KVM: x86: Generalize IBRS virtualization on emulated VM-exit

Commit 2e7eab81425a ("KVM: VMX: Execute IBPB on emulated VM-exit when
guest has IBRS") added an IBPB in the emulated VM-exit path on Intel to
properly virtualize IBRS by providing separate predictor modes for L1
and L2.

AMD requires similar handling, except when IbrsSameMode is enumerated by
the host CPU (which is the case on most/all AMD CPUs). With
IbrsSameMode, hardware IBRS is sufficient and no extra handling is
needed from KVM.

Generalize the handling in nested_vmx_vmexit() by moving it into a
generic function, add the AMD handling, and use it in
nested_svm_vmexit() too. The main reason for using a generic function is
to have a single place to park the huge comment about virtualizing IBRS.

Signed-off-by: Yosry Ahmed <yosry.ahmed@linux.dev>
Reviewed-by: Jim Mattson <jmattson@google.com>
Link: https://lore.kernel.org/r/20250221163352.3818347-4-yosry.ahmed@linux.dev
[sean: use kvm_nested_vmexit_handle_spec_ctrl() for the helper]
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index 834b67672d50faea7d939e93dc41555116fb5ddc..6cd2cf7f6f68dc39b95f19a4732cf4d7816f00bc 100644 (file)
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -1041,6 +1041,8 @@ int nested_svm_vmexit(struct vcpu_svm *svm)
 
        nested_svm_copy_common_state(svm->nested.vmcb02.ptr, svm->vmcb01.ptr);
 
+       kvm_nested_vmexit_handle_ibrs(vcpu);
+
        svm_switch_vmcb(svm, &svm->vmcb01);
 
        /*

diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
index e073e3008b16b411e67f4c72c4b5d36e111810f4..ebeb183270cfb834b8f5cce13b513779a0435393 100644 (file)
--- a/arch/x86/kvm/vmx/nested.c
+++ b/arch/x86/kvm/vmx/nested.c
@@ -5020,16 +5020,7 @@ void __nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 vm_exit_reason,
 
        vmx_switch_vmcs(vcpu, &vmx->vmcs01);
 
-       /*
-        * If IBRS is advertised to the vCPU, KVM must flush the indirect
-        * branch predictors when transitioning from L2 to L1, as L1 expects
-        * hardware (KVM in this case) to provide separate predictor modes.
-        * Bare metal isolates VMX root (host) from VMX non-root (guest), but
-        * doesn't isolate different VMCSs, i.e. in this case, doesn't provide
-        * separate modes for L2 vs L1.
-        */
-       if (guest_cpu_cap_has(vcpu, X86_FEATURE_SPEC_CTRL))
-               indirect_branch_prediction_barrier();
+       kvm_nested_vmexit_handle_ibrs(vcpu);
 
        /* Update any VMCS fields that might have changed while L2 ran */
        vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, vmx->msr_autoload.host.nr);

diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h
index 88a9475899c89156713f3f614147a56624b1ddf7..832f0faf47791886e19a8978db33fca267582143 100644 (file)
--- a/arch/x86/kvm/x86.h
+++ b/arch/x86/kvm/x86.h
@@ -121,6 +121,24 @@ static inline void kvm_leave_nested(struct kvm_vcpu *vcpu)
        kvm_x86_ops.nested_ops->leave_nested(vcpu);
 }
 
+/*
+ * If IBRS is advertised to the vCPU, KVM must flush the indirect branch
+ * predictors when transitioning from L2 to L1, as L1 expects hardware (KVM in
+ * this case) to provide separate predictor modes.  Bare metal isolates the host
+ * from the guest, but doesn't isolate different guests from one another (in
+ * this case L1 and L2). The exception is if bare metal supports same mode IBRS,
+ * which offers protection within the same mode, and hence protects L1 from L2.
+ */
+static inline void kvm_nested_vmexit_handle_ibrs(struct kvm_vcpu *vcpu)
+{
+       if (cpu_feature_enabled(X86_FEATURE_AMD_IBRS_SAME_MODE))
+               return;
+
+       if (guest_cpu_cap_has(vcpu, X86_FEATURE_SPEC_CTRL) ||
+           guest_cpu_cap_has(vcpu, X86_FEATURE_AMD_IBRS))
+               indirect_branch_prediction_barrier();
+}
+
 static inline bool kvm_vcpu_has_run(struct kvm_vcpu *vcpu)
 {
        return vcpu->arch.last_vmentry_cpu != -1;