FYkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724439231; x=1725044031; h=to:from:subject:message-id:references:mime-version:in-reply-to:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KwMz41rbAs2jbwtsewipMfgHdQI9fhKtFZZhcI6NPZQ=; b=LTAcX5a2LCp+Yw725Ju50vO3h5t7tJrD/wBRyxOeTPdRK9TKMafs8+L4VGc2YH5oRy 8BgS5VBoxI35VMQX50+G+GlyhYWKEnYulU97vF+Rx8u3M1e72xmZm86wkP3BG4YZq+Hn TZC70yLj/N02bvd2i9wzj0WXCoVaUQoF7jhww07cLeqAMDRwgXRLIQB2aGfeUn/HwvIX y+ks7rm8uNF5RoA0CWSOPXbaZ4+7BenfBX0gtaVmj6eDbzWK01tcSXlEilIftBhagHf3 JDfK9Bs+wkoXwJHs6fIxQYbU5t/uojFdxH4ZDVsoa/ph1PSgo/Fny2hKJ7gAsG8+KILz oH5Q== X-Forwarded-Encrypted: i=1; AJvYcCWjirP3nlE2p96KoYigjbp4RvuS76DkIGCVGdyLxStrXwns0yRoIritujT19uswdzNyLCxuwHFLkNbfVCA=@vger.kernel.org X-Gm-Message-State: AOJu0YxeLzcevb6dxPzQ+XunkOsFLIiKg1zeVAC5NVQ/Pv6NaKxwCJHT xYlHCM7RxK4OuykuchNY/vnuA/5avScKM0K7qd/Une57xN0mw0fsfgfQyxuYBuh9qM4WbQ7AtIU m4WRHZsxmew== X-Google-Smtp-Source: AGHT+IGt9OG3rVzE5j5b6W9ETNhjDkmgngAjvjwYxKrJostWZwYoOunXg/OItHw0FTuwyj8ghTwOFVUov2j50A== X-Received: from loggerhead.c.googlers.com ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1]) (user=jmattson job=sendgmr) by 2002:a05:690c:408a:b0:691:55ea:85e6 with SMTP id 00721157ae682-6c628b96609mr66577b3.7.1724439230622; Fri, 23 Aug 2024 11:53:50 -0700 (PDT) Date: Fri, 23 Aug 2024 11:53:10 -0700 In-Reply-To: <20240823185323.2563194-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240823185323.2563194-1-jmattson@google.com> X-Mailer: git-send-email 2.46.0.295.g3b9ea8a38a-goog Message-ID: <20240823185323.2563194-2-jmattson@google.com> Subject: [PATCH v3 1/4] x86/cpufeatures: Clarify semantics of X86_FEATURE_IBPB From: Jim Mattson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Sean Christopherson , Paolo Bonzini , Pawan Gupta , Josh Poimboeuf , Jim Mattson , Sandipan Das , Kai Huang , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Since this synthetic feature bit is set on AMD CPUs that don't flush the RSB on an IBPB, indicate as much in the comment, to avoid potential confusion with the Intel IBPB semantics. Signed-off-by: Jim Mattson Reviewed-by: Thomas Gleixner Reviewed-by: Tom Lendacky --- arch/x86/include/asm/cpufeatures.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index dd4682857c12..cabd6b58e8ec 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -215,7 +215,7 @@ #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* Disable Specul= ative Store Bypass. */ #define X86_FEATURE_LS_CFG_SSBD ( 7*32+24) /* AMD SSBD implementation vi= a LS_CFG MSR */ #define X86_FEATURE_IBRS ( 7*32+25) /* "ibrs" Indirect Branch Restricted = Speculation */ -#define X86_FEATURE_IBPB ( 7*32+26) /* "ibpb" Indirect Branch Prediction = Barrier */ +#define X86_FEATURE_IBPB ( 7*32+26) /* "ibpb" Indirect Branch Prediction = Barrier without RSB flush */ #define X86_FEATURE_STIBP ( 7*32+27) /* "stibp" Single Thread Indirect Br= anch Predictors */ #define X86_FEATURE_ZEN ( 7*32+28) /* Generic flag for all Zen and newer= */ #define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* L1TF workaround PTE inversi= on */ --=20 2.46.0.295.g3b9ea8a38a-goog From nobody Sun Feb 8 06:56:22 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 40D561925A1 for ; Fri, 23 Aug 2024 18:53:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439234; cv=none; b=qkAH83/hB9xcY3l8Buq5pb4XIKMZyDNC9p/BpCaW61rccPhBfzm2vTPXnmk9rQnC9pCtXFkKOnh0bjFn6umfFBEVqfc4afUbGKS1qdaphoUwP8shYed6BO5WUxS47WSVFDwDIwihfeG3d1JuvsEd33WVvpAgUwUyIPSe46EubGE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439234; c=relaxed/simple; bh=uHc5J3RzDDJvtU0LNEUNZxZe+FsaP8Fvj2w4uMXoM3w=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=luRx8bV42nM7LcYBai2XBs5bxr+b4QkJkZpIgHm6dJarZBpnLSef7e1pYxEP7j6ZYmpG3B+TQOsmSyUQ70RGqIFBB0uDHRlG/5Lh8e7yS9H/G8Br3irHccAo95GqUfWG5GvhavG2CeTzMnGHHwSfLRh5yz5rT3a4sQP+75YEitg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sFbdNYcq; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sFbdNYcq" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-2d3c9a5c673so2189922a91.1 for ; Fri, 23 Aug 2024 11:53:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1724439232; x=1725044032; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ZETR8JbkOV1DUbkusF4BDItYK3NtrFWqCwoBAa+9Gio=; b=sFbdNYcqRmcKQ7HFOIGjvBRzSpspUOI2JNCBeFWs7buuZLHBBBT77n7QnjF57WUhSg 21o3944SEu9w3XR0w6Ifzj0h/8HRAOFdFjZ1HO424hXQjXlt6ODHwARoOrp7DwG1ig9Q fLmULbOBg8j6pud/pYXsNBFIVDsvoWycfGvakhyMp4EexZSK2rhHn3uKGQeaP6nTcnKk vQdmyPQ9dbuMfSSDroQTo90mh6eXSH59DFsl5j50GtIXpihIn8X08K5fMieheSmMKYKQ /djCbtgOYYuCrhzxjs7jeojY4iuMhV5KSmITyf4h5lpkOC+fOIzVa8DpqGdCmRz4VChi zW5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724439232; x=1725044032; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ZETR8JbkOV1DUbkusF4BDItYK3NtrFWqCwoBAa+9Gio=; b=BtXIUAozlRM3BUG3VahAMqecKa3rq1jFzeQtkl4B/hkdY5c9age/KQYtw4fbukPY8v rSelQ9OP4QXlxfBSpjRKfddbQ3rB9TpbajZKFDUnrj6/R4qVwn1MWaIpOUjSO/1Xols4 0meFe4FEXYSuIwszs2H4cTZQYfyqdWU6pKVlYzaf8kd0pEXPB2vj1mUF944MZZnYF5da lAX41qYcuP3480d/vWCS7tyJoQ5RtV1EdJngV0432VBJTdjWGqqYCKplISgxaCBDo/Dt yYznDSr38VKzi/6wXo2wES6vEUU+0fdsQoVb/7NXYWalpTynNYKYDCA+l/2xxMwzPYCc F6nQ== X-Forwarded-Encrypted: i=1; AJvYcCVE3riGiDinMk88+FC81LZhbSkaON3HLUV+/SQUbD/nYnu0m7HzaE/H4kCtjgo2sv3ZIDY0z2Mos9FXklg=@vger.kernel.org X-Gm-Message-State: AOJu0YyecEShBXnfxxfoP2+eldEQ42ICRafAAiaX2D/0OYYksjf8EAtu 2xLatb40h2R4RfypJtaxpSJyQ4bkYZ+l+4uIrHwCJbhDhYquG6/zJWr81nQ/YyPWrfne0RZNOT9 8re3ROwdq5g== X-Google-Smtp-Source: AGHT+IFrE3/dZuZEWBYCH+nx6VHpdfBAScy4icMsZdcE+pOFSv5UyNOPdpTb+8GRWuu32pm/OiOLJ4TxN42mBw== X-Received: from loggerhead.c.googlers.com ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1]) (user=jmattson job=sendgmr) by 2002:a17:90b:33c4:b0:2d3:d084:6da3 with SMTP id 98e67ed59e1d1-2d646d90759mr26893a91.3.1724439232349; Fri, 23 Aug 2024 11:53:52 -0700 (PDT) Date: Fri, 23 Aug 2024 11:53:11 -0700 In-Reply-To: <20240823185323.2563194-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240823185323.2563194-1-jmattson@google.com> X-Mailer: git-send-email 