From: Paolo Bonzini Date: Mon, 28 Jul 2025 15:04:27 +0000 (-0400) Subject: Merge tag 'kvm-x86-mmio-6.17' of https://github.com/kvm-x86/linux into HEAD X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=f05efcfe07d8af26703b75cb91c8f58924661275;p=users%2Fwilly%2Fxarray.git Merge tag 'kvm-x86-mmio-6.17' of https://github.com/kvm-x86/linux into HEAD KVM MMIO Stale Data mitigation cleanup for 6.17 Rework KVM's mitigation for the MMIO State Data vulnerability to track whether or not a vCPU has access to (host) MMIO based on the MMU that will be used when running in the guest. The current approach doesn't actually detect whether or not a guest has access to MMIO, and is prone to false negatives (and to a lesser extent, false positives), as KVM_DEV_VFIO_FILE_ADD is optional, and obviously only covers VFIO devices. --- f05efcfe07d8af26703b75cb91c8f58924661275 diff --cc arch/x86/kvm/vmx/vmx.c index 5f37248b5d8b,3025b11007fd..2003e9097b4e --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@@ -7288,8 -7296,8 +7294,8 @@@ static noinstr void vmx_vcpu_enter_exit if (static_branch_unlikely(&vmx_l1d_should_flush)) vmx_l1d_flush(vcpu); else if (static_branch_unlikely(&cpu_buf_vm_clear) && - kvm_arch_has_assigned_device(vcpu->kvm)) + (flags & VMX_RUN_CLEAR_CPU_BUFFERS_FOR_MMIO)) - mds_clear_cpu_buffers(); + x86_clear_cpu_buffers(); vmx_disable_fb_clear(vmx);