From: sashiko-bot@kernel.org
To: "Pawan Gupta" <pawan.kumar.gupta@linux.intel.com>
Cc: kvm@vger.kernel.org, bpf@vger.kernel.org
Subject: Re: [PATCH v12 09/12] x86/vmscape: Use static_call() for predictor flush
Date: Tue, 23 Jun 2026 17:47:14 +0000 [thread overview]
Message-ID: <20260623174715.48B501F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260622-vmscape-bhb-v12-9-76cbda0ae3e5@linux.intel.com>
Thank you for your contribution! Sashiko AI review found 3 potential issue(s) to consider:
- [Medium] The patch introduces unconditional memory reads on the highly sensitive kernel-to-user exit and KVM VM-enter fast paths, penalizing all systems where the VMSCAPE mitigation is disabled.
- [Low] The removal of `X86_FEATURE_IBPB_EXIT_TO_USER` from the kernel CPU features header was not mirrored to the corresponding tools header, causing code drift.
- [Low] Usage of `static_call_cond()` without including `<linux/static_call.h>` makes the header non-self-contained.
--
commit 6813e9ba3f5da52dd0859a742860cd03837d50a7
Author: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/vmscape: Use static_call() for predictor flush
This patch replaces the flag-based mitigation selector for VMSCAPE with a
static_call() to the mitigating function. This avoids adding more feature
flags and multiple checks, freeing the X86_FEATURE_IBPB_EXIT_TO_USER flag.
> diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
> index 1d506e5d6f46a..09f956b72637c 100644
> --- a/arch/x86/include/asm/cpufeatures.h
> +++ b/arch/x86/include/asm/cpufeatures.h
> @@ -504,7 +504,7 @@
> #define X86_FEATURE_TSA_SQ_NO (21*32+11) /* AMD CPU not vulnerable to TSA-SQ */
> #define X86_FEATURE_TSA_L1_NO (21*32+12) /* AMD CPU not vulnerable to TSA-L1 */
> #define X86_FEATURE_CLEAR_CPU_BUF_VM (21*32+13) /* Clear CPU buffers using VERW before VMRUN */
> -#define X86_FEATURE_IBPB_EXIT_TO_USER (21*32+14) /* Use IBPB on exit-to-userspace, see VMSCAPE bug */
> +/* Free */
[Severity: Low]
Does this removal also need to be synced to the tools copy in
tools/arch/x86/include/asm/cpufeatures.h? Leaving them out of sync typically
triggers a 'Kernel ABI header differs' build warning when compiling tools
like perf.
[ ... ]
> diff --git a/arch/x86/include/asm/entry-common.h b/arch/x86/include/asm/entry-common.h
> index 3be6d4c356ed2..d5b390c76f000 100644
> --- a/arch/x86/include/asm/entry-common.h
> +++ b/arch/x86/include/asm/entry-common.h
> @@ -4,6 +4,7 @@
>
> #include <linux/randomize_kstack.h>
> #include <linux/user-return-notifier.h>
> +#include <linux/static_call_types.h>
[Severity: Low]
Should this include <linux/static_call.h> instead? The static_call_cond()
macro is used below but isn't defined in static_call_types.h, which could
cause build failures if relying on implicit dependencies from downstream C
files.
>
> #include <asm/nospec-branch.h>
> #include <asm/io_bitmap.h>
> @@ -82,10 +83,8 @@ static inline void arch_exit_to_user_mode_prepare(struct pt_regs *regs,
> current_thread_info()->status &= ~(TS_COMPAT | TS_I386_REGS_POKED);
> #endif
>
> - /* Avoid unnecessary reads of 'x86_predictor_flush_exit_to_user' */
> - if (cpu_feature_enabled(X86_FEATURE_IBPB_EXIT_TO_USER) &&
> - this_cpu_read(x86_predictor_flush_exit_to_user)) {
> - write_ibpb();
> + if (unlikely(this_cpu_read(x86_predictor_flush_exit_to_user))) {
[Severity: Medium]
Will this unconditional per-CPU memory read add overhead on the kernel to
user exit fast path for unaffected CPUs? The previous cpu_feature_enabled()
check used alternative patching to compile out to zero instructions when the
mitigation was disabled.
> + static_call_cond(vmscape_predictor_flush)();
> this_cpu_write(x86_predictor_flush_exit_to_user, false);
> }
> }
[ ... ]
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 721ff7667dc0b..fcd61c47653fa 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -11556,7 +11556,7 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu)
> * set for the CPU that actually ran the guest, and not the CPU that it
> * may migrate to.
> */
> - if (cpu_feature_enabled(X86_FEATURE_IBPB_EXIT_TO_USER))
> + if (static_call_query(vmscape_predictor_flush))
[Severity: Medium]
Does replacing cpu_feature_enabled() with static_call_query() penalize the
KVM VM-enter fast path for unaffected hosts by introducing an unconditional
global memory read?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260622-vmscape-bhb-v12-0-76cbda0ae3e5@linux.intel.com?part=9
next prev parent reply other threads:[~2026-06-23 17:47 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-23 17:32 [PATCH v12 00/12] VMSCAPE optimization for BHI variant Pawan Gupta
2026-06-23 17:32 ` [PATCH v12 01/12] x86/bhi: x86/vmscape: Move LFENCE out of clear_bhb_loop() Pawan Gupta
2026-06-23 17:33 ` [PATCH v12 02/12] x86/bhi: Make clear_bhb_loop() effective on newer CPUs Pawan Gupta
2026-06-23 18:13 ` bot+bpf-ci
2026-06-23 17:33 ` [PATCH v12 03/12] x86/bhi: Rename clear_bhb_loop() to clear_bhb_loop_nofence() Pawan Gupta
2026-06-23 17:33 ` [PATCH v12 04/12] x86/vmscape: Rename x86_ibpb_exit_to_user to x86_predictor_flush_exit_to_user Pawan Gupta
2026-06-23 17:33 ` [PATCH v12 05/12] x86/vmscape: Move mitigation selection to a switch() Pawan Gupta
2026-06-23 17:43 ` sashiko-bot
2026-06-23 17:34 ` [PATCH v12 06/12] x86/vmscape: Use write_ibpb() instead of indirect_branch_prediction_barrier() Pawan Gupta
2026-06-23 17:34 ` [PATCH v12 07/12] static_call: Define EXPORT_STATIC_CALL_FOR_MODULES() Pawan Gupta
2026-06-23 17:34 ` [PATCH v12 08/12] KVM: Define EXPORT_STATIC_CALL_FOR_KVM() Pawan Gupta
2026-06-23 18:13 ` bot+bpf-ci
2026-06-23 17:34 ` [PATCH v12 09/12] x86/vmscape: Use static_call() for predictor flush Pawan Gupta
2026-06-23 17:47 ` sashiko-bot [this message]
2026-06-23 17:35 ` [PATCH v12 10/12] x86/vmscape: Deploy BHB clearing mitigation Pawan Gupta
2026-06-23 17:49 ` sashiko-bot
2026-06-23 17:35 ` [PATCH v12 11/12] x86/vmscape: Resolve conflict between attack-vectors and vmscape=force Pawan Gupta
2026-06-23 18:13 ` bot+bpf-ci
2026-06-23 17:35 ` [PATCH v12 12/12] x86/vmscape: Add cmdline vmscape=on to override attack vector controls Pawan Gupta
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260623174715.48B501F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=kvm@vger.kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox