Re: [PATCH v9 02/10] x86/bhi: Make clear_bhb_loop() effective on newer CPUs

Next message: David Jeffery: "Re: [PATCH 5/5] scsi: enable async shutdown support"
Previous message: Mark Brown: "Re: [PATCH v6 1/3] ASoC: tac5xx2-sdw: add soundwire based codec driver"
Next in thread: Jim Mattson: "Re: [PATCH v9 02/10] x86/bhi: Make clear_bhb_loop() effective on newer CPUs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dave Hansen

Date: Thu Apr 09 2026 - 16:37:01 EST

On 4/7/26 17:47, Jim Mattson wrote:
> On Tue, Apr 7, 2026 at 4:41 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
>> On 4/7/26 16:27, Jim Mattson wrote:
>>> What is your proposed BHI_DIS_S override mechanism, then?
>> Let me make sure I get this right. The desire is to:
>>
>> 1. Have hypervisors lie to guests about the CPU they are running on (for
>> the benefit of large/diverse migration pools)
>> 2. Have guests be allowed to boot with BHI_DIS_S for performance
>> 3. Have apps in those guests that care about security to opt back in to
>> BHI_DIS_S for themselves?
> I just want guests on heterogeneous migration pools to properly
> protect themselves from native BHI when running on host kernels at
> least as far back as Linux v6.6.
>
> To that end, I would be satisfied with using the longer BHB clearing
> sequence when HYPERVISOR is true and BHI_CTRL is false.

If the guests can't get mitigation information from model/family because
the hypervisor is lying (or may lie), then it's on the hypervisor to
figure it out.

I'm not sure we want to just assume that all hypervisors are going to
lie all the time about this.

I kinda think we should just let Pawan's series move forward and then we
can debate the lying hypervisor problem once the series is settled.