Re: [RFC v2-fix-v2 2/2] x86/tdx: Ignore WBINVD instruction for TDX guest

From: Andi Kleen
Date: Tue May 25 2021 - 21:09:27 EST

Next message: Siddharth Gupta: "Re: [PATCH] remoteproc: core: Invoke subdev callbacks in list order"
Previous message: Samuel Zou: "Re: [PATCH 4.19 00/49] 4.19.192-rc1 review"
In reply to: Dan Williams: "Re: [RFC v2-fix-v2 2/2] x86/tdx: Ignore WBINVD instruction for TDX guest"
Next in thread: Kuppuswamy Sathyanarayanan: "[RFC v2-fix-v3 1/1] x86/tdx: Ignore WBINVD instruction for TDX guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/24/2021 8:40 PM, Dan Williams wrote:

On Mon, May 24, 2021 at 8:27 PM Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:

On 5/24/2021 7:49 PM, Dan Williams wrote:

On Mon, May 24, 2021 at 7:13 PM Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:
[..]

...to explicitly error out a wbinvd use case before data is altered
and wbinvd is needed.

I don't see any point of all of this. We really just want to be the same
as KVM. Not get into the business of patching a bazillion sub systems
that cannot be used in TDX anyways.

Please let's not start this patch off with dubious claims of safety
afforded by IgnorePAT. Instead make the true argument that wbinvd is
known to be problematic in guests

That's just another reason to not support WBINVD, but I don't think it's
the main reason. The main reason is that it is simply not needed, unless
you do DMA in some form.

(and yes I consider direct mapping of persistent memory with a complex
setup procedure a form of DMA -- my guess is that the reason that it
works in KVM is that it somehow activates the DMA code paths in KVM)

No, it doesn't. Simply no one has tried to pass through the security
interface of bare metal nvdimm to a guest, or enabled the security
commands in a virtualized nvdimm.

Maybe a better term would be "external side effects". If you have something in IO domain which can notice a difference.

If a guest supports a memory map it supports PMEM I struggle to see DMA anywhere in that equation.

Okay if that's happen to a TDX guest we have to start emulate WBINVD. But right now we don't need it.

I guess we can add a comment that says

"if someone wants to implement NVDIMM secure delete they would also need to implement this new hypercall"

IMNSHO that's the true reason.

I do see why it would be attractive if IgnorePAT was a solid signal to
ditch wbinvd support. However, it simply isn't, and to date nothing
has cared trip over that gap.

I think we're getting into angels on a pinhead here.

The key point is that current TDX does not need WBINVD. I believe we agree on that.

-Andi

Next message: Siddharth Gupta: "Re: [PATCH] remoteproc: core: Invoke subdev callbacks in list order"
Previous message: Samuel Zou: "Re: [PATCH 4.19 00/49] 4.19.192-rc1 review"
In reply to: Dan Williams: "Re: [RFC v2-fix-v2 2/2] x86/tdx: Ignore WBINVD instruction for TDX guest"
Next in thread: Kuppuswamy Sathyanarayanan: "[RFC v2-fix-v3 1/1] x86/tdx: Ignore WBINVD instruction for TDX guest"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]