arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/svm/nested.c | 2 ++ arch/x86/kvm/vmx/nested.c | 11 +---------- arch/x86/kvm/x86.h | 18 ++++++++++++++++++ tools/arch/x86/include/asm/cpufeatures.h | 1 + 6 files changed, 24 insertions(+), 10 deletions(-)
To properly virtualize IBRS on Intel, an IBPB is executed on emulated VM-exits to provide separate predictor modes for L1 and L2. Similar handling is theoretically needed for AMD, unless IbrsSameMode is enumerated by the CPU (which should be the case for most/all CPUs anyway). For correctness and clarity, this series generalizes the handling to apply for both Intel and AMD as needed. I am not sure if this series would land through the kvm-x86 tree or the tip/x86 tree. Yosry Ahmed (3): x86/cpufeatures: Define X86_FEATURE_AMD_IBRS_SAME_MODE KVM: x86: Propagate AMD's IbrsSameMode to the guest KVM: x86: Generalize IBRS virtualization on emulated VM-exit arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/kvm/cpuid.c | 1 + arch/x86/kvm/svm/nested.c | 2 ++ arch/x86/kvm/vmx/nested.c | 11 +---------- arch/x86/kvm/x86.h | 18 ++++++++++++++++++ tools/arch/x86/include/asm/cpufeatures.h | 1 + 6 files changed, 24 insertions(+), 10 deletions(-) -- 2.48.1.601.g30ceb7b040-goog
On Fri, 21 Feb 2025 16:33:49 +0000, Yosry Ahmed wrote:
> To properly virtualize IBRS on Intel, an IBPB is executed on emulated
> VM-exits to provide separate predictor modes for L1 and L2.
>
> Similar handling is theoretically needed for AMD, unless IbrsSameMode is
> enumerated by the CPU (which should be the case for most/all CPUs
> anyway). For correctness and clarity, this series generalizes the
> handling to apply for both Intel and AMD as needed.
>
> [...]
Applied to kvm-x86 misc, thanks!
[1/3] x86/cpufeatures: Define X86_FEATURE_AMD_IBRS_SAME_MODE
commit: 9a7cb00a8ff7380a09fa75287a3f2642c472d562
[2/3] KVM: x86: Propagate AMD's IbrsSameMode to the guest
commit: 65ca2872015c232d6743b497e3c08ff96596b917
[3/3] KVM: x86: Generalize IBRS virtualization on emulated VM-exit
commit: 656d9624bd21d35499eaa5ee97fda6def62901c8
--
https://github.com/kvm-x86/linux/tree/next
On Fri, Feb 21, 2025 at 04:33:49PM +0000, Yosry Ahmed wrote: > To properly virtualize IBRS on Intel, an IBPB is executed on emulated > VM-exits to provide separate predictor modes for L1 and L2. > > Similar handling is theoretically needed for AMD, unless IbrsSameMode is > enumerated by the CPU (which should be the case for most/all CPUs > anyway). For correctness and clarity, this series generalizes the > handling to apply for both Intel and AMD as needed. > > I am not sure if this series would land through the kvm-x86 tree or the > tip/x86 tree. Sean, any thoughts about this (or general feedback about this series)? > > Yosry Ahmed (3): > x86/cpufeatures: Define X86_FEATURE_AMD_IBRS_SAME_MODE > KVM: x86: Propagate AMD's IbrsSameMode to the guest > KVM: x86: Generalize IBRS virtualization on emulated VM-exit > > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/kvm/cpuid.c | 1 + > arch/x86/kvm/svm/nested.c | 2 ++ > arch/x86/kvm/vmx/nested.c | 11 +---------- > arch/x86/kvm/x86.h | 18 ++++++++++++++++++ > tools/arch/x86/include/asm/cpufeatures.h | 1 + > 6 files changed, 24 insertions(+), 10 deletions(-) > > -- > 2.48.1.601.g30ceb7b040-goog >
On Thu, Mar 13, 2025, Yosry Ahmed wrote: > On Fri, Feb 21, 2025 at 04:33:49PM +0000, Yosry Ahmed wrote: > > To properly virtualize IBRS on Intel, an IBPB is executed on emulated > > VM-exits to provide separate predictor modes for L1 and L2. > > > > Similar handling is theoretically needed for AMD, unless IbrsSameMode is > > enumerated by the CPU (which should be the case for most/all CPUs > > anyway). For correctness and clarity, this series generalizes the > > handling to apply for both Intel and AMD as needed. > > > > I am not sure if this series would land through the kvm-x86 tree or the > > tip/x86 tree. > > Sean, any thoughts about this (or general feedback about this series)? No feedback, I just you and Jim to get mitigation stuff right far more than I trust myself :-) I'm planning on grabbing this for 6.16.
On Wed, Mar 26, 2025 at 12:48:53PM -0700, Sean Christopherson wrote: > On Thu, Mar 13, 2025, Yosry Ahmed wrote: > > On Fri, Feb 21, 2025 at 04:33:49PM +0000, Yosry Ahmed wrote: > > > To properly virtualize IBRS on Intel, an IBPB is executed on emulated > > > VM-exits to provide separate predictor modes for L1 and L2. > > > > > > Similar handling is theoretically needed for AMD, unless IbrsSameMode is > > > enumerated by the CPU (which should be the case for most/all CPUs > > > anyway). For correctness and clarity, this series generalizes the > > > handling to apply for both Intel and AMD as needed. > > > > > > I am not sure if this series would land through the kvm-x86 tree or the > > > tip/x86 tree. > > > > Sean, any thoughts about this (or general feedback about this series)? > > No feedback, I just you and Jim to get mitigation stuff right far more than I > trust myself :-) > > I'm planning on grabbing this for 6.16. Awesome, thanks!
© 2016 - 2025 Red Hat, Inc.