2.46.0.295.g3b9ea8a38a-goog Message-ID: <20240823185323.2563194-3-jmattson@google.com> Subject: [PATCH v3 2/4] x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET From: Jim Mattson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Sean Christopherson , Paolo Bonzini , Pawan Gupta , Josh Poimboeuf , Jim Mattson , Sandipan Das , Kai Huang , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Venkatesh Srinivas Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" AMD's initial implementation of IBPB did not clear the return address predictor. Beginning with Zen4, AMD's IBPB *does* clear the return address predictor. This behavior is enumerated by CPUID.80000008H:EBX.IBPB_RET[bit 30]. Define X86_FEATURE_AMD_IBPB_RET for use in KVM_GET_SUPPORTED_CPUID, when determining cross-vendor capabilities. Suggested-by: Venkatesh Srinivas Signed-off-by: Jim Mattson Reviewed-by: Thomas Gleixner Reviewed-by: Tom Lendacky --- arch/x86/include/asm/cpufeatures.h | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf= eatures.h index cabd6b58e8ec..0ed131f160dc 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -348,6 +348,7 @@ #define X86_FEATURE_CPPC (13*32+27) /* "cppc" Collaborative Processor Per= formance Control */ #define X86_FEATURE_AMD_PSFD (13*32+28) /* Predictive Store For= warding Disable */ #define X86_FEATURE_BTC_NO (13*32+29) /* Not vulnerable to Branch Type Co= nfusion */ +#define X86_FEATURE_AMD_IBPB_RET (13*32+30) /* IBPB clears return address = predictor */ #define X86_FEATURE_BRS (13*32+31) /* "brs" Branch Sampling available */ =20 /* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 1= 4 */ --=20 2.46.0.295.g3b9ea8a38a-goog From nobody Sun Feb 8 06:56:22 2026 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 55688192D67 for ; Fri, 23 Aug 2024 18:53:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439237; cv=none; b=g4IwJMQ3NrJt4sUm3Aaq6s42qsSUyxWoKwX75DNl0qTxlqIWLTd4A+b7nf9fHbYYzOckJs4mUtTFaHpa2c7kY5vYo8uLdLLFyKDc1a1fbGMCIS1jx0a7G8JohODH32oMwaGA+K8INNMvafqVZXzF5EkgeBW1FIb/AAlcIH+IqJo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439237; c=relaxed/simple; bh=NbZ6C/T+ZCVhDcFWCkfg5AfdlArNrEwsL3Hq4JGm01U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=T2AXjc9lCC5cTgXJvd6s+a0JR1nQDeA3UFo1g7MKLN3nZVhsMbcNX5k0b2Mx0VXKg/nsusr7dcPqmXitZs77UtKqHg6C7fAgHtj2mvdjt5hhDUxGsNqH4S+0dyH1Fo9/mkOfLI0CsKkqzAyEuD0bOJDHuJVqSAWcfcE+Hx077u0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=AB7cH2+N; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="AB7cH2+N" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e1653c8a32eso3721220276.3 for ; Fri, 23 Aug 2024 11:53:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1724439234; x=1725044034; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=MZhuyhwkXzq5TLpNWTsJTlY8QsgB091bBfZe2SCWV7A=; b=AB7cH2+NFVAmFBTOcluuqyZUyS7gRY/HCenqd8+oaI/JRk/JmzPey5sY3ux4lvZQyj iEyK0SKHNSWvk1+TyWSLsL0zPRoaXiG5VWzxLDf1aTlJKBJ7Es8FGlAIhjiF/uf+xERj 9RcaAAgZMOv7QvMYgsZD95jZGqgOSNjxPKoTmrjdF4ri2ZqhqPOYfZ1jM2b5gQTx2F7G /y0pS5TzPhuRg92vEZBYkCta6uTeGesplSjaAU18eHLnmrNKMYKRnx+aFzfD3+9th0fk L6aH9IGrTTOWFF8PMrtf9cbgeFD4euuGHqLmF61rpF0yeFSEnQc2/1IQKtSnyhK1MSE5 zqwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724439234; x=1725044034; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=MZhuyhwkXzq5TLpNWTsJTlY8QsgB091bBfZe2SCWV7A=; b=Y9rs8XHWAJlQjf0VUEx7hPITXs8h8seSeAcuuOac04Ff+wD8krhlPLTSXuDvuMZOOY Fzpc/LA21IsoxHgsh89aAyFbcATozIwzKWkHEQPe0jqPiznH6SodkZZqm2TBBDRnYvY3 a8NIlMjgPFp8s9WKKigojU8SJn32gcACOQMumL9iC7fmuRH7LClVdBNkcDG9WHRRv84P 1qUqvihecly9GWfRDqJvbl32vX4cfl3Oei0M7s0okTv9w/gSkj4Hlg0iSaosgstmEAQa 7ZsbB5JBBW3vYFYJcB1yBoleOkyozDkzOVQv1YQZ1VG+AnB4jRtPkfShOo/4o+EdO0wk 13cQ== X-Forwarded-Encrypted: i=1; AJvYcCVCmoF9vLlbHSPmcom1k+tc/bdgKEcDKe4Bco1X7XqARWyykR0GzELJkWiYuTaYqG8UN8uVgLJHIdnx2Z0=@vger.kernel.org X-Gm-Message-State: AOJu0YwSa77OLhmEhs1roaEkp609yPl6f9CxcYSo/IV5Fl8e9C0m0gCo 4S5xiWg3zZUUdjaodAXM7orX2pGCKQCmJJx4hpG/59Fu9HgaXtQevyCG3hnszrz4dUmJHBG0Auk rmAwNKzDhTQ== X-Google-Smtp-Source: AGHT+IEypgUJ5wnYpxkM8UoctfuiVZ7zGv0wV5gsWQk1EXSBHETI8UYVQUPub68MaSVJRIAEV6qFA/ajyKJHpw== X-Received: from loggerhead.c.googlers.com ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1]) (user=jmattson job=sendgmr) by 2002:a25:bf91:0:b0:e16:67ca:e24f with SMTP id 3f1490d57ef6-e17a865aba3mr4635276.10.1724439234156; Fri, 23 Aug 2024 11:53:54 -0700 (PDT) Date: Fri, 23 Aug 2024 11:53:12 -0700 In-Reply-To: <20240823185323.2563194-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240823185323.2563194-1-jmattson@google.com> X-Mailer: git-send-email 2.46.0.295.g3b9ea8a38a-goog Message-ID: <20240823185323.2563194-4-jmattson@google.com> Subject: [PATCH v3 3/4] KVM: x86: Advertise AMD_IBPB_RET to userspace From: Jim Mattson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Sean Christopherson , Paolo Bonzini , Pawan Gupta , Josh Poimboeuf , Jim Mattson , Sandipan Das , Kai Huang , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Tom Lendacky Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is an inherent feature of IA32_PRED_CMD[0], so it is trivially virtualizable (as long as IA32_PRED_CMD[0] is virtualized). Suggested-by: Tom Lendacky Signed-off-by: Jim Mattson Reviewed-by: Thomas Gleixner Reviewed-by: Tom Lendacky --- arch/x86/kvm/cpuid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 2617be544480..ec7b2ca3b4d3 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -751,7 +751,7 @@ void kvm_set_cpu_caps(void) F(CLZERO) | F(XSAVEERPTR) | F(WBNOINVD) | F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) | F(AMD_SSB_NO) | F(AMD_STIBP) | F(AMD_STIBP_ALWAYS_ON) | - F(AMD_PSFD) + F(AMD_PSFD) | F(AMD_IBPB_RET) ); =20 /* --=20 2.46.0.295.g3b9ea8a38a-goog From nobody Sun Feb 8 06:56:22 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0BB719307F for ; Fri, 23 Aug 2024 18:53:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439238; cv=none; b=N80J1/vtbMYSz4GEpfjGgpyZ7E8b/lIcOtrnJEIqbqKNjZH/f7E2L7mQXTCiSXgFYogFe7Bim9zxN4Xkfl4bTs3wFMhP/fjLX9N/Kr6+UTWqDwbLzj03fnLWAIl9a+DA0WC6F2bYNL4uXKkKlLcBD19ImBEdz/trZz+5xV6Ygz4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724439238; c=relaxed/simple; bh=MyBiTMGpmZrrLOJsOFwtm0ilk6ZZtI1A1HrN6ZN27qU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=r2l5XPr2KeYoaPGfbUBieIpBCdVL7Ep1SKezuCC0ZDqdwSgUxDPh+aRCHfPXBE/tQkrRjm45fMzBHXqp1C2l9JLOttHb13xtnDmi2kw4yehgIuTFA89ha1qFHn7nlpKbgaab99qE2sRSQbJyt/tWEcZzpqZThgqYSfTHhaI9pas= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GcbRO07+; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GcbRO07+" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2021be03c53so22443865ad.3 for ; Fri, 23 Aug 2024 11:53:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1724439236; x=1725044036; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gVFZNv4GWRiUrVz98MUMToFQTqhf2FOUUV+ADB4mKm4=; b=GcbRO07+U4WdwIujPbNy9/nYewb64VZcOKHcs9PyPeX10MhJwMH4ieTcGKdGZZGF+O h6kLc0mCO+5i05vHrNyRdkjmoE4erRJFGqloQ5Xs8e+TTApGuwe3jp9Hymgujfi1SiDt MxB8d8ufQf7zXlqKGCY58Gqi+UEVVlvEXzFyeSOUhdz8rc45sbfUiKuudUIK/jf6eGIY n9gUlh24oh+Y9ZZu/M5uKXn8IbRmnnfVHUnzZNEO7xNY3YXJrV5ZQYb0bqdjEB9Q1dS7 SUQe42Kf747fGaIyYEGwgKn0cQY3rexpbpGgBfI2FDFme+pI49W/aBi4vyU4doQTZARf CPQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724439236; x=1725044036; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gVFZNv4GWRiUrVz98MUMToFQTqhf2FOUUV+ADB4mKm4=; b=n2f8/4rlNzXKxE0QXT61BXoNV+2h0VpfPVAf+0+Uh03uLmUMsEE0CLaj6XGuy+OLVW 0gncWh2mSrR3gm1PRi/p4mVzxswfBwjEZoBu1pxSko1o6IkZiQZ1ytn7OsypxyG4ZSRz jBJi5nbBIPKt7D4ATm86QvMBRV7zHn7H2ZzO/8yKr4fjapa0JAj1ykW0IlxloUZopgnv P8mfUP2tvpGsGIoNhRTL5/b7h+1fQszlml45Mw8YD3fMxuqe1Y2alY5pOkl2g17Jfq3g YbCjKoOO12hPNYpSuduLphAIJgZGLqO9Xh3wqRQmt6gJcJe9TRzgtL/7q8UB34Yna8al c5wg== X-Forwarded-Encrypted: i=1; AJvYcCX51jO7+RiKR+29tPrlvNlkS+ZWoSM9wUNYxGFLDFQ/zUly369CDtVK+tAmUtht/7vK2jefT4chYuuL8DY=@vger.kernel.org X-Gm-Message-State: AOJu0Yz9rcSI8xcrB5im9GdOEOwNEwWJASRFcSAskrOybYntnP2LCJJC pQy/AMkdhBbLL/EokKDYAujcAyzAwXg3y97oUZLogDWuTHsWwCLs0e8UbojoeRpEJjqE+dPKbUw hAbIyyDNOxQ== X-Google-Smtp-Source: AGHT+IEaaQ0Woq0T5ahHq+3E7nfEsKVxnKK6BQo6ogJ10ZT5yXqN8LciMB4mft0oDRdWnpV0B08MFc8oBeGZ+Q== X-Received: from loggerhead.c.googlers.com ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1]) (user=jmattson job=sendgmr) by 2002:a17:902:c40e:b0:200:86f4:fa1b with SMTP id d9443c01a7336-2039e4a7403mr2517075ad.4.1724439235807; Fri, 23 Aug 2024 11:53:55 -0700 (PDT) Date: Fri, 23 Aug 2024 11:53:13 -0700 In-Reply-To: <20240823185323.2563194-1-jmattson@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240823185323.2563194-1-jmattson@google.com> X-Mailer: git-send-email 2.46.0.295.g3b9ea8a38a-goog Message-ID: <20240823185323.2563194-5-jmattson@google.com> Subject: [PATCH v3 4/4] KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB From: Jim Mattson To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Sean Christopherson , Paolo Bonzini , Pawan Gupta , Josh Poimboeuf , Jim Mattson , Sandipan Das , Kai Huang , x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Venkatesh Srinivas Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From Intel's documention [1], "CPUID.