Re: [PATCH] KVM: VMX: Flush shadow VMCS on emergency reboot

[Chao Gao]

On Mon, Apr 14, 2025 at 06:03:44PM -0700, Sean Christopherson wrote:
>On Mon, Apr 14, 2025, Chao Gao wrote:
>> A related topic is why KVM is flushing VMCSs. I haven't found any explicit
>> statement in the SDM indicating that the flush is necessary.
>> 
>> SDM chapter 26.11 mentions:
>> 
>> If a logical processor leaves VMX operation, any VMCSs active on that logical
>> processor may be corrupted (see below). To prevent such corruption of a VMCS
>> that may be used either after a return to VMX operation or on another logical
>> processor, software should execute VMCLEAR for that VMCS before executing the
>> VMXOFF instruction or removing power from the processor (e.g., as part of a
>> transition to the S3 and S4 power states).
>> 
>> To me, the issue appears to be VMCS corruption after leaving VMX operation and
>> the flush is necessary only if you intend to use the VMCS after re-entering VMX
>> operation.
>
>The problem is that if the CPU flushes a VMCS from the cache at a later time, for
>any reason, then the CPU will write back data to main memory.  The issue isn't
>reusing the VMCS, it's reusing the underlying memory.

Yes, I understand the concern about reusing memory. I would like the SDM to
explicitly state that the CPU may flush a VMCS from the cache at any time after
leaving VMX operation, and that software should flush a VMCS before leaving VMX
operation if its memory will be reused for other purposes.