[RFC PATCH 19/24] KVM: nSVM: Flush the TLB if L1 changes L2's ASID

From: Yosry Ahmed
Date: Wed Mar 26 2025 - 15:46:07 EST

Next message: Arnd Bergmann: "[GIT PULL] asm-generic changes for 6.15"
Previous message: Linus Torvalds: "Re: [GIT PULL] selinux/selinux-pr-20250323"
In reply to: Yosry Ahmed: "[RFC PATCH 18/24] KVM: nSVM: Handle nested TLB flush requests through TLB_CONTROL"
Next in thread: Yosry Ahmed: "[RFC PATCH 20/24] KVM: nSVM: Do not reset TLB_CONTROL in VMCB02 on nested entry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

KVM tracks a single ASID for L2 guests. An L1 vCPU could change the ASID
it has assigned L2 due to switching to a different L2 guest or simply to
avoid flushing L2's existing ASID. Flush L2's TLB when this happens to
avoid reusing TLB entries from the old ASID (from L1's perspective).

Remove the comment in __nested_copy_vmcb_control_to_cache() about the
cached ASID usage, as this changes makes it stale by adding another
usage.

This is heavily inspired by nVMX's handling of last_vpid.

Reviewed-by: Maxim Levitsky <mlevitsk@xxxxxxxxxx>
Signed-off-by: Yosry Ahmed <yosry.ahmed@xxxxxxxxx>
---
arch/x86/kvm/svm/nested.c | 5 ++++-
arch/x86/kvm/svm/svm.h | 2 ++
2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/nested.c b/arch/x86/kvm/svm/nested.c
index ffe01c2ae7db5..ca8db246ac050 100644
--- a/arch/x86/kvm/svm/nested.c
+++ b/arch/x86/kvm/svm/nested.c
@@ -368,7 +368,6 @@ void __nested_copy_vmcb_control_to_cache(struct kvm_vcpu *vcpu,
to->pause_filter_count = from->pause_filter_count;
to->pause_filter_thresh = from->pause_filter_thresh;

- /* Copy asid here because nested_vmcb_check_controls will check it. */
to->asid = from->asid;
to->msrpm_base_pa &= ~0x0fffULL;
to->iopm_base_pa &= ~0x0fffULL;
@@ -508,6 +507,10 @@ static void nested_svm_entry_tlb_flush(struct kvm_vcpu *vcpu)
kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu);
}

+ if (svm->nested.ctl.asid != svm->nested.last_asid) {
+ svm->nested.last_asid = svm->nested.ctl.asid;
+ kvm_make_request(KVM_REQ_TLB_FLUSH_GUEST, vcpu);
+ }
/*
* TODO: optimize unconditional TLB flush/MMU sync. A partial list of
* things to fix before this can be conditional:
diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index e67e3a64e92f7..0c44133bc05ca 100644
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -212,6 +212,8 @@ struct svm_nested_state {
* on its side.
*/
bool force_msr_bitmap_recalc;
+
+ u32 last_asid;
};

struct vcpu_sev_es_state {
--
2.49.0.395.g12beb8f557-goog

Next message: Arnd Bergmann: "[GIT PULL] asm-generic changes for 6.15"
Previous message: Linus Torvalds: "Re: [GIT PULL] selinux/selinux-pr-20250323"
In reply to: Yosry Ahmed: "[RFC PATCH 18/24] KVM: nSVM: Handle nested TLB flush requests through TLB_CONTROL"
Next in thread: Yosry Ahmed: "[RFC PATCH 20/24] KVM: nSVM: Do not reset TLB_CONTROL in VMCB02 on nested entry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]