From: Kim Phillips <kim.phillips@amd.com>
To: <linux-kernel@vger.kernel.org>, <kvm@vger.kernel.org>,
<linux-coco@lists.linux.dev>, <x86@kernel.org>
Cc: Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
K Prateek Nayak <kprateek.nayak@amd.com>,
"Nikunj A Dadhania" <nikunj@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
"Michael Roth" <michael.roth@amd.com>,
Borislav Petkov <borislav.petkov@amd.com>,
Borislav Petkov <bp@alien8.de>, Naveen Rao <naveen.rao@amd.com>,
David Kaplan <david.kaplan@amd.com>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>,
"Kim Phillips" <kim.phillips@amd.com>
Subject: [PATCH v3 0/6] KVM: SEV: Add support for IBPB-on-Entry and BTB Isolation
Date: Thu, 2 Apr 2026 15:25:52 -0500 [thread overview]
Message-ID: <20260402202558.195005-1-kim.phillips@amd.com> (raw)
IBPB-on-Entry and BTB Isolation are supplemental Spectre V2 mitigations
available to SNP guests.
Patch 1 fixes a longstanding bug where users weren't able
to force Automatic IBRS on SNP enabled machines using spectre_v2=eibrs.
Patch 2 fixes another longstanding bug where users couldn't
select legacy / toggling SPEC_CTRL[IBRS] on AMD systems. Users of
the BTB Isolation feature may use IBRS to mitigate possible
performance degradation caused by BTB Isolation.
Patches 3 and 4 deal with a minor code refactoring as a result of
Sean's review of the v2 IBPB-on-Entry series.
Patch 5 adds support for IBPB-on-Entry.
Patch 6 adds support for BTB Isolation.
Based on current tip/master v7.0-rc6-423-g8726fc6dc93c
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
This v3 series now also available here:
https://github.com/AMDESE/linux/tree/btb-isol-latest
Advance qemu bits (to add feature on/off switches) available here:
https://github.com/AMDESE/qemu/tree/btb-isol-latest
Qemu bits will be posted upstream once kernel bits are merged.
They depend on Naveen Rao's "target/i386: SEV: Add support for
enabling VMSA SEV features":
https://lore.kernel.org/qemu-devel/cover.1761648149.git.naveen@kernel.org/
v3:
- Merged IBPB-on-Entry and BTB Isolation into single patchseries
- Addressed comments from Sean Christopherson, Pawan Gupta, kernel test robot
- Simplified unnecessarily complicated logic in spectre_v2=eibrs-with-SNP fix
- Reworded, rebased features on top of new SNP_ONLY_MASK etc. changes
v2:
[IBPB-on-Entry]
- https://lore.kernel.org/kvm/20260203222405.4065706-1-kim.phillips@amd.com/
- Change first patch's title (Nikunj)
- Add reviews-by (Nikunj, Tom)
- Change second patch's description to more generally explain what the patch does (Boris)
- Add new, third patch renaming SNP_FEATURES_PRESENT->SNP_FEATURES_IMPL
[BTB Isolation]
- https://lore.kernel.org/kvm/20260311130611.2201214-1-kim.phillips@amd.com/
- Patch 1/3:
- Address Dave Hansen's comment to adhere to using the IBRS_ENHANCED
Intel feature flag also for AutoIBRS.
v1:
[IBPB-on-Entry] https://lore.kernel.org/kvm/20260126224205.1442196-1-kim.phillips@amd.com/
[BTB Isolation] https://lore.kernel.org/kvm/20260224180157.725159-1-kim.phillips@amd.com/
Kim Phillips (6):
cpu/bugs: Allow forcing Automatic IBRS with SNP active using
spectre_v2=eibrs
cpu/bugs: Allow spectre_v2=ibrs on x86 vendors other than Intel
KVM: SEV: Disallow setting SNP-only features for non-SNP guests via a
single mask
KVM: SEV: Advertise SVM_SEV_FEAT_SNP_ACTIVE
KVM: SEV: Add support for IBPB-on-Entry
KVM: SEV: Add support for SNP BTB Isolation
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/svm.h | 7 +++++++
arch/x86/kernel/cpu/bugs.c | 18 +++++++++++-------
arch/x86/kernel/cpu/common.c | 6 +-----
arch/x86/kvm/svm/sev.c | 18 +++++++++++++++---
5 files changed, 35 insertions(+), 15 deletions(-)
base-commit: 8726fc6dc93c62232fa625c1c91b97e21fff02b6
--
2.43.0
next reply other threads:[~2026-04-02 20:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-02 20:25 Kim Phillips [this message]
2026-04-02 20:25 ` [PATCH v3 1/6] cpu/bugs: Allow forcing Automatic IBRS with SNP active using spectre_v2=eibrs Kim Phillips
2026-04-02 20:25 ` [PATCH v3 2/6] cpu/bugs: Allow spectre_v2=ibrs on x86 vendors other than Intel Kim Phillips
2026-04-02 20:25 ` [PATCH v3 3/6] KVM: SEV: Disallow setting SNP-only features for non-SNP guests via a single mask Kim Phillips
2026-04-02 20:25 ` [PATCH v3 4/6] KVM: SEV: Advertise SVM_SEV_FEAT_SNP_ACTIVE Kim Phillips
2026-04-02 20:25 ` [PATCH v3 5/6] KVM: SEV: Add support for IBPB-on-Entry Kim Phillips
2026-04-02 20:25 ` [PATCH v3 6/6] KVM: SEV: Add support for SNP BTB Isolation Kim Phillips
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260402202558.195005-1-kim.phillips@amd.com \
--to=kim.phillips@amd.com \
--cc=borislav.petkov@amd.com \
--cc=bp@alien8.de \
--cc=david.kaplan@amd.com \
--cc=kprateek.nayak@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=naveen.rao@amd.com \
--cc=nikunj@amd.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox