Backport of AMD's TSA mitigation to 5.15 did not set CPUID bits that are passed to a guest correctly (commit c334ae4a545a "KVM: SVM: Advertise TSA CPUID bits to guests").
This series attempts to address this: * The first patch from Kim allows us to properly use cpuid caps. * The second patch is a combination of fixes to c334ae4a545a and f3f9deccfc68, which is stable-only patch to 6.12.y. (Not sure what to do with attribution)
Alternatively, we can opencode all of this (the way it's currently done in __do_cpuid_func()'s 0x80000021 case) and do everything in a single patch.
Boris Ostrovsky (1): KVM: SVM: Properly advertise TSA CPUID bits to guests
Kim Phillips (1): KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code
arch/x86/kvm/cpuid.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-)
From: Kim Phillips kim.phillips@amd.com
Commit c35ac8c4bf600ee23bacb20f863aa7830efb23fb upstream
Move code from __do_cpuid_func() to kvm_set_cpu_caps() in preparation for adding the features in their native leaf.
Also drop the bit description comments as it will be more self-describing once the individual features are added.
Whilst there, switch to using the more efficient cpu_feature_enabled() instead of static_cpu_has().
Note, LFENCE_RDTSC and "NULL selector clears base" are currently synthetic, Linux-defined feature flags as Linux tracking of the features predates AMD's definition. Keep the manual propagation of the flags from their synthetic counterparts until the kernel fully converts to AMD's definition, otherwise KVM would stop synthesizing the flags as intended.
Signed-off-by: Kim Phillips kim.phillips@amd.com Signed-off-by: Borislav Petkov (AMD) bp@alien8.de Acked-by: Sean Christopherson seanjc@google.com Link: https://lore.kernel.org/r/20230124163319.2277355-3-kim.phillips@amd.com Cc: stable@vger.kernel.org # 5.15.y Signed-off-by: Boris Ostrovsky boris.ostrovsky@oracle.com --- arch/x86/kvm/cpuid.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 3bdb522d48bc..333f9941147e 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -544,6 +544,16 @@ void kvm_set_cpu_caps(void) 0 /* SME */ | F(SEV) | 0 /* VM_PAGE_FLUSH */ | F(SEV_ES) | F(SME_COHERENT));
+ kvm_cpu_cap_mask(CPUID_8000_0021_EAX, + BIT(0) /* NO_NESTED_DATA_BP */ | + BIT(2) /* LFENCE Always serializing */ | 0 /* SmmPgCfgLock */ | + BIT(6) /* NULL_SEL_CLR_BASE */ | 0 /* PrefetchCtlMsr */ + ); + if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC)) + kvm_cpu_caps[CPUID_8000_0021_EAX] |= BIT(2) /* LFENCE Always serializing */; + if (!static_cpu_has_bug(X86_BUG_NULL_SEG)) + kvm_cpu_caps[CPUID_8000_0021_EAX] |= BIT(6) /* NULL_SEL_CLR_BASE */; + kvm_cpu_cap_mask(CPUID_C000_0001_EDX, F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) | F(ACE2) | F(ACE2_EN) | F(PHE) | F(PHE_EN) | @@ -1006,17 +1016,7 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function) break; case 0x80000021: entry->ebx = entry->ecx = entry->edx = 0; - /* - * Pass down these bits: - * EAX 0 NNDBP, Processor ignores nested data breakpoints - * EAX 2 LAS, LFENCE always serializing - * EAX 6 NSCB, Null selector clear base - * - * Other defined bits are for MSRs that KVM does not expose: - * EAX 3 SPCL, SMM page configuration lock - * EAX 13 PCMSR, Prefetch control MSR - */ - entry->eax &= BIT(0) | BIT(2) | BIT(6); + cpuid_entry_override(entry, CPUID_8000_0021_EAX); break; /*Add support for Centaur's CPUID instruction*/ case 0xC0000000:
Commit 31272abd5974b38ba312e9cf2ec2f09f9dd7dcba upstream. Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 LTS
Original LTS backport (commit c334ae4a545a "KVM: SVM: Advertise TSA CPUID bits to guests") set cpuid caps mask for 0x80000021.EAX leaf but not the actual VERW_CLEAR bit. TSA_SQ_NO/TSA_L1_NO bits were similarly not set when they are synthesized.
Fix that.
