Re: [PATCH v9 01/10] x86/bhi: x86/vmscape: Move LFENCE out of clear_bhb_loop()

[Pawan Gupta]

On Fri, Apr 03, 2026 at 05:16:30PM +0200, Borislav Petkov wrote:
> On Thu, Apr 02, 2026 at 05:30:47PM -0700, Pawan Gupta wrote:
> > Currently, the BHB clearing sequence is followed by an LFENCE to prevent
> > transient execution of subsequent indirect branches prematurely. However,
> > the LFENCE barrier could be unnecessary in certain cases. For example, when
> > the kernel is using the BHI_DIS_S mitigation, and BHB clearing is only
> > needed for userspace. In such cases, the LFENCE is redundant because ring
> > transitions would provide the necessary serialization.
> > 
> > Below is a quick recap of BHI mitigation options:
> > 
> > On Alder Lake and newer
> > 
> >     BHI_DIS_S: Hardware control to mitigate BHI in ring0. This has low
> >     performance overhead.
> > 
> >     Long loop: Alternatively, a longer version of the BHB clearing sequence
> >     can be used to mitigate BHI. It can also be used to mitigate the BHI
> >     variant of VMSCAPE. This is not yet implemented in Linux.
> > 
> > On older CPUs
> > 
> >     Short loop: Clears BHB at kernel entry and VMexit. The "Long loop" is
> >     effective on older CPUs as well, but should be avoided because of
> >     unnecessary overhead.
> > 
> > On Alder Lake and newer CPUs, eIBRS isolates the indirect targets between
> > guest and host. But when affected by the BHI variant of VMSCAPE, a guest's
> > branch history may still influence indirect branches in userspace. This
> > also means the big hammer IBPB could be replaced with a cheaper option that
> > clears the BHB at exit-to-userspace after a VMexit.
> > 
> > In preparation for adding the support for the BHB sequence (without LFENCE)
> > on newer CPUs, move the LFENCE to the caller side after clear_bhb_loop() is
> > executed. Allow callers to decide whether they need the LFENCE or not. This
> > adds a few extra bytes to the call sites, but it obviates the need for
> > multiple variants of clear_bhb_loop().
> > 
> > Suggested-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> > Tested-by: Jon Kohler <jon@xxxxxxxxxxx>
> > Reviewed-by: Nikolay Borisov <nik.borisov@xxxxxxxx>
> > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
> > ---
> >  arch/x86/entry/entry_64.S            | 5 ++++-
> >  arch/x86/include/asm/nospec-branch.h | 4 ++--
> >  arch/x86/net/bpf_jit_comp.c          | 2 ++
> >  3 files changed, 8 insertions(+), 3 deletions(-)
> 
> Acked-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>

Thanks.