From nobody Fri Apr  3 05:49:42 2026
Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9588A22D7B9;
	Fri,  3 Apr 2026 00:32:52 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=198.175.65.17
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1775176373; cv=none;
 b=DKEeE88Lqp9Czz+cB/65+RRJJfODbVmhz1tMSm5dUxdJCt6S/Y8oO813H+jaCGjMNvHqZjr5zgbaOFY8cBvlpLV9qwWc3UAqrcg0MQ3nYn8abgLLt8vQVvIStBPZAOToenh4ZDFkx9vhs8VZTAeSV5WCWt4L7yLvhpyKoyJX9Fs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1775176373; c=relaxed/simple;
	bh=mU+0J2lXgHfLK6RPNJk+XjH8VvwqquydrhBKl6Ith9w=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To;
 b=CfC0qFBXSJHUVSrh+benW0D6gMvneq/tIc2tn+gDpKpzzbUVkcitqQTI7KnKKTAQIlYJxVGibhQnTOjGFYY6+ORvMEAmf1upLU78Q7VcYtuidBaG8fMDfrIGvLOmQtmRxJdN2hEk1jtIQoTM3z5PhKIjRj9cuatnKN3+jnri2DE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com;
 spf=pass smtp.mailfrom=linux.intel.com;
 dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b=hpTQQwhA; arc=none smtp.client-ip=198.175.65.17
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com
 header.b="hpTQQwhA"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1775176372; x=1806712372;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=mU+0J2lXgHfLK6RPNJk+XjH8VvwqquydrhBKl6Ith9w=;
  b=hpTQQwhAmwCFZo6HCgtX3vM+lxSxqFeC+AWaegEahli7iO5XxDPx1/h7
   vMOJclzDGvZiQfUge83NcahPwd9PMGnPGqf8+WdybIAqOMFIS5IUyHcsa
   YTNt8pEGfOR3z+eNnDDOnViS/+0mQsCyOcZZMNddQQhmjDN3kxAOb0En1
   w8Zj3OYXJzt+AikMrNU20VRMTff/Vmb99BUyzytQdS+aJxG3MWuV0tU62
   urdDd1H8vSkL41LMbJZpinZ/uO8BzLCKQfKks6Tzz4y+9vj2mj9kAt51G
   c0Zucydnz5sfuJtn+lNXc+s6VERYBwvOnc9p0nG66uy4OyiBzFGiXzJky
   w==;
X-CSE-ConnectionGUID: nlUYxS1tQYyBWZ0G+8AWTA==
X-CSE-MsgGUID: AAQdRXM3Ti2/RCa1penUJQ==
X-IronPort-AV: E=McAfee;i="6800,10657,11747"; a="76213466"
X-IronPort-AV: E=Sophos;i="6.23,156,1770624000";
   d="scan'208";a="76213466"
Received: from orviesa006.jf.intel.com ([10.64.159.146])
  by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 02 Apr 2026 17:32:52 -0700
X-CSE-ConnectionGUID: gz0IxSgrTzyeYsWngtWZEA==
X-CSE-MsgGUID: xGyVV1jCS2uFbtR5hQIy7w==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.23,156,1770624000";
   d="scan'208";a="226119145"
Received: from guptapa-desk.jf.intel.com (HELO desk) ([10.165.239.46])
  by orviesa006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 02 Apr 2026 17:32:52 -0700
Date: Thu, 2 Apr 2026 17:32:51 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: x86@kernel.org, Jon Kohler <jon@nutanix.com>,
	Nikolay Borisov <nik.borisov@suse.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Josh Poimboeuf <jpoimboe@kernel.org>,
	David Kaplan <david.kaplan@amd.com>,
	Sean Christopherson <seanjc@google.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Alexei Starovoitov <ast@kernel.org>,
	Daniel Borkmann <daniel@iogearbox.net>,
	Andrii Nakryiko <andrii@kernel.org>, KP Singh <kpsingh@kernel.org>,
	Jiri Olsa <jolsa@kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	David Laight <david.laight.linux@gmail.com>,
	Andy Lutomirski <luto@kernel.org>,
	Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
	David Ahern <dsahern@kernel.org>,
	Martin KaFai Lau <martin.lau@linux.dev>,
	Eduard Zingerman <eddyz87@gmail.com>, Song Liu <song@kernel.org>,
	Yonghong Song <yonghong.song@linux.dev>,
	John Fastabend <john.fastabend@gmail.com>,
	Stanislav Fomichev <sdf@fomichev.me>, Hao Luo <haoluo@google.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Jonathan Corbet <corbet@lwn.net>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	Asit Mallick <asit.k.mallick@intel.com>,
	Tao Zhang <tao1.zhang@intel.com>, bpf@vger.kernel.org,
	netdev@vger.kernel.org, linux-doc@vger.kernel.org
Subject: [PATCH v9 09/10] x86/vmscape: Resolve conflict between
 attack-vectors and vmscape=force
Message-ID: <20260402-vmscape-bhb-v9-9-94d16bc29774@linux.intel.com>
X-Mailer: b4 0.15-dev
References: <20260402-vmscape-bhb-v9-0-94d16bc29774@linux.intel.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20260402-vmscape-bhb-v9-0-94d16bc29774@linux.intel.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

