From nobody Wed Nov 27 07:49:18 2024
Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com
 [209.85.210.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D66181D0B97
	for <linux-kernel@vger.kernel.org>; Fri, 11 Oct 2024 21:44:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683056; cv=none;
 b=riJUodUKr5s9anxsm2Mrq8nm0T40b4pQBvNfprRJq2DlCXVANxUuzvZxIHWtVOu7Z0j/VLJsqQiS+WHP20EurJnh6ED4NONP+xdUMJVQ0Fwri61YVKO1pomHOp05rv8BnseSS9rO4m9W3y93xQ6fESPXE6cgF2X55HFhZSR8A3U=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683056; c=relaxed/simple;
	bh=Alfb43ggy1morVAhVCl9j9Qs+u6QkOqSpSocYaViI8Y=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=bPuBAExI3AeXy3cTLZqKtcDTRJxNeIN8qgGRjSpJ8O31BNUPm9mT5awwy94fzXiKgdEyVDo08C6vK05B9qwOQWQm9/eK9ls/gg+/60FR7/gqxJSQB9yHAYT1RfTrsBCM12TkVnEi6nsZ/C7tz4Ngw3h4GDVlG/2VxJcGpGKGVPE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=kxsPETSC; arc=none smtp.client-ip=209.85.210.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="kxsPETSC"
Received: by mail-pf1-f201.google.com with SMTP id
 d2e1a72fcca58-71e368933adso2134386b3a.2
        for <linux-kernel@vger.kernel.org>;
 Fri, 11 Oct 2024 14:44:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683054; x=1729287854;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=W8FDOlqwvEsdAJAf8IdqafehVhAI8JwdIbxbRDiLpiY=;
        b=kxsPETSCMazyrqlUZ+G7O95fuiPcGSkrzp9eB56qC2iRtLKxU7CrNCYH1K0PT5uWWE
         rIu/HqgfJuP81HV4nMwvt3Lk9dPpZNAQ1O+a65GuMgt7V5R+PeJs4oW3jTN53xFkakkL
         54le5HOUTrFuFwj8l0MCRM2V2C24tOVm6LaXKRIFYeugRL2twulrMl/NpiOYJLRROUUD
         PuFjDfnAonfYij0r9N3+j75DhTafkLfSEXMaC/7p2gtG2Za8vOV9YebrrgQDimTAllrY
         L68RJGiNEpkW4KfFVCOqTNSGcZeuj6iTDNGVyOkpCQJvcQ2uYp3fVXtE4ac6NDx6cSqk
         HsvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683054; x=1729287854;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=W8FDOlqwvEsdAJAf8IdqafehVhAI8JwdIbxbRDiLpiY=;
        b=jFhpG0t3Levcbk07eyxZq+v3ifTf4XjERHMJu3KVQ/EKv3YqMtOQ7vxMOmT9I1Iojt
         Hntp2KRqr2HzKxgmuKCucinmiiBIuuU7vNBJ8eI9z3d4xvj+CybmW7r0JAzvVnJwcrQb
         AcI5q3uEwyxPJnarIOmai3vwEj8nFjCH3oqIOHXPGUSp/fk0+77N9DIyYZyJkLAcefKF
         vLKKrEGq/Rkd+l02Mr6OHX+zvkm70EyD4QJZzQ8T0ElSCzS8T5gNX3ZnBy4it+QhVOVh
         mrvAQOAgaGkUiWxMvBbYDIWlatoJr/Mj78t3dsGeE/bJz0RZe+603id+8MvufxfkuFfi
         jN7w==
X-Forwarded-Encrypted: i=1;
 AJvYcCVI96pBbFCrVxwFA5aksvFG48CoU/ebdoUhRdmREvGB9NSyfPLf/WnHJfDNb6PDKg2GORS+r5zrgq6WOfs=@vger.kernel.org
X-Gm-Message-State: AOJu0YzCI8Z1Le2/4tplvX1bDzShOmGC1Qit2ZleDvvRgQGmBtPB1H+A
	s7kf9Xe862FAcZOrVPUhwvMBmR99NLxzCV36TVhIfdqkNzI/JM6ImHDo3T1CydXXDXHraBgnuZ2
	OQGKRNIL+nA==
X-Google-Smtp-Source: 
 AGHT+IG+CTYjXiI2WYVmaCbmdgx8aJmNp5eEhEtp42YdvInIMKciu2bPG9BFE/JQsrplK7JkLlS0PX/QLI0I4A==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a05:6a00:6f66:b0:71e:268d:19a6 with SMTP
 id d2e1a72fcca58-71e37e28a35mr18995b3a.1.1728683053750; Fri, 11 Oct 2024
 14:44:13 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:50 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-2-jmattson@google.com>
Subject: [PATCH v5 1/4] x86/cpufeatures: Clarify semantics of X86_FEATURE_IBPB
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Since this synthetic feature bit is set on AMD CPUs that don't flush
the RSB on an IBPB, indicate as much in the comment, to avoid
potential confusion with the Intel IBPB semantics.

