Convert the MMIO Stale Data mitigation flag from a static branch into an
X86_FEATURE_xxx so that it can be used via ALTERNATIVE_2 in KVM.
No functional change intended.
Signed-off-by: Sean Christopherson <seanjc@google.com>
---
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/nospec-branch.h | 2 --
arch/x86/kernel/cpu/bugs.c | 11 +----------
arch/x86/kvm/mmu/spte.c | 2 +-
arch/x86/kvm/vmx/vmx.c | 4 ++--
5 files changed, 5 insertions(+), 15 deletions(-)
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 7129eb44adad..d1d7b5ec6425 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -501,6 +501,7 @@
#define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */
#define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */
#define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */
+#define X86_FEATURE_CLEAR_CPU_BUF_MMIO (21*32+18) /* Clear CPU buffers using VERW before VMRUN, iff the vCPU can access host MMIO*/
/*
* BUG word(s)
diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h
index 923ae21cbef1..b29df45b1edb 100644
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -579,8 +579,6 @@ DECLARE_STATIC_KEY_FALSE(cpu_buf_idle_clear);
DECLARE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush);
-DECLARE_STATIC_KEY_FALSE(cpu_buf_vm_clear);
-
extern u16 x86_verw_sel;
#include <asm/segment.h>
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 723666a1357e..9acf6343b0ac 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -192,14 +192,6 @@ EXPORT_SYMBOL_GPL(cpu_buf_idle_clear);
*/
DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush);
-/*
- * Controls CPU Fill buffer clear before VMenter. This is a subset of
- * X86_FEATURE_CLEAR_CPU_BUF_VM, and should only be enabled when KVM-only
- * mitigation is required.
- */
-DEFINE_STATIC_KEY_FALSE(cpu_buf_vm_clear);
-EXPORT_SYMBOL_GPL(cpu_buf_vm_clear);
-
#undef pr_fmt
#define pr_fmt(fmt) "mitigations: " fmt
@@ -751,9 +743,8 @@ static void __init mmio_apply_mitigation(void)
if (verw_clear_cpu_buf_mitigation_selected) {
setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF);
setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF_VM);
- static_branch_disable(&cpu_buf_vm_clear);
} else {
- static_branch_enable(&cpu_buf_vm_clear);
+ setup_force_cpu_cap(X86_FEATURE_CLEAR_CPU_BUF_MMIO);
}
/*
diff --git a/arch/x86/kvm/mmu/spte.c b/arch/x86/kvm/mmu/spte.c
index 37647afde7d3..c43dd153d868 100644
--- a/arch/x86/kvm/mmu/spte.c
+++ b/arch/x86/kvm/mmu/spte.c
@@ -292,7 +292,7 @@ bool make_spte(struct kvm_vcpu *vcpu, struct kvm_mmu_page *sp,
mark_page_dirty_in_slot(vcpu->kvm, slot, gfn);
}
- if (static_branch_unlikely(&cpu_buf_vm_clear) &&
+ if (cpu_feature_enabled(X86_FEATURE_CLEAR_CPU_BUF_MMIO) &&
!kvm_vcpu_can_access_host_mmio(vcpu) &&
kvm_is_mmio_pfn(pfn, &is_host_mmio))
kvm_track_host_mmio_mapping(vcpu);
diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
index 1021d3b65ea0..68cde725d1c7 100644
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -903,7 +903,7 @@ unsigned int __vmx_vcpu_run_flags(struct vcpu_vmx *vmx)
if (!msr_write_intercepted(vmx, MSR_IA32_SPEC_CTRL))
flags |= VMX_RUN_SAVE_SPEC_CTRL;
- if (static_branch_unlikely(&cpu_buf_vm_clear) &&
+ if (cpu_feature_enabled(X86_FEATURE_CLEAR_CPU_BUF_MMIO) &&
kvm_vcpu_can_access_host_mmio(&vmx->vcpu))
flags |= VMX_RUN_CLEAR_CPU_BUFFERS_FOR_MMIO;
@@ -7351,7 +7351,7 @@ static noinstr void vmx_vcpu_enter_exit(struct kvm_vcpu *vcpu,
*/
if (static_branch_unlikely(&vmx_l1d_should_flush))
vmx_l1d_flush(vcpu);
- else if (static_branch_unlikely(&cpu_buf_vm_clear) &&
+ else if (cpu_feature_enabled(X86_FEATURE_CLEAR_CPU_BUF_MMIO) &&
(flags & VMX_RUN_CLEAR_CPU_BUFFERS_FOR_MMIO))
x86_clear_cpu_buffers();
--
2.51.1.930.gacf6e81ea2-googOn Thu, Oct 30, 2025 at 05:30:35PM -0700, Sean Christopherson wrote:
> Subject: Re: [PATCH v4 3/8] x86/bugs: Use an X86_FEATURE_xxx flag for the MMIO Stale Data mitigation
I'm guessing that "xxx" would turn into the proper name after we're done
bikeshedding.
