137137 "sme" ,
138138} | {"brs" , "rapl" , "v_spec_ctrl" }
139139
140+ # On v6.18+ amzn2023, "ibpb_exit_to_user" was renamed by the VMScape BHB patchset and
141+ # no longer appears in /proc/cpuinfo, while "xtopology" and "debug_swap" became visible
142+ # on the host but are not passed to the guest.
143+ AMD_MILAN_HOST_ONLY_FEATS_6_18 = AMD_MILAN_HOST_ONLY_FEATS_6_1 - {
144+ "ibpb_exit_to_user" ,
145+ } | {"xtopology" , "debug_swap" }
146+
140147AMD_GENOA_HOST_ONLY_FEATS = AMD_MILAN_HOST_ONLY_FEATS | {
141148 "avic" ,
142149 "flush_l1d" ,
153160 "x2avic" ,
154161}
155162
163+ AMD_GENOA_HOST_ONLY_FEATS_6_18 = AMD_GENOA_HOST_ONLY_FEATS_6_1 - {
164+ "ibpb_exit_to_user" ,
165+ "ibrs_enhanced" ,
166+ "flush_l1d" ,
167+ } | {"debug_swap" , "cpuid_fault" , "xtopology" , "la57" , "vnmi" }
168+
169+ INTEL_SPR_GNR_HOST_ONLY_FEATS_6_18_REMOVED = {
170+ "ibpb_exit_to_user" ,
171+ "pebs" ,
172+ "flush_l1d" ,
173+ "dts" ,
174+ "dtes64" ,
175+ "bts" ,
176+ }
177+ INTEL_SPR_GNR_HOST_ONLY_FEATS_6_18_ADDED = {"la57" }
178+
179+ # Intel Ice Lake is not vulnerable to VMScape (BHB clearing software mitigation), so
180+ # "ibpb_exit_to_user" is not needed.
181+ # https://docs.kernel.org/admin-guide/hw-vuln/vmscape.html#affected-processors
182+ INTEL_ICELAKE_HOST_ONLY_FEATS_5_10 = INTEL_HOST_ONLY_FEATS - {
183+ "ibpb_exit_to_user" ,
184+ "cdp_l3" ,
185+ } | {"pconfig" , "tme" , "split_lock_detect" }
186+
187+ INTEL_ICELAKE_HOST_ONLY_FEATS_6_1 = INTEL_ICELAKE_HOST_ONLY_FEATS_5_10 - {
188+ "bts" ,
189+ "dtes64" ,
190+ "dts" ,
191+ "pebs" ,
192+ }
193+
194+ INTEL_ICELAKE_HOST_ONLY_FEATS_6_18 = INTEL_ICELAKE_HOST_ONLY_FEATS_6_1 - {
195+ "flush_l1d" ,
196+ } | {"la57" }
197+
156198
157199def test_host_vs_guest_cpu_features (uvm_plain_any ):
158200 """Check CPU features host vs guest"""
@@ -169,16 +211,20 @@ def test_host_vs_guest_cpu_features(uvm_plain_any):
169211 case CpuModel .AMD_MILAN :
170212 if global_props .host_linux_version_tpl < (6 , 1 ):
171213 assert host_feats - guest_feats == AMD_MILAN_HOST_ONLY_FEATS
172- else :
214+ elif global_props . host_linux_version_tpl < ( 6 , 18 ) :
173215 assert host_feats - guest_feats == AMD_MILAN_HOST_ONLY_FEATS_6_1
216+ else :
217+ assert host_feats - guest_feats == AMD_MILAN_HOST_ONLY_FEATS_6_18
174218
175219 assert guest_feats - host_feats == AMD_GUEST_ONLY_FEATS
176220
177221 case CpuModel .AMD_GENOA :
178222 if global_props .host_linux_version_tpl < (6 , 1 ):
179223 assert host_feats - guest_feats == AMD_GENOA_HOST_ONLY_FEATS
180- else :
224+ elif global_props . host_linux_version_tpl < ( 6 , 18 ) :
181225 assert host_feats - guest_feats == AMD_GENOA_HOST_ONLY_FEATS_6_1
226+ else :
227+ assert host_feats - guest_feats == AMD_GENOA_HOST_ONLY_FEATS_6_18
182228
183229 assert guest_feats - host_feats == AMD_GUEST_ONLY_FEATS
184230
@@ -189,7 +235,9 @@ def test_host_vs_guest_cpu_features(uvm_plain_any):
189235 # Ubuntu hasn't backported the patch for VMScape yet.
