This ensures that all mitigation modes are explicitly handled, while
keeping the mitigation selection for each mode together. This also prepares
for adding BHB-clearing mitigation mode for VMSCAPE.

Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
 arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 1e9b11198db0fe2483bd17b1327bcfd44a2c1dbf..233594ede19bf971c999f4d3cc0f6f213002c16c 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -3231,17 +3231,31 @@ early_param("vmscape", vmscape_parse_cmdline);
 
 static void __init vmscape_select_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
-	    !boot_cpu_has(X86_FEATURE_IBPB)) {
+	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE)) {
 		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
 		return;
 	}
 
-	if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) {
-		if (should_mitigate_vuln(X86_BUG_VMSCAPE))
+	if ((vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) &&
+	    !should_mitigate_vuln(X86_BUG_VMSCAPE))
+		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
+
+	switch (vmscape_mitigation) {
+	case VMSCAPE_MITIGATION_NONE:
+		break;
+
+	case VMSCAPE_MITIGATION_IBPB_ON_VMEXIT:
+	case VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER:
+		if (!boot_cpu_has(X86_FEATURE_IBPB))
+			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
+		break;
+
+	case VMSCAPE_MITIGATION_AUTO:
+		if (boot_cpu_has(X86_FEATURE_IBPB))
 			vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
 		else
 			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
+		break;
 	}
 }
 

-- 
2.34.1

On 11/20/25 08:19, Pawan Gupta wrote:
> This ensures that all mitigation modes are explicitly handled, while
> keeping the mitigation selection for each mode together. This also prepares
> for adding BHB-clearing mitigation mode for VMSCAPE.
> 
> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> ---
>   arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
>   1 file changed, 18 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 1e9b11198db0fe2483bd17b1327bcfd44a2c1dbf..233594ede19bf971c999f4d3cc0f6f213002c16c 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -3231,17 +3231,31 @@ early_param("vmscape", vmscape_parse_cmdline);
>   
>   static void __init vmscape_select_mitigation(void)
>   {
> -	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
> -	    !boot_cpu_has(X86_FEATURE_IBPB)) {
> +	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE)) {
>   		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
>   		return;
>   	}
>   
> -	if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) {
> -		if (should_mitigate_vuln(X86_BUG_VMSCAPE))
> +	if ((vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) &&
> +	    !should_mitigate_vuln(X86_BUG_VMSCAPE))
> +		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
> +
> +	switch (vmscape_mitigation) {
> +	case VMSCAPE_MITIGATION_NONE:
> +		break;
> +
> +	case VMSCAPE_MITIGATION_IBPB_ON_VMEXIT:
> +	case VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER:
> +		if (!boot_cpu_has(X86_FEATURE_IBPB))
> +			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
> +		break;
> +
> +	case VMSCAPE_MITIGATION_AUTO:
> +		if (boot_cpu_has(X86_FEATURE_IBPB))
>   			vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;


IMO this patch is a net-negative because as per my reply to patch 9 you 
have effectively a dead branch:

The clear BHB_CLEAR_USER one, however it turns out you have yet another 
one: VMSCAPE_MITIGATION_IBPB_ON_VMEXIT as it's only ever set in 
vmscape_update_mitigation() which executes after '_select()' as well and 
additionally you duplicate the FEATURE_IBPB check.

So I think either dropping it or removing the superfluous branches is in 
order.

>   		else
>   			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
> +		break;
>   	}
>   }
>   
>

On Fri, Nov 21, 2025 at 04:27:05PM +0200, Nikolay Borisov wrote:
> 
> 
> On 11/20/25 08:19, Pawan Gupta wrote:
> > This ensures that all mitigation modes are explicitly handled, while
> > keeping the mitigation selection for each mode together. This also prepares
> > for adding BHB-clearing mitigation mode for VMSCAPE.
> > 
> > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> > ---
> >   arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
> >   1 file changed, 18 insertions(+), 4 deletions(-)
> > 
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 1e9b11198db0fe2483bd17b1327bcfd44a2c1dbf..233594ede19bf971c999f4d3cc0f6f213002c16c 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -3231,17 +3231,31 @@ early_param("vmscape", vmscape_parse_cmdline);
> >   static void __init vmscape_select_mitigation(void)
> >   {
> > -	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
> > -	    !boot_cpu_has(X86_FEATURE_IBPB)) {
> > +	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE)) {
> >   		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
> >   		return;
> >   	}
> > -	if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) {
> > -		if (should_mitigate_vuln(X86_BUG_VMSCAPE))
> > +	if ((vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) &&
> > +	    !should_mitigate_vuln(X86_BUG_VMSCAPE))
> > +		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
> > +
> > +	switch (vmscape_mitigation) {
> > +	case VMSCAPE_MITIGATION_NONE:
> > +		break;
> > +
> > +	case VMSCAPE_MITIGATION_IBPB_ON_VMEXIT:
> > +	case VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER:
> > +		if (!boot_cpu_has(X86_FEATURE_IBPB))
> > +			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
> > +		break;
> > +
> > +	case VMSCAPE_MITIGATION_AUTO:
> > +		if (boot_cpu_has(X86_FEATURE_IBPB))
> >   			vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
> 
> 
> IMO this patch is a net-negative because as per my reply to patch 9 you have
> effectively a dead branch:
> 
> The clear BHB_CLEAR_USER one, however it turns out you have yet another one:
> VMSCAPE_MITIGATION_IBPB_ON_VMEXIT as it's only ever set in
> vmscape_update_mitigation() which executes after '_select()' as well and

Removed VMSCAPE_MITIGATION_IBPB_ON_VMEXIT.