Signed-off-by: Jim Mattson <jmattson@google.com>
---
 arch/x86/include/asm/cpufeatures.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf=
eatures.h
index dd4682857c12..644b3e1e1ab6 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -215,7 +215,7 @@
 #define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE	( 7*32+23) /* Disable Specul=
ative Store Bypass. */
 #define X86_FEATURE_LS_CFG_SSBD		( 7*32+24)  /* AMD SSBD implementation vi=
a LS_CFG MSR */
 #define X86_FEATURE_IBRS		( 7*32+25) /* "ibrs" Indirect Branch Restricted =
Speculation */
-#define X86_FEATURE_IBPB		( 7*32+26) /* "ibpb" Indirect Branch Prediction =
Barrier */
+#define X86_FEATURE_IBPB		( 7*32+26) /* "ibpb" Indirect Branch Prediction =
Barrier without a guaranteed RSB flush */
 #define X86_FEATURE_STIBP		( 7*32+27) /* "stibp" Single Thread Indirect Br=
anch Predictors */
 #define X86_FEATURE_ZEN			( 7*32+28) /* Generic flag for all Zen and newer=
 */
 #define X86_FEATURE_L1TF_PTEINV		( 7*32+29) /* L1TF workaround PTE inversi=
on */
--=20
2.47.0.rc1.288.g06298d1525-goog
From nobody Wed Nov 27 07:49:18 2024
Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com
 [209.85.128.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 36CBB1D174E
	for <linux-kernel@vger.kernel.org>; Fri, 11 Oct 2024 21:44:20 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.201
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683061; cv=none;
 b=DAuOVsGtCpM4/srjkLYspjR/j7Rg9tl7thaKvyZL9WBh7mOoLZRxyYX2imPmhLLCwpxAItvfbTqvtpq6aPHJ9s0fzuEagM4QR+QDK77u25aZoffo3uKULzGzBp34d4Cdmq2oGnCljr1LGiYllJb27Tp0v/6ZhXcPtUA8p5wntVE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683061; c=relaxed/simple;
	bh=/I8VUdkvAJLQEJj8WKw3N5lQy7af0guee/AI5dqcmnk=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=PJO9XIk4LE+vI9OYxjUk/vdllW9s++kLtte24jtbKneFDyQ3XXtgc18TxUrY7Rbo41GmF91e/J/jAqI/EGevDezhc2yLqFGNfrgNW8QiVoXSxIq+YPnR1+EGASiBUAr1PUy8QfNI1nT0PbK75Zt+KNoInwG79IYN2yep9h2AJwQ=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=4ER9iwjo; arc=none smtp.client-ip=209.85.128.201
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="4ER9iwjo"
Received: by mail-yw1-f201.google.com with SMTP id
 00721157ae682-6e35199eb2bso16444387b3.3
        for <linux-kernel@vger.kernel.org>;
 Fri, 11 Oct 2024 14:44:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683059; x=1729287859;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=6ReiYQhELm2YErEhhfOQ8zhEV99f32bvRKL1jPZXBWs=;