Cc: stable@vger.kernel.org # 5.15.y Signed-off-by: Boris Ostrovsky boris.ostrovsky@oracle.com --- arch/x86/kvm/cpuid.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index 333f9941147e..8a72b4bf5901 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -547,6 +547,7 @@ void kvm_set_cpu_caps(void) kvm_cpu_cap_mask(CPUID_8000_0021_EAX, BIT(0) /* NO_NESTED_DATA_BP */ | BIT(2) /* LFENCE Always serializing */ | 0 /* SmmPgCfgLock */ | + BIT(5) /* The memory form of VERW mitigates TSA */ | BIT(6) /* NULL_SEL_CLR_BASE */ | 0 /* PrefetchCtlMsr */ ); if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC)) @@ -563,12 +564,15 @@ void kvm_set_cpu_caps(void) if (cpu_feature_enabled(X86_FEATURE_SRSO_NO)) kvm_cpu_cap_set(X86_FEATURE_SRSO_NO);
- kvm_cpu_cap_mask(CPUID_8000_0021_EAX, F(VERW_CLEAR)); + kvm_cpu_cap_check_and_set(X86_FEATURE_VERW_CLEAR);
kvm_cpu_cap_init_kvm_defined(CPUID_8000_0021_ECX, F(TSA_SQ_NO) | F(TSA_L1_NO) );
+ kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_SQ_NO); + kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_L1_NO); + /* * Hide RDTSCP and RDPID if either feature is reported as supported but * probing MSR_TSC_AUX failed. This is purely a sanity check and @@ -1015,8 +1019,9 @@ static inline int __do_cpuid_func(struct kvm_cpuid_array *array, u32 function) entry->eax = entry->ebx = entry->ecx = entry->edx = 0; break; case 0x80000021: - entry->ebx = entry->ecx = entry->edx = 0; + entry->ebx = entry->edx = 0; cpuid_entry_override(entry, CPUID_8000_0021_EAX); + cpuid_entry_override(entry, CPUID_8000_0021_ECX); break; /*Add support for Centaur's CPUID instruction*/ case 0xC0000000:
On Wed, Aug 27, 2025 at 02:15:24PM -0400, Boris Ostrovsky wrote:
Commit 31272abd5974b38ba312e9cf2ec2f09f9dd7dcba upstream. Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 LTS
How about you just backport both of these independently, as this change now looks nothing like either of those commits :(
thanks,
greg k-h
On 9/2/25 7:42 AM, Greg KH wrote:
On Wed, Aug 27, 2025 at 02:15:24PM -0400, Boris Ostrovsky wrote:
Commit 31272abd5974b38ba312e9cf2ec2f09f9dd7dcba upstream. Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 LTS
How about you just backport both of these independently, as this change now looks nothing like either of those commits :(
The trouble is that the first one was already backported by c334ae4a545a1b1ae8aff4e5eb741af2c7624cc7 and it missed a few things. Some, but not all, of these issues were corrected by the LTS patch (the second commit above).
I couldn't figure out how to separate this into two patches so I merged them into one.
I suppose I could provide an incomplete "fix" for c334ae4a545a1b1ae8aff4e5eb741af2c7624cc7 as a separate patch (but the code will still be broken) and then do the LTS backport.
Or I can drop these two lines and simply mention these two commits inline in the commit message.
-boris
On Wed, Sep 03, 2025 at 12:44:00PM -0400, Boris Ostrovsky wrote:
On 9/2/25 7:42 AM, Greg KH wrote:
On Wed, Aug 27, 2025 at 02:15:24PM -0400, Boris Ostrovsky wrote:
Commit 31272abd5974b38ba312e9cf2ec2f09f9dd7dcba upstream. Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 LTS
How about you just backport both of these independently, as this change now looks nothing like either of those commits :(
The trouble is that the first one was already backported by c334ae4a545a1b1ae8aff4e5eb741af2c7624cc7 and it missed a few things. Some, but not all, of these issues were corrected by the LTS patch (the second commit above).
I couldn't figure out how to separate this into two patches so I merged them into one.
I suppose I could provide an incomplete "fix" for c334ae4a545a1b1ae8aff4e5eb741af2c7624cc7 as a separate patch (but the code will still be broken) and then do the LTS backport.
Yes please. When ever possible try to stick to what is upstream, and that includes backporting partial patches if needed, as then they can actually be tracked.
thanks,
greg k-h
linux-stable-mirror@lists.linaro.org
-
Boris Ostrovsky -
Greg KH