From fc0700c32ca7d50e25e9f67d728316de9d5b9c4b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 13 Sep 2025 13:51:30 +0200 Subject: [PATCH] 6.1-stable patches added patches: kvm-svm-return-tsa_sq_no-and-tsa_l1_no-bits-in-__do_cpuid_func.patch kvm-svm-set-synthesized-tsa-cpuid-flags.patch kvm-x86-move-open-coded-cpuid-leaf-0x80000021-eax-bit-propagation-code.patch --- ...nd-tsa_l1_no-bits-in-__do_cpuid_func.patch | 41 ++++++++ ...-svm-set-synthesized-tsa-cpuid-flags.patch | 50 ++++++++++ ...-0x80000021-eax-bit-propagation-code.patch | 98 +++++++++++++++++++ queue-6.1/series | 3 + 4 files changed, 192 insertions(+) create mode 100644 queue-6.1/kvm-svm-return-tsa_sq_no-and-tsa_l1_no-bits-in-__do_cpuid_func.patch create mode 100644 queue-6.1/kvm-svm-set-synthesized-tsa-cpuid-flags.patch create mode 100644 queue-6.1/kvm-x86-move-open-coded-cpuid-leaf-0x80000021-eax-bit-propagation-code.patch diff --git a/queue-6.1/kvm-svm-return-tsa_sq_no-and-tsa_l1_no-bits-in-__do_cpuid_func.patch b/queue-6.1/kvm-svm-return-tsa_sq_no-and-tsa_l1_no-bits-in-__do_cpuid_func.patch new file mode 100644 index 0000000000..8829b1209d --- /dev/null +++ b/queue-6.1/kvm-svm-return-tsa_sq_no-and-tsa_l1_no-bits-in-__do_cpuid_func.patch @@ -0,0 +1,41 @@ +From stable+bounces-179403-greg=kroah.com@vger.kernel.org Sat Sep 13 00:29:39 2025 +From: Boris Ostrovsky +Date: Fri, 12 Sep 2025 18:29:14 -0400 +Subject: KVM: SVM: Return TSA_SQ_NO and TSA_L1_NO bits in __do_cpuid_func() +To: stable@vger.kernel.org +Cc: gregkh@linuxfoundation.org, sashal@kernel.org, bp@alien8.de +Message-ID: <20250912222915.3143868-3-boris.ostrovsky@oracle.com> + +From: Boris Ostrovsky + +Commit c334ae4a545a ("KVM: SVM: Advertise TSA CPUID bits to guests") +set VERW_CLEAR, TSA_SQ_NO and TSA_L1_NO kvm_caps bits that are +supposed to be provided to guest when it requests CPUID 0x80000021. +However, the latter two (in the %ecx register) are instead returned as +zeroes in __do_cpuid_func(). + +Return values of TSA_SQ_NO and TSA_L1_NO as set in the kvm_cpu_caps. + +This fix is stable-only. + +Cc: # 6.1.y +Fixes: c334ae4a545a ("KVM: SVM: Advertise TSA CPUID bits to guests") +Signed-off-by: Boris Ostrovsky +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/cpuid.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -1259,8 +1259,9 @@ static inline int __do_cpuid_func(struct + entry->eax = entry->ebx = entry->ecx = entry->edx = 0; + break; + case 0x80000021: +- entry->ebx = entry->ecx = entry->edx = 0; ++ entry->ebx = entry->edx = 0; + cpuid_entry_override(entry, CPUID_8000_0021_EAX); ++ cpuid_entry_override(entry, CPUID_8000_0021_ECX); + break; + /*Add support for Centaur's CPUID instruction*/ + case 0xC0000000: diff --git a/queue-6.1/kvm-svm-set-synthesized-tsa-cpuid-flags.patch b/queue-6.1/kvm-svm-set-synthesized-tsa-cpuid-flags.patch new file mode 100644 index 0000000000..3447395ff2 --- /dev/null +++ b/queue-6.1/kvm-svm-set-synthesized-tsa-cpuid-flags.patch @@ -0,0 +1,50 @@ +From stable+bounces-179404-greg=kroah.com@vger.kernel.org Sat Sep 13 00:29:41 2025 +From: Boris Ostrovsky +Date: Fri, 12 Sep 2025 18:29:15 -0400 +Subject: KVM: SVM: Set synthesized TSA CPUID flags +To: stable@vger.kernel.org +Cc: gregkh@linuxfoundation.org, sashal@kernel.org, bp@alien8.de +Message-ID: <20250912222915.3143868-4-boris.ostrovsky@oracle.com> + +From: "Borislav Petkov (AMD)" + +Commit f3f9deccfc68a6b7c8c1cc51e902edba23d309d4 in the LTS tree. + +VERW_CLEAR is supposed to be set only by the hypervisor to denote TSA +mitigation support to a guest. SQ_NO and L1_NO are both synthesizable, +and are going to be set by hw CPUID on future machines. + +So keep the kvm_cpu_cap_init_kvm_defined() invocation *and* set them +when synthesized. + +This fix is stable-only. + +Co-developed-by: Jinpu Wang +Signed-off-by: Jinpu Wang +Signed-off-by: Borislav Petkov (AMD) +Signed-off-by: Greg Kroah-Hartman +Cc: # 6.1.y +Signed-off-by: Boris Ostrovsky +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/cpuid.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -770,10 +770,15 @@ void kvm_set_cpu_caps(void) + if (cpu_feature_enabled(X86_FEATURE_SRSO_NO)) + kvm_cpu_cap_set(X86_FEATURE_SRSO_NO); + ++ kvm_cpu_cap_check_and_set(X86_FEATURE_VERW_CLEAR); ++ + kvm_cpu_cap_init_kvm_defined(CPUID_8000_0021_ECX, + F(TSA_SQ_NO) | F(TSA_L1_NO) + ); + ++ kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_SQ_NO); ++ kvm_cpu_cap_check_and_set(X86_FEATURE_TSA_L1_NO); ++ + /* + * Hide RDTSCP and RDPID if either feature is reported as supported but + * probing MSR_TSC_AUX failed. This is purely a sanity check and diff --git a/queue-6.1/kvm-x86-move-open-coded-cpuid-leaf-0x80000021-eax-bit-propagation-code.patch b/queue-6.1/kvm-x86-move-open-coded-cpuid-leaf-0x80000021-eax-bit-propagation-code.patch new file mode 100644 index 0000000000..341c877249 --- /dev/null +++ b/queue-6.1/kvm-x86-move-open-coded-cpuid-leaf-0x80000021-eax-bit-propagation-code.patch @@ -0,0 +1,98 @@ +From stable+bounces-179405-greg=kroah.com@vger.kernel.org Sat Sep 13 00:29:46 2025 +From: Boris Ostrovsky +Date: Fri, 12 Sep 2025 18:29:13 -0400 +Subject: KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code +To: stable@vger.kernel.org +Cc: gregkh@linuxfoundation.org, sashal@kernel.org, bp@alien8.de +Message-ID: <20250912222915.3143868-2-boris.ostrovsky@oracle.com> + +From: Kim Phillips + +Commit c35ac8c4bf600ee23bacb20f863aa7830efb23fb upstream + +Move code from __do_cpuid_func() to kvm_set_cpu_caps() in preparation for adding +the features in their native leaf. + +Also drop the bit description comments as it will be more self-describing once +the individual features are added. + +Whilst there, switch to using the more efficient cpu_feature_enabled() instead +of static_cpu_has(). + +Note, LFENCE_RDTSC and "NULL selector clears base" are currently synthetic, +Linux-defined feature flags as Linux tracking of the features predates AMD's +definition. Keep the manual propagation of the flags from their synthetic +counterparts until the kernel fully converts to AMD's definition, otherwise KVM +would stop synthesizing the flags as intended. + +Signed-off-by: Kim Phillips +Signed-off-by: Borislav Petkov (AMD) +Acked-by: Sean Christopherson +Link: https://lore.kernel.org/r/20230124163319.2277355-3-kim.phillips@amd.com + +Move setting of VERW_CLEAR bit to the new +kvm_cpu_cap_mask(CPUID_8000_0021_EAX, ...) site. + +Cc: # 6.1.y +Signed-off-by: Boris Ostrovsky +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/cpuid.c | 33 ++++++++++++++------------------- + 1 file changed, 14 insertions(+), 19 deletions(-) + +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -749,6 +749,18 @@ void kvm_set_cpu_caps(void) + 0 /* SME */ | F(SEV) | 0 /* VM_PAGE_FLUSH */ | F(SEV_ES) | + F(SME_COHERENT)); + ++ kvm_cpu_cap_mask(CPUID_8000_0021_EAX, ++ BIT(0) /* NO_NESTED_DATA_BP */ | ++ BIT(2) /* LFENCE Always serializing */ | 0 /* SmmPgCfgLock */ | ++ BIT(5) /* The memory form of VERW mitigates TSA */ | ++ BIT(6) /* NULL_SEL_CLR_BASE */ | 0 /* PrefetchCtlMsr */ ++ ); ++ if (cpu_feature_enabled(X86_FEATURE_LFENCE_RDTSC)) ++ kvm_cpu_caps[CPUID_8000_0021_EAX] |= BIT(2) /* LFENCE Always serializing */; ++ if (!static_cpu_has_bug(X86_BUG_NULL_SEG)) ++ kvm_cpu_caps[CPUID_8000_0021_EAX] |= BIT(6) /* NULL_SEL_CLR_BASE */; ++ kvm_cpu_caps[CPUID_8000_0021_EAX] |= BIT(9) /* NO_SMM_CTL_MSR */; ++ + kvm_cpu_cap_mask(CPUID_C000_0001_EDX, + F(XSTORE) | F(XSTORE_EN) | F(XCRYPT) | F(XCRYPT_EN) | + F(ACE2) | F(ACE2_EN) | F(PHE) | F(PHE_EN) | +@@ -758,8 +770,6 @@ void kvm_set_cpu_caps(void) + if (cpu_feature_enabled(X86_FEATURE_SRSO_NO)) + kvm_cpu_cap_set(X86_FEATURE_SRSO_NO); + +- kvm_cpu_cap_mask(CPUID_8000_0021_EAX, F(VERW_CLEAR)); +- + kvm_cpu_cap_init_kvm_defined(CPUID_8000_0021_ECX, + F(TSA_SQ_NO) | F(TSA_L1_NO) + ); +@@ -1249,23 +1259,8 @@ static inline int __do_cpuid_func(struct + entry->eax = entry->ebx = entry->ecx = entry->edx = 0; + break; + case 0x80000021: +- entry->ebx = entry->edx = 0; +- /* +- * Pass down these bits: +- * EAX 0 NNDBP, Processor ignores nested data breakpoints +- * EAX 2 LAS, LFENCE always serializing +- * EAX 6 NSCB, Null selector clear base +- * +- * Other defined bits are for MSRs that KVM does not expose: +- * EAX 3 SPCL, SMM page configuration lock +- * EAX 13 PCMSR, Prefetch control MSR +- */ +- entry->eax &= BIT(0) | BIT(2) | BIT(6); +- if (static_cpu_has(X86_FEATURE_LFENCE_RDTSC)) +- entry->eax |= BIT(2); +- if (!static_cpu_has_bug(X86_BUG_NULL_SEG)) +- entry->eax |= BIT(6); +- cpuid_entry_override(entry, CPUID_8000_0021_ECX); ++ entry->ebx = entry->ecx = entry->edx = 0; ++ cpuid_entry_override(entry, CPUID_8000_0021_EAX); + break; + /*Add support for Centaur's CPUID instruction*/ + case 0xC0000000: diff --git a/queue-6.1/series b/queue-6.1/series index d7cb40f52e..2ce00eb25c 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -17,3 +17,6 @@ tracing-silence-warning-when-chunk-allocation-fails-.patch s390-cpum_cf-deny-all-sampling-events-by-counter-pmu.patch tcp_bpf-call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch proc-fix-type-confusion-in-pde_set_flags.patch +kvm-x86-move-open-coded-cpuid-leaf-0x80000021-eax-bit-propagation-code.patch +kvm-svm-return-tsa_sq_no-and-tsa_l1_no-bits-in-__do_cpuid_func.patch +kvm-svm-set-synthesized-tsa-cpuid-flags.patch -- 2.47.3