vmscape=3Dforce option currently defaults to AUTO mitigation. This lets
attack-vector controls to override the vmscape mitigation. Preventing the
user from being able to force VMSCAPE mitigation.

When vmscape mitigation is forced, allow it be deployed irrespective of
attack vectors. Introduce VMSCAPE_MITIGATION_ON that wins over
attack-vector controls.

Tested-by: Jon Kohler <jon@nutanix.com>
Reviewed-by: Nikolay Borisov <nik.borisov@suse.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
---
 arch/x86/kernel/cpu/bugs.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index c7946cd809f7..ba8389df467a 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -3057,6 +3057,7 @@ static void __init srso_apply_mitigation(void)
 enum vmscape_mitigations {
 	VMSCAPE_MITIGATION_NONE,
 	VMSCAPE_MITIGATION_AUTO,
+	VMSCAPE_MITIGATION_ON,
 	VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER,
 	VMSCAPE_MITIGATION_IBPB_ON_VMEXIT,
 	VMSCAPE_MITIGATION_BHB_CLEAR_EXIT_TO_USER,
@@ -3065,6 +3066,7 @@ enum vmscape_mitigations {
 static const char * const vmscape_strings[] =3D {
 	[VMSCAPE_MITIGATION_NONE]			=3D "Vulnerable",
 	/* [VMSCAPE_MITIGATION_AUTO] */
+	/* [VMSCAPE_MITIGATION_ON] */
 	[VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER]		=3D "Mitigation: IBPB before exit=
 to userspace",
 	[VMSCAPE_MITIGATION_IBPB_ON_VMEXIT]		=3D "Mitigation: IBPB on VMEXIT",
 	[VMSCAPE_MITIGATION_BHB_CLEAR_EXIT_TO_USER]	=3D "Mitigation: Clear BHB be=
fore exit to userspace",
@@ -3084,7 +3086,7 @@ static int __init vmscape_parse_cmdline(char *str)
 		vmscape_mitigation =3D VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER;
 	} else if (!strcmp(str, "force")) {
 		setup_force_cpu_bug(X86_BUG_VMSCAPE);
-		vmscape_mitigation =3D VMSCAPE_MITIGATION_AUTO;
+		vmscape_mitigation =3D VMSCAPE_MITIGATION_ON;
 	} else if (!strcmp(str, "auto")) {
 		vmscape_mitigation =3D VMSCAPE_MITIGATION_AUTO;
 	} else {
@@ -3116,6 +3118,7 @@ static void __init vmscape_select_mitigation(void)
 		break;
=20
 	case VMSCAPE_MITIGATION_AUTO:
+	case VMSCAPE_MITIGATION_ON:
 		/*
 		 * CPUs with BHI_CTRL(ADL and newer) can avoid the IBPB and use
 		 * BHB clear sequence. These CPUs are only vulnerable to the BHI
@@ -3249,6 +3252,7 @@ void cpu_bugs_smt_update(void)
 	switch (vmscape_mitigation) {
 	case VMSCAPE_MITIGATION_NONE:
 	case VMSCAPE_MITIGATION_AUTO:
+	case VMSCAPE_MITIGATION_ON:
 		break;
 	case VMSCAPE_MITIGATION_IBPB_ON_VMEXIT:
 	case VMSCAPE_MITIGATION_IBPB_EXIT_TO_USER:

--=20
2.34.1