[PATCH 5.15.y 0/2] Fix TSA CPUID management in KVM

[PATCH 5.15.y 0/2] Fix TSA CPUID management in KVM

[Boris Ostrovsky]

Backport of AMD's TSA mitigation to 5.15 did not set CPUID bits that are
passed to a guest correctly (commit c334ae4a545a "KVM: SVM: Advertise
TSA CPUID bits to guests").

This series attempts to address this:
* The first patch from Kim allows us to properly use cpuid caps.
* The second patch is a combination of fixes to c334ae4a545a and f3f9deccfc68,
  which is stable-only patch to 6.12.y. (Not sure what to do with
  attribution)

Alternatively, we can opencode all of this (the way it's currently done in
__do_cpuid_func()'s 0x80000021 case) and do everything in a single patch.

Boris Ostrovsky (1):
  KVM: SVM:  Properly advertise TSA CPUID bits to guests

Kim Phillips (1):
  KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation
    code

 arch/x86/kvm/cpuid.c | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

-- 
2.43.5

[PATCH 5.15.y 1/2] KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code

[Boris Ostrovsky]

From: Kim Phillips <kim.phillips@amd.com>

Commit c35ac8c4bf600ee23bacb20f863aa7830efb23fb upstream

Move code from __do_cpuid_func() to kvm_set_cpu_caps() in preparation for adding
the features in their native leaf.

Also drop the bit description comments as it will be more self-describing once
the individual features are added.

Whilst there, switch to using the more efficient cpu_feature_enabled() instead
of static_cpu_has().

Note, LFENCE_RDTSC and "NULL selector clears base" are currently synthetic,
Linux-defined feature flags as Linux tracking of the features predates AMD's
definition.  Keep the manual propagation of the flags from their synthetic
counterparts until the kernel fully converts to AMD's definition, otherwise KVM
would stop synthesizing the flags as intended.

Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/r/20230124163319.2277355-3-kim.phillips@amd.com
Cc: <stable@vger.kernel.org> # 5.15.y
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
---
 arch/x86/kvm/cpuid.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 3bdb522d48bc..333f9941147e 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -544,6 +544,16 @@ void kvm_set_cpu_caps(void)
 		0 /* SME */ | F(SEV) | 0 /* VM_PAGE_FLUSH */ | F(SEV_ES) |
 		F(SME_COHERENT));
 
+	kvm_cpu_cap_mask(CPUID_8000_0021_EAX,
+		BIT(0) /* NO_NESTED_DATA_BP */ |
+		BIT(2) /* LFENCE Always serializing */ | 0 /* SmmPgCfgLock */ |
+		BIT(6) /* NULL_SEL_CLR_BASE */ | 0 /* PrefetchCtlMsr */
+	);
+	if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC))
+		kvm_cpu_caps[CPUID_8000_0021_EAX] |= BIT(2) /* LFENCE Always serializing */;
+	if (!static_cpu_has_bug(X86_BUG_NULL_SEG))
+		kvm_cpu_caps[CPUID_8000_0021_EAX] |= BIT(6) /* NULL_SEL_CLR_BASE */;
+
 	kvm_cpu_cap_mask(CPUID_C000_0001_EDX,
 		F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) |
 		F(ACE2) | F(ACE2_EN) | F(PHE) | F(PHE_EN) |
@@ -1006,17 +1016,7 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
 		break;
 	case 0x80000021:
 		entry->ebx = entry->ecx = entry->edx = 0;
-		/*
-		 * Pass down these bits:
-		 *    EAX      0      NNDBP, Processor ignores nested data breakpoints
-		 *    EAX      2      LAS, LFENCE always serializing
-		 *    EAX      6      NSCB, Null selector clear base
-		 *
-		 * Other defined bits are for MSRs that KVM does not expose:
-		 *   EAX      3      SPCL, SMM page configuration lock
-		 *   EAX      13     PCMSR, Prefetch control MSR
-		 */
-		entry->eax &= BIT(0) | BIT(2) | BIT(6);
+		cpuid_entry_override(entry, CPUID_8000_0021_EAX);
 		break;
 	/*Add support for Centaur's CPUID instruction*/
 	case 0xC0000000:
-- 
2.43.5

[PATCH 5.15.y 2/2] KVM: SVM: Properly advertise TSA CPUID bits to guests

[Boris Ostrovsky]

Commit 31272abd5974b38ba312e9cf2ec2f09f9dd7dcba upstream.
Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 LTS

Original LTS backport (commit c334ae4a545a "KVM: SVM: Advertise TSA CPUID bits to guests")
set cpuid caps mask for 0x80000021.EAX leaf but not the actual VERW_CLEAR bit.
TSA_SQ_NO/TSA_L1_NO bits were similarly not set when they are synthesized.