        b=4ER9iwjoUn+yPgXUspunanZ7QEeA5blOKMGLA7S+CQtInMI4lFpjjrpPBvpBYZOhNF
         mRTzzbHGn++U0IBzJTxMUG8YAWtx9z+vJnHnGnrA+0Glrjwr95OMIwnQo4koZhIemNNS
         AOI6NhV6gB3n0xTT02kHTwjX1Vu4/KcXKa4yi5ytrM1rWg2U7paHYX53kmNwYXl9emIP
         WNEQDBkn9kokAfuNhN8DyvskuXRCb4hjdemeOnlGyXyBqoY1HVDtDMC8N0thGRVBqrjn
         fFApH8KsTaYpddjtQeY/RlW/Vrqc0yJLX5FqL8LMveufRjFEv503MK7GdJoRX4wtMg3g
         jvmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683059; x=1729287859;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=6ReiYQhELm2YErEhhfOQ8zhEV99f32bvRKL1jPZXBWs=;
        b=a6Di/T2mVJsmd9m+pD5Xj7c7I7OEb83YLHPyhPIWyRdf4hbTEzbm+yZuWiQxgFJvUT
         NSW+9OpEc97nosW6Hywib3dRgQJnmFQ3ndWL0zGqt4s2p0RPp83WkAMVu5bbbyRFH8nn
         3lVAHsXn50Pc+eaaLACtSvwrI/kjZV+9dRaLcdLw5u9t4uTcZ7b3Mh1wkb+E1l4y4vDV
         gU+SF3thMiqqPhwzM/KrGhbZTUu/wEotOvLnE67DIqyNv5d+RhQTP8dLWW4O7uck/82j
         l81mkaoS4W3ipqf3lgdINPrVSQIG+B3GHx7vwhHm1F5ZEV5GY0D0QiJnXxiy4J1aqej1
         StoQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCVIH9IZvs+SmBWuEpBB6USPTS4Mdf8dhmrWPDzV+Ve0DF0kJ+LzpsGudBq/Qqnc8rtS3v4zh7hSndYQ+U0=@vger.kernel.org
X-Gm-Message-State: AOJu0Yyo4QUwH4o4yCn/awPcyyEmQxNU3ygcnSeWSC2AOtzzh4SLscOr
	f5DVvirrv3yYz7xVU+mGVRD6YXqC07z+u4KJfzHyvAC9o5zmuF7jYVeuhwiAXUucBX893IfzgLT
	1TuViLSvvCA==
X-Google-Smtp-Source: 
 AGHT+IFNjTU5JA4y1ucXDSMX706MXDSEHDMsE+i5BoQ5Q0Kts10PVFaN7ZNX1L99lyAXtbkbDoxswNpwL0J9HQ==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a25:86d0:0:b0:e25:5cb1:77cd with SMTP id
 3f1490d57ef6-e291a32d32cmr14230276.10.1728683059203; Fri, 11 Oct 2024
 14:44:19 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:51 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-3-jmattson@google.com>
Subject: [PATCH v5 2/4] x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>,
 Venkatesh Srinivas <venkateshs@chromium.org>,
	Tom Lendacky <thomas.lendacky@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

AMD's initial implementation of IBPB did not clear the return address
predictor. Beginning with Zen4, AMD's IBPB *does* clear the return
address predictor. This behavior is enumerated by
CPUID.80000008H:EBX.IBPB_RET[bit 30].

Define X86_FEATURE_AMD_IBPB_RET for use in KVM_GET_SUPPORTED_CPUID,
when determining cross-vendor capabilities.

