From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from out-178.mta1.migadu.com (out-178.mta1.migadu.com [95.215.58.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0118B1A23BD for ; Tue, 25 Feb 2025 21:29:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=95.215.58.178 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740518942; cv=none; b=Of78qMfWnA9DX3WAUMD+cfepD5NqF3Ht6xxaSmM0OTVDMa5Rzb7slkOyaid//EqUog/26ihwNkAKzbetHiHiQQt11jC3p4TYUn01CZX0Ygcq1zkjnli0+SByvSOEUUFVieF9MFVSgrEF6jo5jlus1GOD0UORmBisPKM2b/0R6Ms= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1740518942; c=relaxed/simple; bh=H0nqRbCByViU1xjhp7Dx7fcYBfMIWPdsMoNXbbQoMlg=; h=MIME-Version:Date:Content-Type:From:Message-ID:Subject:To:Cc: In-Reply-To:References; b=jpV29LMvA7lRArDJloApYFCAts1DEWTiYRr2s0Wevso8bRdZM1hZ8MhTiA9MfxYPl4wUvgsBwjWd8h4e/ugmIr9qkkKTNYxFYfdiG5EKumG0/LJyxryO+D+1y3eupFKu9p+1Pm28if0s7C6yTeDFzpuGD7fnazOxfZtGR3b3IDo= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev; spf=pass smtp.mailfrom=linux.dev; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b=GdepzR04; arc=none smtp.client-ip=95.215.58.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.dev Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.dev Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux.dev header.i=@linux.dev header.b="GdepzR04" Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1740518939; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/89WU6W64pAO6mTgkt5TaBrkeX/9/DXa+3FL51mqM/8=; b=GdepzR04DpXYaw7NLiPK67yqbgIcnWkHmV/HYvLDfKunHfcxjaVcJeyO+iuYZGxqAWZatA o57ffZulXDa+NUx3wx+4oLoIPc5A46dEmNjoDFF8i0illZwfzARbuzx7kA/31wCnN9NZG8 m4yK4kutNeZoZyEKrpctBq6pfmR5NBw= Date: Tue, 25 Feb 2025 21:28:56 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: "Yosry Ahmed" Message-ID: <76526510ba3a81f812d16aabb3b45e2dead2fa35@linux.dev> TLS-Required: No Subject: Re: [PATCH 1/6] x86/bugs: Move the X86_FEATURE_USE_IBPB check into callers To: "Sean Christopherson" Cc: x86@kernel.org, "Thomas Gleixner" , "Ingo Molnar" , "Borislav Petkov" , "Dave Hansen" , "H. Peter Anvin" , "Peter Zijlstra" , "Josh Poimboeuf" , "Pawan Gupta" , "Andy Lutomirski" , "Paolo Bonzini" , kvm@vger.kernel.org, linux-kernel@vger.kernel.org In-Reply-To: References: <20250219220826.2453186-1-yosry.ahmed@linux.dev> <20250219220826.2453186-2-yosry.ahmed@linux.dev> X-Migadu-Flow: FLOW_OUT February 25, 2025 at 11:47 AM, "Sean Christopherson" = wrote: >=20 >=20On Wed, Feb 19, 2025, Yosry Ahmed wrote:=20 >=20>=20 >=20> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c > > index 6c56d5235f0f3..729a8ee24037b 100644 > > --- a/arch/x86/kvm/vmx/vmx.c > > +++ b/arch/x86/kvm/vmx/vmx.c > > @@ -1478,7 +1478,8 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu,= int cpu, > > * may switch the active VMCS multiple times). > > */ > > if (!buddy || WARN_ON_ONCE(buddy->vmcs !=3D prev)) > > - indirect_branch_prediction_barrier(); > > + if (cpu_feature_enabled(X86_FEATURE_USE_IBPB)) >=20 >=20Combine this into a single if-statement, to make it readable and beca= use as-is > the outer if would need curly braces. > And since this check will stay around in the form of a static_branch, I= vote to > check it first so that the checks on "buddy" are elided if vcpu_load_ib= pb is disabled. > That'll mean the WARN_ON_ONCE() won't fire if we have a bug and someone= is running > with mitigations disabled, but I'm a-ok with that. SGTM, will do that in the next version. Thanks!