Fix that.

Cc: <stable@vger.kernel.org> # 5.15.y
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
---
 arch/x86/kvm/cpuid.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 333f9941147e..8a72b4bf5901 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -547,6 +547,7 @@ void kvm_set_cpu_caps(void)
 	kvm_cpu_cap_mask(CPUID_8000_0021_EAX,
 		BIT(0) /* NO_NESTED_DATA_BP */ |
 		BIT(2) /* LFENCE Always serializing */ | 0 /* SmmPgCfgLock */ |
+		BIT(5) /* The memory form of VERW mitigates TSA */ |
 		BIT(6) /* NULL_SEL_CLR_BASE */ | 0 /* PrefetchCtlMsr */
 	);
 	if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC))
@@ -563,12 +564,15 @@ void kvm_set_cpu_caps(void)
 	if (cpu_feature_enabled(X86_FEATURE_SRSO_NO))
 		kvm_cpu_cap_set(X86_FEATURE_SRSO_NO);
 
-	kvm_cpu_cap_mask(CPUID_8000_0021_EAX, F(VERW_CLEAR));
+	kvm_cpu_cap_check_and_set(X86_FEATURE_VERW_CLEAR);
 
 	kvm_cpu_cap_init_kvm_defined(CPUID_8000_0021_ECX,
 		F(TSA_SQ_NO) | F(TSA_L1_NO)
 	);
 
+	kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_SQ_NO);
+	kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_L1_NO);
+
 	/*
 	 * Hide RDTSCP and RDPID if either feature is reported as supported but
 	 * probing MSR_TSC_AUX failed.  This is purely a sanity check and
@@ -1015,8 +1019,9 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function)
 		entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
 		break;
 	case 0x80000021:
-		entry->ebx = entry->ecx = entry->edx = 0;
+		entry->ebx = entry->edx = 0;
 		cpuid_entry_override(entry, CPUID_8000_0021_EAX);
+		cpuid_entry_override(entry, CPUID_8000_0021_ECX);
 		break;
 	/*Add support for Centaur's CPUID instruction*/
 	case 0xC0000000:
-- 
2.43.5

Re: [PATCH 5.15.y 2/2] KVM: SVM: Properly advertise TSA CPUID bits to guests

[Greg KH]

On Wed, Aug 27, 2025 at 02:15:24PM -0400, Boris Ostrovsky wrote:
> Commit 31272abd5974b38ba312e9cf2ec2f09f9dd7dcba upstream.
> Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 LTS

How about you just backport both of these independently, as this change
now looks nothing like either of those commits :(

thanks,

greg k-h

Re: [PATCH 5.15.y 2/2] KVM: SVM: Properly advertise TSA CPUID bits to guests

[Boris Ostrovsky]

On 9/2/25 7:42 AM, Greg KH wrote:
> On Wed, Aug 27, 2025 at 02:15:24PM -0400, Boris Ostrovsky wrote:
>> Commit 31272abd5974b38ba312e9cf2ec2f09f9dd7dcba upstream.
>> Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 LTS
> 
> How about you just backport both of these independently, as this change
> now looks nothing like either of those commits :(

The trouble is that the first one was already backported by 
c334ae4a545a1b1ae8aff4e5eb741af2c7624cc7 and it missed a few things. 
Some, but not all, of these issues were corrected by the LTS patch (the 
second commit above).

I couldn't figure out how to separate this into two patches so I merged 
them into one.

I suppose I could provide an incomplete "fix" for 
c334ae4a545a1b1ae8aff4e5eb741af2c7624cc7 as a separate patch (but the 
code will still be broken) and then do the LTS backport.

Or I can drop these two lines and simply mention these two commits 
inline in the commit message.

-boris