Suggested-by: Venkatesh Srinivas <venkateshs@chromium.org>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
---
 arch/x86/include/asm/cpufeatures.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpuf=
eatures.h
index 644b3e1e1ab6..a222a24677d7 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -348,6 +348,7 @@
 #define X86_FEATURE_CPPC		(13*32+27) /* "cppc" Collaborative Processor Per=
formance Control */
 #define X86_FEATURE_AMD_PSFD            (13*32+28) /* Predictive Store For=
warding Disable */
 #define X86_FEATURE_BTC_NO		(13*32+29) /* Not vulnerable to Branch Type Co=
nfusion */
+#define X86_FEATURE_AMD_IBPB_RET	(13*32+30) /* IBPB clears return address =
predictor */
 #define X86_FEATURE_BRS			(13*32+31) /* "brs" Branch Sampling available */
=20
 /* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 1=
4 */
--=20
2.47.0.rc1.288.g06298d1525-goog
From nobody Wed Nov 27 07:49:18 2024
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com
 [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D24CC1D1753
	for <linux-kernel@vger.kernel.org>; Fri, 11 Oct 2024 21:44:23 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683065; cv=none;
 b=NzfGGd+CIrCOQlqO4/rLwNAbbY8so5gJfCio572wfSQ0CZx7o6AY9a8AQr5AR+54Vqxe2L+2eBE9IsrcG3FGSNZPLHizR3zdCcvBEaSRV6+Ao/e/YBVqutlcDCgnCU3DIDe8fwgaguNJmtgNNgDYJbvG/je2piNj/FBpKcwfyAo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683065; c=relaxed/simple;
	bh=FySfe5RrrfJjXgO8V1GOxagEYmAWMeDCEI02fIbT6Cw=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=ZUBroqETbo9Z2TO/nHC8DMeYb4c7La1jbSzJSDHlrGLD+8X22v+ab5tk/XagrwrotZ+pAMFuw6VNWY90b9IUwaCDANvZjtc8ASOhZaDsG50tXMNUcVZE+hogluww6WmSTyG+spQLxo+wioJjYKDs6DM72TZrsDSl8rLXfaDhKTw=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=e1GFP2zs; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="e1GFP2zs"
Received: by mail-pf1-f202.google.com with SMTP id
 d2e1a72fcca58-71e00c8adf9so2583083b3a.1
        for <linux-kernel@vger.kernel.org>;
 Fri, 11 Oct 2024 14:44:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683063; x=1729287863;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=7BzS7UcNh/RHQXZP7p5KB3mv/Z/fAaS/j1ugPEdV3OM=;
        b=e1GFP2zs+OF3N2lrWLB4XE468pn3R9m/dMTsdIDZtFHvWT/Bfoq1+PxTXnB9vT1lEa
         NVryKd+sdIYjs6QGGEnG1aMX8K+vGfKHPSs1izweNonB8RzPO0q605OPngCEMehDUu14
         C7w6pAm5P0KJstL3kFFLC6YpPJmVaSTvspcN9WI53ITdD10Yw7lgnE7yJb5oITeGoZ+C
         FTaSvowdQP6LaqS9UFzwM9YO0/VRPzyLIOIPraHecnZgW36c+4xh53iuo3zJyniyIMPs
         W4GB7nrTCNnkEwe2p1ZGETlkz820hZeoK1VEiMaF79v7nx3tH/6+JlR2UTXX7qNz9Hba
         Zb5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683063; x=1729287863;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=7BzS7UcNh/RHQXZP7p5KB3mv/Z/fAaS/j1ugPEdV3OM=;
        b=FZ5+zRoAyH7GiFUp93xAhbANHMgR6SxIqD8hN+os1UPtSXinPBmbHMGkcbvh8uAFYo
         EiyVR0rSxQM3ueS8xxQ2MAIYZgOt7gE4/89wE6XtenMevuCVdpObmjmvf9mHF/98RltU
         iH3f433GxmVpufuQE+66nuNpbCvNQKCT6UmNL3Qs/Rdy20RCSfD+sZG+FyRD+BnSpJno
         icrluHgoURNPjbWWjSyR4RT4TK+5Y8ixZR9GJ2tL+PC5lxMUWaxEZfDA5EUVAWAsJt8c
         U8kVv4ZZ/lgenimNmtn7DEADvDUpxbA5vYi7PxtuE5qQ3vJViNukmm5IsNkW53CrA703
         i7Wg==
X-Forwarded-Encrypted: i=1;
 AJvYcCUcfQl7/R+7HVzexqBfEJvaDyOLJ9kHY9FmiQTEevB8Vy9yuoFKkrf0sYOn6pZClxJjQnAmOe2xdU61Hyw=@vger.kernel.org
X-Gm-Message-State: AOJu0YxpaAt9GjEx7DmB0hisFs0G0lJZR9QqN7A1sfWdRPFVdC4ZMEN2
	D8Bhk/3GlsHYdn4yvFRjaNTV0S4K0S9Yko5jlOXnJ2fP0WhCqZHuilpHC/NEiTa+S0MpwJMTQXu
	8rTlLEW6oFw==
X-Google-Smtp-Source: 
 AGHT+IHiuMA0lbrxoSV6pFu0qHQjNnerRePAfG3XsNaL0Dp4l+zOxesosad5IkpAuo20QGe5tFe367ODjHjpUw==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a05:6a00:91c1:b0:71d:fe0f:c875 with SMTP
 id d2e1a72fcca58-71e3810af0cmr7016b3a.6.1728683063059; Fri, 11 Oct 2024
 14:44:23 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:52 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-4-jmattson@google.com>
Subject: [PATCH v5 3/4] KVM: x86: Advertise AMD_IBPB_RET to userspace
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>, Tom Lendacky <thomas.lendacky@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

This is an inherent feature of IA32_PRED_CMD[0], so it is trivially
virtualizable (as long as IA32_PRED_CMD[0] is virtualized).

Suggested-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
---
 arch/x86/kvm/cpuid.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 41786b834b16..53112669be00 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -755,7 +755,7 @@ void kvm_set_cpu_caps(void)
 		F(CLZERO) | F(XSAVEERPTR) |
 		F(WBNOINVD) | F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) |
 		F(AMD_SSB_NO) | F(AMD_STIBP) | F(AMD_STIBP_ALWAYS_ON) |
-		F(AMD_PSFD)
+		F(AMD_PSFD) | F(AMD_IBPB_RET)
 	);
=20
 	/*
--=20
2.47.0.rc1.288.g06298d1525-goog
From nobody Wed Nov 27 07:49:18 2024
Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com
 [209.85.214.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 585A61D1E72
	for <linux-kernel@vger.kernel.org>; Fri, 11 Oct 2024 21:44:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.214.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1728683068; cv=none;
 b=RyEpNYI5Q5P3CQgGqA+gYRmeJcgM2XO2RGVSbMGT7fo2GmgKr5vjUkfToMZe8CguXeNzQwTUVqDf2xWP20cD2MFezQ7FdEFmdqDBGfJDJmG5Qp5ECpKNv/IYO4nvH63jUyvTxDKq4Yos5kGNlumQXmMs5aI4fXw4OrTeFIz0rKk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1728683068; c=relaxed/simple;
	bh=g84dQRvOkmfkJ9fMKPkg7yFI/j/iidv6fqlkrGBROj4=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type;
 b=RljwdCtVNo9NPvNRHHS6ozYH+i/dhMQRpm+nCncv3ycp6O0U8MgfL2LDMlRHEbYpiYR2Hs/PwKavdjJyhiz+dW9Z9cLf/ehbl0u0MdSr5tmTqKrg5ozWE4mGjcHgjqDf4uGYci2/3qs7BPTeYNFytaVpoi9L76ewMYeEtTDjVWE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=CAHDqFPy; arc=none smtp.client-ip=209.85.214.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--jmattson.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="CAHDqFPy"
Received: by mail-pl1-f202.google.com with SMTP id
 d9443c01a7336-20c45296b3fso25324005ad.0
        for <linux-kernel@vger.kernel.org>;
 Fri, 11 Oct 2024 14:44:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1728683067; x=1729287867;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=mwpmJGxchn7b8cfCM3dVFdqHT3Yg0RQpXo/tMqXMwnM=;
        b=CAHDqFPyfnlGQBhQS99n4GaK1uNc1jSSam2QwtQ6bJCY4XMxe1wPmnpgYgJ7Q3rG08
         FFD2lujeiE590dSOMhA8RpLRSsKW2ez5Bu9lO/B9ZiNz2rnWAuX3jKpk3rxDtsp4fsUk
         8biJ7ZRbSwqZbhKzILPQ206Z/0U3/DxOdzRXRwkXTuurkUEAoZBr5o1ij+W8g115HQzB
         AKKeHei7yW2oKVWP1oyQ19heofnjKDiS1pxx3HtDMvAwXUz5KjDg6vBaPSEq04ryUxRA
         pANdPMbLLtp3LSLnXawocvZyRx49V7azSJHJbzl3vHIUSJbuyGg4RTFQ3UDx6Szz1S03
         XZog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728683067; x=1729287867;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=mwpmJGxchn7b8cfCM3dVFdqHT3Yg0RQpXo/tMqXMwnM=;
        b=kWjKpnZZODNKv+iJ+bQu7+5ckzc91aYT624mzXnxOGKdmnyxsDN6LyOo8DuVhl4407
         FPcrBy+Pcz1aCC9X4/54kR+I80Vh2YYD1MNLcFV756J/9SqNV6khw8Jm1QtJfhF5aKGE
         NK8OyatxyMkhDYSRuopoPW5J8fwNqs2XniOn/m+s9OhbLEa10+maEVUB8Mu2h9GgFUaE
         OiryXwudBttIEYBceszvxWBuQOhFCgFraLNUzVzhkcyWjpq7bunQPVI8nUvstlq1JuNE
         NCia7x5q0iqxCnRitlbezONTRA/txRhUm3aAi/aJi6atw10esUvrkomhDmdZHzuD3smw
         MSfA==
X-Forwarded-Encrypted: i=1;
 AJvYcCV9K/Ex32pgNq4Nmnc55+u222EFZXAIy6PbAnqkfhQI3AQuSUOrTaQ6qb+I5Anzj+tNPVCLReQCIAq+KHQ=@vger.kernel.org
X-Gm-Message-State: AOJu0YyA2zc0FjQYWgoyxmcPJhQ0Mt0hSvKFXQ67/ANHTo6rTn6eioLm
	10MBvx2g2MkWxysk0b6/FydjSHVyLw9lAzJ5j7MkM6MB1rRzBFE7RxW77yN6AUeXl6HscwF3DLW
	PSUUCF6dfkg==
X-Google-Smtp-Source: 
 AGHT+IE/S6/IuBocPgmULf1WfcyR70lEh9UP0uUwh2OMsuj8NvlIvRc19XBB4ypneCTpUWYMlwcLmYYG+mlRqQ==
X-Received: from loggerhead.c.googlers.com
 ([fda3:e722:ac3:cc00:f3:525d:ac13:60e1])
 (user=jmattson job=sendgmr) by 2002:a17:902:fb44:b0:205:656a:efe8 with SMTP
 id d9443c01a7336-20ca16d0d07mr234905ad.8.1728683066408; Fri, 11 Oct 2024
 14:44:26 -0700 (PDT)
Date: Fri, 11 Oct 2024 14:43:53 -0700
In-Reply-To: <20241011214353.1625057-1-jmattson@google.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <20241011214353.1625057-1-jmattson@google.com>
X-Mailer: git-send-email 2.47.0.rc1.288.g06298d1525-goog
Message-ID: <20241011214353.1625057-5-jmattson@google.com>
Subject: [PATCH v5 4/4] KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB
From: Jim Mattson <jmattson@google.com>
To: kvm@vger.kernel.org
Cc: bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com,
	jpoimboe@kernel.org, kai.huang@intel.com, linux-kernel@vger.kernel.org,
	mingo@redhat.com, pawan.kumar.gupta@linux.intel.com, pbonzini@redhat.com,
	sandipan.das@amd.com, seanjc@google.com, tglx@linutronix.de, x86@kernel.org,
	Jim Mattson <jmattson@google.com>,
 Venkatesh Srinivas <venkateshs@chromium.org>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

From Intel's documention [1], "CPUID.(EAX=3D07H,ECX=3D0):EDX[26]
enumerates support for indirect branch restricted speculation (IBRS)
and the indirect branch predictor barrier (IBPB)." Further, from [2],
"Software that executed before the IBPB command cannot control the
predicted targets of indirect branches (4) executed after the command
on the same logical processor," where footnote 4 reads, "Note that
indirect branches include near call indirect, near jump indirect and
near return instructions. Because it includes near returns, it follows
that **RSB entries created before an IBPB command cannot control the
predicted targets of returns executed after the command on the same
logical processor.**" [emphasis mine]

On the other hand, AMD's IBPB "may not prevent return branch
predictions from being specified by pre-IBPB branch targets" [3].

However, some AMD processors have an "enhanced IBPB" [terminology
mine] which does clear the return address predictor. This feature is
enumerated by CPUID.80000008:EDX.IBPB_RET[bit 30] [4].

Adjust the cross-vendor features enumerated by KVM_GET_SUPPORTED_CPUID
accordingly.

[1] https://www.intel.com/content/www/us/en/developer/articles/technical/so=
ftware-security-guidance/technical-documentation/cpuid-enumeration-and-arch=
itectural-msrs.html
[2] https://www.intel.com/content/www/us/en/developer/articles/technical/so=
ftware-security-guidance/technical-documentation/speculative-execution-side=
-channel-mitigations.html#Footnotes
[3] https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1040.=
html
[4] https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/pr=
ogrammer-references/24594.pdf

Fixes: 0c54914d0c52 ("KVM: x86: use Intel speculation bugs and features as =
derived in generic x86 code")
Suggested-by: Venkatesh Srinivas <venkateshs@chromium.org>
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/kvm/cpuid.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 53112669be00..d695e7bc41ed 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -690,7 +690,9 @@ void kvm_set_cpu_caps(void)
 	kvm_cpu_cap_set(X86_FEATURE_TSC_ADJUST);
 	kvm_cpu_cap_set(X86_FEATURE_ARCH_CAPABILITIES);
=20
-	if (boot_cpu_has(X86_FEATURE_IBPB) && boot_cpu_has(X86_FEATURE_IBRS))
+	if (boot_cpu_has(X86_FEATURE_AMD_IBPB_RET) &&
+	    boot_cpu_has(X86_FEATURE_AMD_IBPB) &&
+	    boot_cpu_has(X86_FEATURE_AMD_IBRS))
 		kvm_cpu_cap_set(X86_FEATURE_SPEC_CTRL);
 	if (boot_cpu_has(X86_FEATURE_STIBP))
 		kvm_cpu_cap_set(X86_FEATURE_INTEL_STIBP);
@@ -763,8 +765,12 @@ void kvm_set_cpu_caps(void)
 	 * arch/x86/kernel/cpu/bugs.c is kind enough to
 	 * record that in cpufeatures so use them.
 	 */
-	if (boot_cpu_has(X86_FEATURE_IBPB))
+	if (boot_cpu_has(X86_FEATURE_IBPB)) {
 		kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB);
+		if (boot_cpu_has(X86_FEATURE_SPEC_CTRL) &&
+		    !boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB))
+			kvm_cpu_cap_set(X86_FEATURE_AMD_IBPB_RET);
+	}
 	if (boot_cpu_has(X86_FEATURE_IBRS))
 		kvm_cpu_cap_set(X86_FEATURE_AMD_IBRS);
 	if (boot_cpu_has(X86_FEATURE_STIBP))
--=20
2.47.0.rc1.288.g06298d1525-goog