git.ipfire.org Git - thirdparty/qemu.git/commit

author	Jon Kohler <jon@nutanix.com>
	Wed, 8 Oct 2025 20:25:57 +0000 (13:25 -0700)
committer	Michael Tokarev <mjt@tls.msk.ru>
	Wed, 15 Oct 2025 04:30:47 +0000 (07:30 +0300)
commit	9ca80ff5278a081f56e3fdbb058e70da3c160e42
tree	7f6640f4a9f560442cc300d171c611768e15837c	tree \| snapshot
parent	19ab9f31022e80acd45b796cd757885509ba5a35	commit \| diff

i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS

Newer Intel hardware (Sapphire Rapids and higher) sets multiple MDS
immunity bits in MSR_IA32_ARCH_CAPABILITIES but lacks the hardware-level
MSR_ARCH_CAP_FB_CLEAR (bit 17):
    ARCH_CAP_MDS_NO
    ARCH_CAP_TAA_NO
    ARCH_CAP_PSDP_NO
    ARCH_CAP_FBSDP_NO
    ARCH_CAP_SBDR_SSDP_NO

This prevents VMs with fb-clear=on from migrating from older hardware
(Cascade Lake, Ice Lake) to newer hardware, limiting live migration
capabilities. Note fb-clear was first introduced in v8.1.0 [1].

Expose MSR_ARCH_CAP_FB_CLEAR for MDS-invulnerable systems to enable
seamless migration between hardware generations.

Note: There is no impact when a guest migrates to newer hardware as
the existing bit combinations already mark the host as MMIO-immune and
disable FB_CLEAR operations in the kernel (see Linux's
arch_cap_mmio_immune() and vmx_update_fb_clear_dis()). See kernel side
discussion for [2] for additional context.

[1] 22e1094ca82 ("target/i386: add support for FB_CLEAR feature")
[2] https://patchwork.kernel.org/project/kvm/patch/20250401044931.793203-1-jon@nutanix.com/

Cc: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Jon Kohler <jon@nutanix.com>
Link: https://lore.kernel.org/r/20251008202557.4141285-1-jon@nutanix.com
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 00001a22d183ce96c110690987bf9dd6a8548552)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>