From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 82A2F389444; Tue, 7 Apr 2026 17:12:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.20 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775581942; cv=none; b=Q97nhDOqzYI05BRxyez5eaBEHUs616xWJAre/9QOVQuHmIlauVDU+PQVpF620E2qfSXImy1VY+sTpGjdwQ6qiTrtNoGgDRYmlfTgR0ZwXP7GQihIAMzpN514Uw8GaaRrSt8UYRz6Yaka/rLHsyCzGDJi3vGVNvuS4A4rk3yMxWk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775581942; c=relaxed/simple; bh=VTnEL2jgiZ8I/CpjwZKmFVQmq5+uKvuuxfLgBgBNTNk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=Kme512RUbHxeky9LKpPWS8geD8ts8O4+H9nIQ87Zghd7sZQzMGLabHDZosbpoFIpNppbuV81F3Aj0qeMVeUqwDzdJgiRBDYMdYPLD7ZydN9Nwo+Wtc1ylquazaqeX+v2sJXSfvb82lA/GK7M+7tdFmZ3ybBv8Im4Jm0KTsJgoEQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=pass smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=QsKdy/SL; arc=none smtp.client-ip=198.175.65.20 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="QsKdy/SL" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1775581940; x=1807117940; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=VTnEL2jgiZ8I/CpjwZKmFVQmq5+uKvuuxfLgBgBNTNk=; b=QsKdy/SLfvYKp977kxUbvSAWiIMw3KExbclgfqt+ou+xckpnSQzoasWi efTDC69Fxr1vHC4jxpA0NMB7DFPi+2KUK19YGlFaQtx8dd+bWckDSZr69 ssqj9893yyhT6fKUJ/B1iUnNv1mRK/5B8EaG/AxJEqM1JHSX0Mq4BenZ9 /ONWO6rD4euf9RGEHkBBRg6jH00Wb6N1GDPCB46vKve3rbQ+WhfSYTfX8 XaK/GY5CCIf0xXck2DQHe9pqLHAPpV2IhQz6ezNKea8A8jP26qOXu5WaT Z/qTvcP5I+6TEl1p6sFRwGLlBv7PgPhDuk3YypvXGk79FYTCx2DaRucma w==; X-CSE-ConnectionGUID: SCxH/561QDm0oCbvUrUzag== X-CSE-MsgGUID: mhKTbJMOR0++B3sE/XUvgA== X-IronPort-AV: E=McAfee;i="6800,10657,11752"; a="76270684" X-IronPort-AV: E=Sophos;i="6.23,165,1770624000"; d="scan'208";a="76270684" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by orvoesa112.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Apr 2026 10:12:20 -0700 X-CSE-ConnectionGUID: xoYW+jlDSu6wsuUHsvAmlQ== X-CSE-MsgGUID: CxX3wLCaQJyrhNydtFYjCQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.23,165,1770624000"; d="scan'208";a="228155144" Received: from guptapa-desk.jf.intel.com (HELO desk) ([10.165.239.46]) by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Apr 2026 10:12:20 -0700 Date: Tue, 7 Apr 2026 10:11:52 -0700 From: Pawan Gupta To: Jim Mattson Cc: x86@kernel.org, Jon Kohler , Nikolay Borisov , "H. Peter Anvin" , Josh Poimboeuf , David Kaplan , Sean Christopherson , Borislav Petkov , Dave Hansen , Peter Zijlstra , Alexei Starovoitov , Daniel Borkmann , Andrii Nakryiko , KP Singh , Jiri Olsa , "David S. Miller" , David Laight , Andy Lutomirski , Thomas Gleixner , Ingo Molnar , David Ahern , Martin KaFai Lau , Eduard Zingerman , Song Liu , Yonghong Song , John Fastabend , Stanislav Fomichev , Hao Luo , Paolo Bonzini , Jonathan Corbet , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Asit Mallick , Tao Zhang , bpf@vger.kernel.org, netdev@vger.kernel.org, linux-doc@vger.kernel.org, chao.gao@intel.com Subject: Re: [PATCH v9 02/10] x86/bhi: Make clear_bhb_loop() effective on newer CPUs Message-ID: <20260407171151.2gf2idjbmph35ypb@desk> References: <20260403231608.zopnhnypdclzqlx7@desk> <20260403233329.fb2ppifgwm3um6ny@desk> <20260404002149.wtayv6a64vzuppgp@desk> <20260404034954.t7iapenzvhdpagxp@desk> <20260407163943.y6tkh26z2rfktn3y@desk> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Tue, Apr 07, 2026 at 09:46:07AM -0700, Jim Mattson wrote: > On Tue, Apr 7, 2026 at 9:40 AM Pawan Gupta > wrote: > > > > On Mon, Apr 06, 2026 at 07:23:25AM -0700, Jim Mattson wrote: > > > Yes, but the guest needs a way to determine whether the hypervisor > > > will do what's necessary to make the short sequence effective. And, in > > > particular, no KVM hypervisor today is prepared to do that. > > > > > > When running under a hypervisor, without BHI_CTRL and without any > > > evidence to the contrary, the guest must assume that the longer > > > sequence is necessary. At the very least, we need a CPUID or MSR bit > > > that says, "the short BHB clearing sequence is adequate for this > > > vCPU." > > > > After discussing this internally, the consensus is that the best path > > forward is to add virtual SPEC_CTRL support to KVM, which also aligns with > > Intel's guidance. In the long term, virtual SPEC_CTRL can benefit future > > mitigations as well. As with many other mitigations (e.g. microcode), the > > guest would rely on the host to enforce the appropriate protections. > > I don't think it's reasonable for the guest to rely on a future > implementation to enforce the appropriate protections. > > This is already a problem today. If a guest sees that BHI_CTRL is > unavailable, it will deploy the short BHB clearing sequence and > declare that the vulnerability is mitigated. That isn't true if the > guest is running on Alder Lake or newer. In any case, there is a change required in the kernel either for the guest or the host, they both are future implementations. Why not implement the one that is more future proof.