> Convert the MMIO Stale Data mitigation flag from a static branch into an
> X86_FEATURE_xxx so that it can be used via ALTERNATIVE_2 in KVM.
>
> No functional change intended.
>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/include/asm/nospec-branch.h | 2 --
> arch/x86/kernel/cpu/bugs.c | 11 +----------
> arch/x86/kvm/mmu/spte.c | 2 +-
> arch/x86/kvm/vmx/vmx.c | 4 ++--
> 5 files changed, 5 insertions(+), 15 deletions(-)
>
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 7129eb44adad..d1d7b5ec6425 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -501,6 +501,7 @@
> #define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */
> #define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */
> #define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */
> +#define X86_FEATURE_CLEAR_CPU_BUF_MMIO (21*32+18) /* Clear CPU buffers using VERW before VMRUN, iff the vCPU can access host MMIO*/
^^^^^^^
Yes, you can break the line and format it properly. :-)
Also, this should be called then
X86_FEATURE_CLEAR_CPU_BUF_VM_MMIO
as it is a VM-thing too.
Also, in my tree pile I have for bit 17
#define X86_FEATURE_SGX_EUPDATESVN (21*32+17) /* Support for ENCLS[EUPDATESVN] instruction */
I see you have X86_FEATURE_X2AVIC_EXT there so we need to pay attention during
the merge window.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
On Wed, Nov 12, 2025 at 03:46:55PM +0100, Borislav Petkov wrote: > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > > index 7129eb44adad..d1d7b5ec6425 100644 > > --- a/arch/x86/include/asm/cpufeatures.h > > +++ b/arch/x86/include/asm/cpufeatures.h > > @@ -501,6 +501,7 @@ > > #define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */ > > #define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */ > > #define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */ > > +#define X86_FEATURE_CLEAR_CPU_BUF_MMIO (21*32+18) /* Clear CPU buffers using VERW before VMRUN, iff the vCPU can access host MMIO*/ > ^^^^^^^ > > Yes, you can break the line and format it properly. :-) > > Also, this should be called then > > X86_FEATURE_CLEAR_CPU_BUF_VM_MMIO > > as it is a VM-thing too. +1. This is a VM-only flag.
On Thu, Oct 30, 2025 at 05:30:35PM -0700, Sean Christopherson wrote: > Convert the MMIO Stale Data mitigation flag from a static branch into an > X86_FEATURE_xxx so that it can be used via ALTERNATIVE_2 in KVM. > > No functional change intended. > > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/nospec-branch.h | 2 -- > arch/x86/kernel/cpu/bugs.c | 11 +---------- > arch/x86/kvm/mmu/spte.c | 2 +- > arch/x86/kvm/vmx/vmx.c | 4 ++-- > 5 files changed, 5 insertions(+), 15 deletions(-) > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 7129eb44adad..d1d7b5ec6425 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -501,6 +501,7 @@ > #define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */ > #define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */ > #define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */ > +#define X86_FEATURE_CLEAR_CPU_BUF_MMIO (21*32+18) /* Clear CPU buffers using VERW before VMRUN, iff the vCPU can access host MMIO*/ Some bikeshedding from my side too: s/iff/if/ Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
On Fri, Oct 31, 2025, Pawan Gupta wrote: > On Thu, Oct 30, 2025 at 05:30:35PM -0700, Sean Christopherson wrote: > > Convert the MMIO Stale Data mitigation flag from a static branch into an > > X86_FEATURE_xxx so that it can be used via ALTERNATIVE_2 in KVM. > > > > No functional change intended. > > > > Signed-off-by: Sean Christopherson <seanjc@google.com> > > --- > > arch/x86/include/asm/cpufeatures.h | 1 + > > arch/x86/include/asm/nospec-branch.h | 2 -- > > arch/x86/kernel/cpu/bugs.c | 11 +---------- > > arch/x86/kvm/mmu/spte.c | 2 +- > > arch/x86/kvm/vmx/vmx.c | 4 ++-- > > 5 files changed, 5 insertions(+), 15 deletions(-) > > > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > > index 7129eb44adad..d1d7b5ec6425 100644 > > --- a/arch/x86/include/asm/cpufeatures.h > > +++ b/arch/x86/include/asm/cpufeatures.h > > @@ -501,6 +501,7 @@ > > #define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */ > > #define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */ > > #define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */ > > +#define X86_FEATURE_CLEAR_CPU_BUF_MMIO (21*32+18) /* Clear CPU buffers using VERW before VMRUN, iff the vCPU can access host MMIO*/ > > Some bikeshedding from my side too: > s/iff/if/ Heh, that's actually intentional. "iff" is shorthand for "if and only if". But this isn't the first time my use of "iff" has confused people, so I've no objection to switching to "if".