> additionally you duplicate the FEATURE_IBPB check.

FEATURE_IBPB check is still needed for VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER.
I don't think we can drop that.

> So I think either dropping it or removing the superfluous branches is in
> order.
> 
> >   		else
> >   			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
> > +		break;
> >   	}
> >   }
> > 
>

On 11/25/25 01:09, Pawan Gupta wrote:
> On Fri, Nov 21, 2025 at 04:27:05PM +0200, Nikolay Borisov wrote:
>>
>>
>> On 11/20/25 08:19, Pawan Gupta wrote:
>>> This ensures that all mitigation modes are explicitly handled, while
>>> keeping the mitigation selection for each mode together. This also prepares
>>> for adding BHB-clearing mitigation mode for VMSCAPE.
>>>
>>> Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
>>> ---
>>>    arch/x86/kernel/cpu/bugs.c | 22 ++++++++++++++++++----
>>>    1 file changed, 18 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
>>> index 1e9b11198db0fe2483bd17b1327bcfd44a2c1dbf..233594ede19bf971c999f4d3cc0f6f213002c16c 100644
>>> --- a/arch/x86/kernel/cpu/bugs.c
>>> +++ b/arch/x86/kernel/cpu/bugs.c
>>> @@ -3231,17 +3231,31 @@ early_param("vmscape", vmscape_parse_cmdline);
>>>    static void __init vmscape_select_mitigation(void)
>>>    {
>>> -	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE) ||
>>> -	    !boot_cpu_has(X86_FEATURE_IBPB)) {
>>> +	if (!boot_cpu_has_bug(X86_BUG_VMSCAPE)) {
>>>    		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
>>>    		return;
>>>    	}
>>> -	if (vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) {
>>> -		if (should_mitigate_vuln(X86_BUG_VMSCAPE))
>>> +	if ((vmscape_mitigation == VMSCAPE_MITIGATION_AUTO) &&
>>> +	    !should_mitigate_vuln(X86_BUG_VMSCAPE))
>>> +		vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
>>> +
>>> +	switch (vmscape_mitigation) {
>>> +	case VMSCAPE_MITIGATION_NONE:
>>> +		break;
>>> +
>>> +	case VMSCAPE_MITIGATION_IBPB_ON_VMEXIT:
>>> +	case VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER:
>>> +		if (!boot_cpu_has(X86_FEATURE_IBPB))
>>> +			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
>>> +		break;
>>> +
>>> +	case VMSCAPE_MITIGATION_AUTO:
>>> +		if (boot_cpu_has(X86_FEATURE_IBPB))
>>>    			vmscape_mitigation = VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
>>
>>
>> IMO this patch is a net-negative because as per my reply to patch 9 you have
>> effectively a dead branch:
>>
>> The clear BHB_CLEAR_USER one, however it turns out you have yet another one:
>> VMSCAPE_MITIGATION_IBPB_ON_VMEXIT as it's only ever set in
>> vmscape_update_mitigation() which executes after '_select()' as well and
> 
> Removed VMSCAPE_MITIGATION_IBPB_ON_VMEXIT.
> 
>> additionally you duplicate the FEATURE_IBPB check.
> 
> FEATURE_IBPB check is still needed for VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER.
> I don't think we can drop that.

But if X86_FEATURE_IBPB is not present then all branches boil down to 
setting the mitigation to NONE. What I was suggesting is to not remove 
the that check at the top.

> 
>> So I think either dropping it or removing the superfluous branches is in
>> order.
>>
>>>    		else
>>>    			vmscape_mitigation = VMSCAPE_MITIGATION_NONE;
>>> +		break;
>>>    	}
>>>    }
>>>
>>

On Tue, Nov 25, 2025 at 12:19:32PM +0200, Nikolay Borisov wrote:
> > FEATURE_IBPB check is still needed for VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER.
> > I don't think we can drop that.
> 
> But if X86_FEATURE_IBPB is not present then all branches boil down to
> setting the mitigation to NONE. What I was suggesting is to not remove the
> that check at the top.

BHB_CLEAR mitigation is still possible without IBPB, with that IBPB check cannot
be at the top. This patch prepares for adding BHB_CLEAR support.

Sure I can delay moving the IBPB check to later patch, but the intent of
splitting the patches was to keep the patch that move the existing logic
separate from the one that adds a new mitigation.