Re: [PATCH 3/3] KVM: VMX: Allow INVPCID in guest without PCID

[Jim Mattson]

On Thu, Feb 11, 2021 at 4:34 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> Remove the restriction that prevents VMX from exposing INVPCID to the
> guest without PCID also being exposed to the guest.  The justification of
> the restriction is that INVPCID will #UD if it's disabled in the VMCS.
> While that is a true statement, it's also true that RDTSCP will #UD if
> it's disabled in the VMCS.  Neither of those things has any dependency
> whatsoever on the guest being able to set CR4.PCIDE=1, which is what is
> effectively allowed by exposing PCID to the guest.
>
> Removing the bogus restriction aligns VMX with SVM, and also allows for
> an interesting configuration.  INVPCID is that fastest way to do a global
> TLB flush, e.g. see native_flush_tlb_global().  Allowing INVPCID without
> PCID would let a guest use the expedited flush while also limiting the
> number of ASIDs consumed by the guest.
>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
I always thought this was a bizarre one-off restriction.
Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>