From: Sean Christopherson <seanjc@google.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Zijlstra <peterz@infradead.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
Brendan Jackman <jackmanb@google.com>
Subject: Re: [PATCH v4 4/8] KVM: VMX: Handle MMIO Stale Data in VM-Enter assembly via ALTERNATIVES_2
Date: Thu, 13 Nov 2025 14:01:25 -0800 [thread overview]
Message-ID: <aRZVNWFBPAQAtlWL@google.com> (raw)
In-Reply-To: <20251113142000.GAaRXpEKHh1oQgN65e@fat_crate.local>
On Thu, Nov 13, 2025, Borislav Petkov wrote:
> On Wed, Nov 12, 2025 at 12:30:36PM -0800, Sean Christopherson wrote:
> > They're set based on what memory is mapped into the KVM-controlled page tables,
> > e.g. into the EPT/NPT tables, that will be used by the vCPU for that VM-Enter.
> > root->has_mapped_host_mmio is per page table. vcpu->kvm->arch.has_mapped_host_mmio
> > exists because of nastiness related to shadow paging; for all intents and purposes,
> > I would just mentally ignore that one.
>
> And you say they're very dynamic because the page table will ofc very likely
> change before each VM-Enter. Or rather, as long as the fact that the guest has
> mapped host MMIO ranges changes. Oh well, I guess that's dynamic enough...
In practice, the flag will be quite static for a given vCPU. The issue is that
it _could_ be extremely volatile depending on VMM and/or guest behavior, and so
I don't want to try and optimize for any particular behavior/pattern, because
KVM effectively doesn't have any control over whether or not the vCPU can access
MMIO.
> > Very lightly tested at this point, but I think this can all be simplified to
> >
> > /*
> > * Note, ALTERNATIVE_2 works in reverse order. If CLEAR_CPU_BUF_VM is
> > * enabled, do VERW unconditionally. If CPU_BUF_VM_MMIO is enabled,
> > * check @flags to see if the vCPU has access to host MMIO, and do VERW
> > * if so. Else, do nothing (no mitigations needed/enabled).
> > */
> > ALTERNATIVE_2 "", \
> > __stringify(testl $VMX_RUN_CLEAR_CPU_BUFFERS_FOR_MMIO, WORD_SIZE(%_ASM_SP); \
> > jz .Lskip_clear_cpu_buffers; \
> > VERW; \
> > .Lskip_clear_cpu_buffers:), \
>
> And juse because that label is local to this statement only, you can simply
> call it "1" and reduce clutter even more.
Eh, sort of. In the past, this code used "simple" numeric labels, and it became
nearly impossible to maintain. This is quite contained code and so isn't likely
to cause maintenance problems, but unless someone feels *really* strongly about
numeric labels, I'll keep a named label to match the rest of the code.
Though with it just being VERW, I can shorten it a wee bit and make it more
precise at the same time:
__stringify(testl $VMX_RUN_CLEAR_CPU_BUFFERS_FOR_MMIO, WORD_SIZE(%_ASM_SP); \
jz .Lskip_mmio_verw; \
VERW; \
.Lskip_mmio_verw:), \
next prev parent reply other threads:[~2025-11-13 22:01 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-31 0:30 [PATCH v4 0/8] x86/bugs: KVM: L1TF and MMIO Stale Data cleanups Sean Christopherson
2025-10-31 0:30 ` [PATCH v4 1/8] x86/bugs: Use VM_CLEAR_CPU_BUFFERS in VMX as well Sean Christopherson
2025-10-31 11:30 ` Brendan Jackman
2025-11-01 1:46 ` Pawan Gupta
2025-11-03 18:18 ` Pawan Gupta
2025-11-07 19:05 ` Borislav Petkov
2025-11-11 22:03 ` Sean Christopherson
2025-11-12 10:23 ` Borislav Petkov
2025-11-12 18:19 ` Pawan Gupta
2025-11-12 18:17 ` Pawan Gupta
2025-11-07 18:59 ` Borislav Petkov
2025-11-12 18:02 ` Pawan Gupta
2025-10-31 0:30 ` [PATCH v4 2/8] x86/bugs: Decouple ALTERNATIVE usage from VERW macro definition Sean Christopherson
2025-10-31 11:37 ` Brendan Jackman
2025-10-31 17:43 ` Sean Christopherson
2025-11-01 4:13 ` Pawan Gupta
2025-11-03 17:00 ` Sean Christopherson
2025-11-03 17:40 ` Pawan Gupta
2025-11-12 12:15 ` Borislav Petkov
2025-10-31 0:30 ` [PATCH v4 3/8] x86/bugs: Use an X86_FEATURE_xxx flag for the MMIO Stale Data mitigation Sean Christopherson
2025-10-31 11:44 ` Brendan Jackman
2025-10-31 21:47 ` Sean Christopherson
2025-11-03 10:49 ` Brendan Jackman
2025-10-31 22:28 ` Pawan Gupta
2025-10-31 22:37 ` Sean Christopherson
2025-10-31 22:50 ` Pawan Gupta
2025-11-12 14:46 ` Borislav Petkov
2025-11-12 18:24 ` Pawan Gupta
2025-10-31 0:30 ` [PATCH v4 4/8] KVM: VMX: Handle MMIO Stale Data in VM-Enter assembly via ALTERNATIVES_2 Sean Christopherson
2025-10-31 12:32 ` Brendan Jackman
2025-10-31 21:44 ` Sean Christopherson
2025-11-03 10:51 ` Brendan Jackman
2025-10-31 23:55 ` Pawan Gupta
2025-11-01 3:41 ` Pawan Gupta
2025-11-03 9:17 ` Peter Zijlstra
2025-11-03 17:37 ` Pawan Gupta
2025-11-03 17:46 ` Pawan Gupta
2025-11-12 16:41 ` Borislav Petkov
2025-11-12 17:15 ` Sean Christopherson
2025-11-12 18:38 ` Borislav Petkov
2025-11-12 20:30 ` Sean Christopherson
2025-11-12 23:01 ` Pawan Gupta
2025-11-13 14:20 ` Borislav Petkov
2025-11-13 22:01 ` Sean Christopherson [this message]
2025-10-31 0:30 ` [PATCH v4 5/8] x86/bugs: KVM: Move VM_CLEAR_CPU_BUFFERS into SVM as SVM_CLEAR_CPU_BUFFERS Sean Christopherson
2025-10-31 12:34 ` Brendan Jackman
2025-11-13 15:03 ` Borislav Petkov
2025-11-13 15:37 ` Sean Christopherson
2025-11-13 16:19 ` Borislav Petkov
2025-10-31 0:30 ` [PATCH v4 6/8] KVM: VMX: Bundle all L1 data cache flush mitigation code together Sean Christopherson
2025-11-03 18:26 ` Pawan Gupta
2025-10-31 0:30 ` [PATCH v4 7/8] KVM: VMX: Disable L1TF L1 data cache flush if CONFIG_CPU_MITIGATIONS=n Sean Christopherson
2025-10-31 12:37 ` Brendan Jackman
2025-10-31 0:30 ` [PATCH v4 8/8] KVM: x86: Unify L1TF flushing under per-CPU variable Sean Christopherson
2025-10-31 11:22 ` [PATCH v4 0/8] x86/bugs: KVM: L1TF and MMIO Stale Data cleanups Brendan Jackman
2025-10-31 17:36 ` Sean Christopherson
2025-11-04 10:58 ` Brendan Jackman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRZVNWFBPAQAtlWL@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=jackmanb@google.com \
--cc=jpoimboe@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).