On Fri, Oct 31, 2025 at 03:37:34PM -0700, Sean Christopherson wrote: > On Fri, Oct 31, 2025, Pawan Gupta wrote: > > On Thu, Oct 30, 2025 at 05:30:35PM -0700, Sean Christopherson wrote: > > > Convert the MMIO Stale Data mitigation flag from a static branch into an > > > X86_FEATURE_xxx so that it can be used via ALTERNATIVE_2 in KVM. > > > > > > No functional change intended. > > > > > > Signed-off-by: Sean Christopherson <seanjc@google.com> > > > --- > > > arch/x86/include/asm/cpufeatures.h | 1 + > > > arch/x86/include/asm/nospec-branch.h | 2 -- > > > arch/x86/kernel/cpu/bugs.c | 11 +---------- > > > arch/x86/kvm/mmu/spte.c | 2 +- > > > arch/x86/kvm/vmx/vmx.c | 4 ++-- > > > 5 files changed, 5 insertions(+), 15 deletions(-) > > > > > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > > > index 7129eb44adad..d1d7b5ec6425 100644 > > > --- a/arch/x86/include/asm/cpufeatures.h > > > +++ b/arch/x86/include/asm/cpufeatures.h > > > @@ -501,6 +501,7 @@ > > > #define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */ > > > #define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */ > > > #define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */ > > > +#define X86_FEATURE_CLEAR_CPU_BUF_MMIO (21*32+18) /* Clear CPU buffers using VERW before VMRUN, iff the vCPU can access host MMIO*/ > > > > Some bikeshedding from my side too: > > s/iff/if/ > > Heh, that's actually intentional. "iff" is shorthand for "if and only if". But > this isn't the first time my use of "iff" has confused people, so I've no objection > to switching to "if". I did a quick search, there are about ~500 instances of "iff" in the kernel. So, it's a common abbreviation that I learnt today. It is fine to keep it as is.
On Fri Oct 31, 2025 at 12:30 AM UTC, Sean Christopherson wrote: > Convert the MMIO Stale Data mitigation flag from a static branch into an > X86_FEATURE_xxx so that it can be used via ALTERNATIVE_2 in KVM. > > No functional change intended. > > Signed-off-by: Sean Christopherson <seanjc@google.com> > --- > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/nospec-branch.h | 2 -- > arch/x86/kernel/cpu/bugs.c | 11 +---------- > arch/x86/kvm/mmu/spte.c | 2 +- > arch/x86/kvm/vmx/vmx.c | 4 ++-- > 5 files changed, 5 insertions(+), 15 deletions(-) > > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 7129eb44adad..d1d7b5ec6425 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -501,6 +501,7 @@ > #define X86_FEATURE_ABMC (21*32+15) /* Assignable Bandwidth Monitoring Counters */ > #define X86_FEATURE_MSR_IMM (21*32+16) /* MSR immediate form instructions */ > #define X86_FEATURE_X2AVIC_EXT (21*32+17) /* AMD SVM x2AVIC support for 4k vCPUs */ > +#define X86_FEATURE_CLEAR_CPU_BUF_MMIO (21*32+18) /* Clear CPU buffers using VERW before VMRUN, iff the vCPU can access host MMIO*/ > > /* > * BUG word(s) > diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h > index 923ae21cbef1..b29df45b1edb 100644 > --- a/arch/x86/include/asm/nospec-branch.h > +++ b/arch/x86/include/asm/nospec-branch.h > @@ -579,8 +579,6 @@ DECLARE_STATIC_KEY_FALSE(cpu_buf_idle_clear); > > DECLARE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush); > > -DECLARE_STATIC_KEY_FALSE(cpu_buf_vm_clear); > - > extern u16 x86_verw_sel; > > #include <asm/segment.h> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 723666a1357e..9acf6343b0ac 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -192,14 +192,6 @@ EXPORT_SYMBOL_GPL(cpu_buf_idle_clear); > */ > DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush); > > -/* > - * Controls CPU Fill buffer clear before VMenter. This is a subset of > - * X86_FEATURE_CLEAR_CPU_BUF_VM, and should only be enabled when KVM-only > - * mitigation is required. > - */ This comment wasn't super clear IMO but now that we're losing it, maybe we can replace it with a WARN_ON() at the end of cpu_apply_mitigations() or something (maybe it belongs in VMX code)? To make it more obvious that X86_FEATURE_CLEAR_CPU_BUF_VM and X86_FEATURE_CLEAR_CPU_BUF_MMIO are mutually exclusive. Other than the continued bikeshedding, Reviewed-by: Brendan Jackman <jackmanb@google.com>
On Fri, Oct 31, 2025, Brendan Jackman wrote: > On Fri Oct 31, 2025 at 12:30 AM UTC, Sean Christopherson wrote: > > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > > index 723666a1357e..9acf6343b0ac 100644 > > --- a/arch/x86/kernel/cpu/bugs.c > > +++ b/arch/x86/kernel/cpu/bugs.c > > @@ -192,14 +192,6 @@ EXPORT_SYMBOL_GPL(cpu_buf_idle_clear); > > */ > > DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush); > > > > -/* > > - * Controls CPU Fill buffer clear before VMenter. This is a subset of > > - * X86_FEATURE_CLEAR_CPU_BUF_VM, and should only be enabled when KVM-only > > - * mitigation is required. > > - */ > > This comment wasn't super clear IMO but now that we're losing it, maybe > we can replace it with a WARN_ON() at the end of > cpu_apply_mitigations() or something (maybe it belongs in VMX code)? To > make it more obvious that X86_FEATURE_CLEAR_CPU_BUF_VM and > X86_FEATURE_CLEAR_CPU_BUF_MMIO are mutually exclusive. No objection from me if we want strong guarantees that CLEAR_CPU_BUF_VM and CLEAR_CPU_BUF_MMIO are mutually exclusive. Though I do think the KVM side of things (and the kernel in general) should be paranoid and not lean _too_ hard on such assumptions.
On Fri Oct 31, 2025 at 9:47 PM UTC, Sean Christopherson wrote: > On Fri, Oct 31, 2025, Brendan Jackman wrote: >> On Fri Oct 31, 2025 at 12:30 AM UTC, Sean Christopherson wrote: >> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c >> > index 723666a1357e..9acf6343b0ac 100644 >> > --- a/arch/x86/kernel/cpu/bugs.c >> > +++ b/arch/x86/kernel/cpu/bugs.c >> > @@ -192,14 +192,6 @@ EXPORT_SYMBOL_GPL(cpu_buf_idle_clear); >> > */ >> > DEFINE_STATIC_KEY_FALSE(switch_mm_cond_l1d_flush); >> > >> > -/* >> > - * Controls CPU Fill buffer clear before VMenter. This is a subset of >> > - * X86_FEATURE_CLEAR_CPU_BUF_VM, and should only be enabled when KVM-only >> > - * mitigation is required. >> > - */ >> >> This comment wasn't super clear IMO but now that we're losing it, maybe >> we can replace it with a WARN_ON() at the end of >> cpu_apply_mitigations() or something (maybe it belongs in VMX code)? To >> make it more obvious that X86_FEATURE_CLEAR_CPU_BUF_VM and >> X86_FEATURE_CLEAR_CPU_BUF_MMIO are mutually exclusive. > > No objection from me if we want strong guarantees that CLEAR_CPU_BUF_VM and > CLEAR_CPU_BUF_MMIO are mutually exclusive. Though I do think the KVM side of > things (and the kernel in general) should be paranoid and not lean _too_ hard > on such assumptions. Ah, after finishing the review I realised these are _not_ actually mutually exclusive in terms of the implementation. So asserting here that they are mutually exclusive would just be confusing, rather than helfpul, IMO.
© 2016 - 2026 Red Hat, Inc.