On Mon, May 24, 2021 at 8:27 PM Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:
No, it doesn't. Simply no one has tried to pass through the security
On 5/24/2021 7:49 PM, Dan Williams wrote:
On Mon, May 24, 2021 at 7:13 PM Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:That's just another reason to not support WBINVD, but I don't think it's
Please let's not start this patch off with dubious claims of safety...to explicitly error out a wbinvd use case before data is alteredI don't see any point of all of this. We really just want to be the same
and wbinvd is needed.
as KVM. Not get into the business of patching a bazillion sub systems
that cannot be used in TDX anyways.
afforded by IgnorePAT. Instead make the true argument that wbinvd is
known to be problematic in guests
the main reason. The main reason is that it is simply not needed, unless
you do DMA in some form.
(and yes I consider direct mapping of persistent memory with a complex
setup procedure a form of DMA -- my guess is that the reason that it
works in KVM is that it somehow activates the DMA code paths in KVM)
interface of bare metal nvdimm to a guest, or enabled the security
commands in a virtualized nvdimm.
If a guest supports a memory map it supports PMEM I struggle to see DMA anywhere in that equation.
IMNSHO that's the true reason.I do see why it would be attractive if IgnorePAT was a solid signal to
ditch wbinvd support. However, it simply isn't, and to date nothing
has cared trip over that gap.