* [PATCH 1/3] target/i386: add new AMD EPYC models for GMET enablement
[not found] <20260330193428.1663253-1-jon@nutanix.com>
@ 2026-03-30 19:34 ` Jon Kohler
2026-03-30 19:34 ` [PATCH 2/3] target/i386: add new Intel models for MMIO/GDS/RFDS mitigation status Jon Kohler
2026-03-30 19:34 ` [PATCH 3/3] target/i386: add new Intel models for MBEC enablement Jon Kohler
2 siblings, 0 replies; 3+ messages in thread
From: Jon Kohler @ 2026-03-30 19:34 UTC (permalink / raw)
To: Paolo Bonzini, Zhao Liu, open list:All patches CC here
Cc: Jon Kohler, Babu Moger, Nikunj A Dadhania
Add models to expose Guest Mode Execute Trap (GMET) support,
and add CPUID_SVM_GMET header definition so that future EPYC
models can easily add default support.
New models are:
AMD EPYC-Milan-v4
AMD EPYC-Genoa-v3
AMD EPYC-Turin-v2
Cc: Babu Moger <babu.moger@amd.com>
Cc: Nikunj A Dadhania <nikunj@amd.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
---
target/i386/cpu.c | 34 ++++++++++++++++++++++++++++++++++
target/i386/cpu.h | 1 +
2 files changed, 35 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index d02f6f0653..6b1a3a9b98 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6836,6 +6836,16 @@ static const X86CPUDefinition builtin_x86_defs[] = {
},
.cache_info = &epyc_milan_v3_cache_info
},
+ {
+ .version = 4,
+ .props = (PropValue[]) {
+ { "gmet", "on" },
+ { "model-id",
+ "AMD EPYC-Milan-v4 Processor" },
+ { /* end of list */ }
+ },
+ .cache_info = &epyc_milan_v3_cache_info
+ },
{ /* end of list */ }
}
},
@@ -6933,6 +6943,16 @@ static const X86CPUDefinition builtin_x86_defs[] = {
},
.cache_info = &epyc_genoa_v2_cache_info
},
+ {
+ .version = 3,
+ .props = (PropValue[]) {
+ { "gmet", "on" },
+ { "model-id",
+ "AMD EPYC-Genoa-v3 Processor" },
+ { /* end of list */ }
+ },
+ .cache_info = &epyc_genoa_v2_cache_info
+ },
{ /* end of list */ }
}
},
@@ -7163,6 +7183,20 @@ static const X86CPUDefinition builtin_x86_defs[] = {
.xlevel = 0x80000022,
.model_id = "AMD EPYC-Turin Processor",
.cache_info = &epyc_turin_cache_info,
+ .versions = (X86CPUVersionDefinition[]) {
+ { .version = 1 },
+ {
+ .version = 2,
+ .props = (PropValue[]) {
+ { "gmet", "on" },
+ { "model-id",
+ "AMD EPYC-Turin-v2 Processor" },
+ { /* end of list */ }
+ },
+ .cache_info = &epyc_turin_cache_info
+ },
+ { /* end of list */ }
+ }
},
};
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 0b539155c4..6401028e70 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -879,6 +879,7 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w);
#define CPUID_SVM_AVIC (1U << 13)
#define CPUID_SVM_V_VMSAVE_VMLOAD (1U << 15)
#define CPUID_SVM_VGIF (1U << 16)
+#define CPUID_SVM_GMET (1U << 17)
#define CPUID_SVM_VNMI (1U << 25)
#define CPUID_SVM_SVME_ADDR_CHK (1U << 28)
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH 2/3] target/i386: add new Intel models for MMIO/GDS/RFDS mitigation status
[not found] <20260330193428.1663253-1-jon@nutanix.com>
2026-03-30 19:34 ` [PATCH 1/3] target/i386: add new AMD EPYC models for GMET enablement Jon Kohler
@ 2026-03-30 19:34 ` Jon Kohler
2026-03-30 19:34 ` [PATCH 3/3] target/i386: add new Intel models for MBEC enablement Jon Kohler
2 siblings, 0 replies; 3+ messages in thread
From: Jon Kohler @ 2026-03-30 19:34 UTC (permalink / raw)
To: Paolo Bonzini, Zhao Liu, open list:All patches CC here
Cc: Jon Kohler, Pawan Gupta
Add new bits to ARCH_CAPABILITIES MSR to enumerate the status of the
MMIO/GDS/RFDS mitigations on Cascade Lake, Ice Lake, Sapphire Rapids,
and Granite Rapids processors.
These have been advertised in Intel microcode updates for a while now,
but require user space to opt in to advertise them to guests.
New models are:
- Cascadelake-Server-v6
- Icelake-Server-v8
- SapphireRapids-v7 (note, already got MMIO fixes on commit [1])
- GraniteRapids-v6
[1] 3baf7ae63505 ("target/i386: Add few security fix bits in
ARCH_CAPABILITIES into SapphireRapids CPU model")
Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
---
target/i386/cpu.c | 41 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 41 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 6b1a3a9b98..aa7a91c0e3 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4901,6 +4901,17 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
},
},
+ { .version = 6,
+ .note = "with MMIO/GDS/RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "fb-clear", "on" },
+ { "gds-no", "on" },
+ { "psdp-no", "on" },
+ { "rfds-no", "on" },
+ { "sbdr-ssdp-no", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
}
},
@@ -5183,6 +5194,18 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
},
},
+ {
+ .version = 8,
+ .note = "with MMIO/GDS/RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "fb-clear", "on" },
+ { "gds-no", "on" },
+ { "psdp-no", "on" },
+ { "rfds-no", "on" },
+ { "sbdr-ssdp-no", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
}
},
@@ -5360,6 +5383,15 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
}
},
+ {
+ .version = 7,
+ .note = "with GDS and RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "gds-no", "on" },
+ { "rfds-no", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ }
}
},
@@ -5541,6 +5573,15 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
}
},
+ {
+ .version = 6,
+ .note = "with GDS and RFDS mitigation status",
+ .props = (PropValue[]) {
+ { "gds-no", "on" },
+ { "rfds-no", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ },
},
},
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH 3/3] target/i386: add new Intel models for MBEC enablement
[not found] <20260330193428.1663253-1-jon@nutanix.com>
2026-03-30 19:34 ` [PATCH 1/3] target/i386: add new AMD EPYC models for GMET enablement Jon Kohler
2026-03-30 19:34 ` [PATCH 2/3] target/i386: add new Intel models for MMIO/GDS/RFDS mitigation status Jon Kohler
@ 2026-03-30 19:34 ` Jon Kohler
2 siblings, 0 replies; 3+ messages in thread
From: Jon Kohler @ 2026-03-30 19:34 UTC (permalink / raw)
To: Paolo Bonzini, Zhao Liu, open list:All patches CC here; +Cc: Jon Kohler
Add models to expose Mode Based Execute Control (MBEC) support, which
is a Skylake++ feature.
Note: Future models can use VMX_SECONDARY_EXEC_MODE_BASED_EPT_EXEC to
easily add default support.
New models are:
- Skylake-Server-v6
- Cascadelake-Server-v7
- Icelake-Server-v9
- SapphireRapids-v8
- GraniteRapids-v7
- DiamondRapids-v2
- SierraForest-v6
- ClearwaterForest-v4
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Zhao Liu <zhao1.liu@intel.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
---
target/i386/cpu.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 67 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index aa7a91c0e3..0fc7132ef3 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -4767,6 +4767,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
}
},
+ {
+ .version = 6,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ }
+ }
+ },
{ /* end of list */ }
}
},
@@ -4912,6 +4920,13 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
},
},
+ { .version = 7,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ }
+ },
+ },
{ /* end of list */ }
}
},
@@ -5206,6 +5221,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ }
},
},
+ {
+ .version = 9,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ }
+ }
+ },
{ /* end of list */ }
}
},
@@ -5392,6 +5415,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
}
},
+ {
+ .version = 8,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ }
}
},
@@ -5582,6 +5613,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
}
},
+ {
+ .version = 7,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ },
},
},
@@ -5776,6 +5815,18 @@ static const X86CPUDefinition builtin_x86_defs[] = {
.features[FEAT_VMX_VMFUNC] = MSR_VMX_VMFUNC_EPT_SWITCHING,
.xlevel = 0x80000008,
.model_id = "Intel Xeon Processor (DiamondRapids)",
+ .versions = (X86CPUVersionDefinition[]) {
+ { .version = 1 },
+ {
+ .version = 2,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ },
+ }
+ },
+ { /* end of list */ },
+ },
},
{
.name = "SierraForest",
@@ -5947,6 +5998,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
}
},
+ {
+ .version = 6,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ },
},
},
@@ -6103,6 +6162,14 @@ static const X86CPUDefinition builtin_x86_defs[] = {
{ /* end of list */ },
}
},
+ {
+ .version = 4,
+ .note = "with MBEC enabled",
+ .props = (PropValue[]) {
+ { "vmx-mbec", "on" },
+ { /* end of list */ },
+ }
+ },
{ /* end of list */ },
},
},
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread