Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()
From: Kirill A. Shutemov
Date: Wed Mar 20 2024 - 08:51:44 EST
On Wed, Mar 20, 2024 at 01:45:32PM +1300, Huang, Kai wrote:
> Anyway, regardless whether patch 1 will break TDX/SEV-ES/SEV-SNP guests, I
> think to resolve this, we can simply adjust our mindset from ...
>
> "do unconditional WBINVD"
>
> to ...
>
> "do unconditional WBINVD when it can be done safely"
>
> For now, AFAICT, only TDX guests and SEV-ES/SEV-SNP guests are such guests.
>
> And they all report the CC_ATTR_GUEST_MEM_ENCRYPT flag as true, so we can
> change to only do WBINVD when the kernel sees that flag.
>
> if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> native_wbinvd();
>
> Alternatively, we can have a dedicated X86_FEATURE_NO_WBINVD and get it set
> for TDX/SEV-ES/SEV-SNP guests (and any guests if this is true), and do:
>
> if (!boot_cpu_has(X86_FEATURE_NO_WBINVD))
> native_wbinvd();
>
> It seems the first one is too generic (for any CoCo VMs), and the second one
> is better.
>
> Any comments?
I like cc_platform_has() variant better. There's no good reason to invent
X86_FEATURE if we don't cases outside of CC.
--
Kiryl Shutsemau / Kirill A. Shutemov