Re: [PATCH v3 2/3] x86/vmscape: Replace IBPB with branch history clear on exit to userspace

Next message: Google: "Re: [PATCH v5 6/8] selftests: tracing: Add a basic testcase for wprobe"
Previous message: Dmitry Baryshkov: "Re: [PATCH v7 0/8] PCI: Enable Power and configure the TC9563 PCIe switch"
In reply to: Sean Christopherson: "Re: [PATCH v3 2/3] x86/vmscape: Replace IBPB with branch history clear on exit to userspace"
Next in thread: Pawan Gupta: "[PATCH v3 3/3] x86/vmscape: Remove LFENCE from BHB clearing long loop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pawan Gupta

Date: Wed Oct 29 2025 - 20:09:07 EST

On Wed, Oct 29, 2025 at 03:47:54PM -0700, Sean Christopherson wrote:
> On Mon, Oct 27, 2025, Pawan Gupta wrote:
> > IBPB mitigation for VMSCAPE is an overkill for CPUs that are only affected
> > by the BHI variant of VMSCAPE. On such CPUs, eIBRS already provides
> > indirect branch isolation between guest and host userspace. But, a guest
> > could still poison the branch history.
> >
> > To mitigate that, use the recently added clear_bhb_long_loop() to isolate
> > the branch history between guest and userspace. Add cmdline option
> > 'vmscape=on' that automatically selects the appropriate mitigation based
> > on the CPU.
> >
> > Acked-by: David Kaplan <david.kaplan@xxxxxxx>
> > Signed-off-by: Pawan Gupta <pawan.kumar.gupta@xxxxxxxxxxxxxxx>
> > ---
> > Documentation/admin-guide/hw-vuln/vmscape.rst | 8 ++++
> > Documentation/admin-guide/kernel-parameters.txt | 4 +-
> > arch/x86/include/asm/cpufeatures.h | 1 +
> > arch/x86/include/asm/entry-common.h | 12 +++---
> > arch/x86/include/asm/nospec-branch.h | 2 +-
> > arch/x86/kernel/cpu/bugs.c | 53 ++++++++++++++++++-------
> > arch/x86/kvm/x86.c | 5 ++-
> > 7 files changed, 61 insertions(+), 24 deletions(-)
>
> For the KVM changes,
>
> Acked-by: Sean Christopherson <seanjc@xxxxxxxxxx>

Thank you.