190236 # This is only requried for Intel Cascade Lake since we only run
191237 # tests on Intel Cascade Lake for Ubuntu.
192- if "amzn" not in global_props .host_os :
238+ # Amazon Linux v6.18+ also dropped "ibpb_exit_to_user" from /proc/cpuinfo.
239+ host_version = global_props .host_linux_version_tpl
240+ if "amzn" not in global_props .host_os or host_version >= (6 , 18 ):
193241 expected_host_minus_guest -= {"ibpb_exit_to_user" }
194242
195243 # Linux kernel v6.4+ passes through the CPUID bit for "flush_l1d" to guests.
@@ -214,29 +262,13 @@ def test_host_vs_guest_cpu_features(uvm_plain_any):
214262 assert guest_feats - host_feats == expected_guest_minus_host
215263
216264 case CpuModel .INTEL_ICELAKE :
217- expected_host_minus_guest = INTEL_HOST_ONLY_FEATS
218-
219- # As long as BHB clearing software mitigation is enabled, Intel Ice Lake is not
220- # vulnerable to VMScape and "IBPB before exit to userspace" is not needed.
221- # https://docs.kernel.org/admin-guide/hw-vuln/vmscape.html#affected-processors
222- expected_host_minus_guest -= {"ibpb_exit_to_user" }
223-
224- host_guest_diff_5_10 = expected_host_minus_guest - {"cdp_l3" } | {
225- "pconfig" ,
226- "tme" ,
227- "split_lock_detect" ,
228- }
229- host_guest_diff_6_1 = host_guest_diff_5_10 - {
230- "bts" ,
231- "dtes64" ,
232- "dts" ,
233- "pebs" ,
234- }
235-
236- if global_props .host_linux_version_tpl < (6 , 1 ):
237- assert host_feats - guest_feats == host_guest_diff_5_10
265+ host_version = global_props .host_linux_version_tpl
266+ if host_version < (6 , 1 ):
267+ assert host_feats - guest_feats == INTEL_ICELAKE_HOST_ONLY_FEATS_5_10
268+ elif host_version < (6 , 18 ):
269+ assert host_feats - guest_feats == INTEL_ICELAKE_HOST_ONLY_FEATS_6_1
238270 else :
239- assert host_feats - guest_feats == host_guest_diff_6_1
271+ assert host_feats - guest_feats == INTEL_ICELAKE_HOST_ONLY_FEATS_6_18
240272 assert guest_feats - host_feats == INTEL_GUEST_ONLY_FEATS - {"umip" }
241273 case CpuModel .INTEL_SAPPHIRE_RAPIDS | CpuModel .INTEL_GRANITE_RAPIDS :
242274 expected_host_minus_guest = INTEL_HOST_ONLY_FEATS .copy ()
@@ -359,6 +391,10 @@ def test_host_vs_guest_cpu_features(uvm_plain_any):
359391 "tsc_known_freq" ,
360392 }
361393
394+ if host_version >= (6 , 18 ):
395+ expected_host_minus_guest -= INTEL_SPR_GNR_HOST_ONLY_FEATS_6_18_REMOVED
396+ expected_host_minus_guest |= INTEL_SPR_GNR_HOST_ONLY_FEATS_6_18_ADDED
397+
362398 assert host_feats - guest_feats == expected_host_minus_guest
363399 assert guest_feats - host_feats == expected_guest_minus_host
364400 case CpuModel .ARM_NEOVERSE_N1 :
0 commit comments