(EAX=3D07H,ECX=3D0):EDX[26] enumerates support for indirect branch restricted speculation (IBRS) and the indirect branch predictor barrier (IBPB)." Further, from [2], "Software that executed before the IBPB command cannot control the predicted targets of indirect branches (4) executed after the command on the same logical processor," where footnote 4 reads, "Note that indirect branches include near call indirect, near jump indirect and near return instructions. Because it includes near returns, it follows that **RSB entries created before an IBPB command cannot control the predicted targets of returns executed after the command on the same logical processor.**" [emphasis mine] On the other hand, AMD's IBPB "may not prevent return branch predictions from being specified by pre-IBPB branch targets" [3]. However, some AMD processors have an "enhanced IBPB" [terminology mine] which does clear the return address predictor. This feature is enumerated by CPUID.80000008:EDX.IBPB_RET[bit 30] [4]. Adjust the cross-vendor features enumerated by KVM_GET_SUPPORTED_CPUID accordingly. [1] https://www.intel.com/content/www/us/en/developer/articles/technical/so= ftware-security-guidance/technical-documentation/cpuid-enumeration-and-arch= itectural-msrs.html [2] https://www.intel.com/content/www/us/en/developer/articles/technical/so= ftware-security-guidance/technical-documentation/speculative-execution-side= -channel-mitigations.html#Footnotes [3] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1040.= html [4] https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/pr= ogrammer-references/24594.pdf Fixes: 0c54914d0c52 ("KVM: x86: use Intel speculation bugs and features as = derived in generic x86 code") Suggested-by: Venkatesh Srinivas Signed-off-by: Jim Mattson Reviewed-by: Thomas Gleixner Reviewed-by: Tom Lendacky --- arch/x86/kvm/cpuid.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index ec7b2ca3b4d3..c8d7d928ffc7 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -690,7 +690,9 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_set(X86_FEATURE_TSC_ADJUST); kvm_cpu_cap_set(X86_FEATURE_ARCH_CAPABILITIES); =20 - if (boot_cpu_has(X86_FEATURE_IBPB) && boot_cpu_has(X86_FEATURE_IBRS)) + if (boot_cpu_has(X86_FEATURE_AMD_IBPB_RET) && + boot_cpu_has(X86_FEATURE_AMD_IBPB) && + boot_cpu_has(X86_FEATURE_AMD_IBRS)) kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL); if (boot_cpu_has(X86_FEATURE_STIBP)) kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP); @@ -759,6 +761,8 @@ void kvm_set_cpu_caps(void) * arch/x86/kernel/cpu/bugs.c is kind enough to * record that in cpufeatures so use them. */ + if (boot_cpu_has(X86_FEATURE_SPEC_CTRL)) + kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB_RET); if (boot_cpu_has(X86_FEATURE_IBPB)) kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB); if (boot_cpu_has(X86_FEATURE_IBRS)) --=20 2.46.0.295.g3b9ea8a38a-goog