Re: [PATCH v2 2/5] x86/kexec: do unconditional WBINVD in relocate_kernel()
From: Huang, Kai
Date: Mon Apr 01 2024 - 05:14:05 EST
> > > > > >
>
> >
> > Anyway, the current TDX guest doesn't handle #VE due to WBINVD, so I think for
> > simplicity we just don't do WBINVD in stop_this_cpu() and relocate_kernel() for
> > both TDX and SNP/SEV-ES guests.
> >
> > As mentioned in my earlier reply, we can achieve this by skipping WBINVD when
> > the CC_ATTR_GUEST_MEM_ENCRYPT is true:
> >
> > if (!cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT))
> > native_wbinvd();
> >
> > (This skips WBINVD for plain SEV guest too, but this exactly is the current
> > behaviour of the upstream code, so I don't see any problem.)
> >
> > Alternatively, we can have a dedicated CPU feature flag such as
> > X86_FEATURE_NO_WBINVD,
> >
> > if (!boot_cpu_has(X86_FEATURE_NO_WBINVD))
> > native_wbinvd();
> >
> > Or, we can just change to our mindset to "do unconditional WBINVD, but not in
> > virtualized environment":
> >
> > if (!boot_cpu_has(X86_FEATURE_HYPERVISOR))
> > native_wbinvd();
>
> ACPI_FLUSH_CPU_CACHE() uses cpu_feature_enabled(X86_FEATURE_HYPERVISOR)
> check.
>
>
Thanks for pointing out this. Yeah I think skipping WBINVD in virtualized
environment makes sense. Will use this way.