| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <93281f16-4237-b6d6-624e-cc805adb1c37@amd.com> Date: Wed, 12 Feb 2025 09:56:58 -0600 From: Tom Lendacky <thomas.lendacky@....com> To: Vern Hao <haoxing990@...il.com>, Rik van Riel <riel@...riel.com> Cc: x86@...nel.org, linux-kernel@...r.kernel.org, bp@...en8.de, peterz@...radead.org, dave.hansen@...ux.intel.com, zhengqi.arch@...edance.com, nadav.amit@...il.com, kernel-team@...a.com, linux-mm@...ck.org, akpm@...ux-foundation.org, jannh@...gle.com, mhklinux@...look.com, andrew.cooper3@...rix.com, Manali Shukla <Manali.Shukla@....com> Subject: Re: [PATCH v9 04/12] x86/mm: get INVLPGB count max from CPUID On 2/11/25 19:57, Vern Hao wrote: > > On 2025/2/11 00:48, Rik van Riel wrote: >> On Mon, 2025-02-10 at 15:30 +0800, Vern Hao wrote: >>> I do some test on my Machine with AMD EPYC 7K83, these patches work >>> on my host, but failed on my guest with qemu. >>> >>> in host, use lscpu cmd, you can see invlpgb in flags, but in guest >>> no. >>> >>> So are you plan to support it in guest? >> How exactly did it fail in the guest? >> >> Did the guest simply not use INVLPGB because that >> CPUID flag was not presented in the CPUID that >> qemu shows to the guest, or did things crash somehow? > i support these patches in host and guest, and add this patch to support > cpuid flags in kvm. > > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c > index db3838667466..fd21d9438137 100644 > --- a/arch/x86/kvm/cpuid.c > +++ b/arch/x86/kvm/cpuid.c > @@ -488,7 +488,7 @@ static inline int __do_cpuid_func(struct > kvm_cpuid_entry2 *entry, u32 function, > > /* cpuid 0x80000008.ebx */ > const u32 kvm_cpuid_8000_0008_ebx_x86_features = > - F(CLZERO) | F(XSAVEERPTR) | > + F(CLZERO) | F(XSAVEERPTR) | F(INVLPGB) | > F(WBNOINVD) | F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | > F(VIRT_SSBD) | > F(AMD_SSB_NO) | F(AMD_STIBP) | F(AMD_STIBP_ALWAYS_ON); > > But in guest, use lscpu cmd, i still can not see invlpgb, so i just > wonder where is wrong ? Well, for one, the INVLPGB instruction has to be enabled in the VMCB in order for it to be used (unless it is an SEV-ES or SEV-SNP guest). Also, lscpu won't show "invlpgb" since the patches don't define the feature in the way that it would be visible via lscpu. You need to issue CPUID to see the bit is set or not. Also, you might need VMM support in order for that CPUID bit to be set in the guest. But, it will take hypervisor support to use INVLPGB in a non-SEV guest, since non-SEV guests do not use global ASIDs. In this case, the instruction will need to be intercepted and the hypervisor will need to determine how to process it. If you have an SEV guest, which use global ASIDs and use the same ASID for all vCPUs within a guest, you can use INVLPGB in the guest without issue and without needing to intercept the instruction. See "Guest Usage of INVLPGB" in AMD APM Vol 3 under the INVLPGB instruction documentation. Thanks, Tom > >> My understanding is that while INVLPGB can work >> in guests, actually implementing that is a whole >> other can of worms, and definitely not something >> we should try to tackle at the same time as bare >> metal support. >> >> A TLB flush hypercall, with IRQ-less flushing on >> the hypervisor side will probably get us 90% of >> the way there, potentially with less overall >> complexity than actually supporting INVLPGB in >> the guest. >>
Powered by blists - more mailing lists