Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp3845394pxj; Mon, 24 May 2021 16:42:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw0SgN+xnRSgIW3CRTg8Rv7d531QbW+svCbF6sPChixAnJ19s6+fiX7I/FHTsdwZTkdgnsR X-Received: by 2002:a5d:9343:: with SMTP id i3mr17842707ioo.77.1621899723192; Mon, 24 May 2021 16:42:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621899723; cv=none; d=google.com; s=arc-20160816; b=d6PRRafw6lLfV2gVdlMRj5KXswtsRyxuABuqby5irQpMtI3TTw54xSSf++AEqtBxAu Lc8grzm4rSwj+Tp/GF075lXMgpCU3xc5QvIB7Xg7qvzWG3CpnFqsORSVjKCHIHnbJJQz up/8Wv3oqq9dLVQFWiZC6Zsw2WwDEmAPnRwoI96yQCVqwnlf+wLLcDUiFMvCOaptTFIu O8IwZh+UWVaerihtQ6yRuCsO8s0iEDpjT7XNxoeozIMsEac2gjL1GpyK1k/oYNiJ5zNb I8V44ie9fq5Fgp0M5AWucIhwtzvb6fHKw8lIdJJygXdNaqBDY6fypDL79fK9g0kuu3/P 4IZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=ScP+JQEFIOUy2qItnppcbf9xv+MC926aHBMDbL0Nw9U=; b=z+oM5xVtvgG3UmOktIMz1myWvFMFYGOjpEEBFlMiXRA7KdMyEegvuS7kfEW+xD+FLx pYnhr73hXWRJGcm+ox9wUU9I+2zuUL9OIsLDdWfSz1ATqSJcEYRFtUz9OSZfK3TMBDjg GrSZYqoVVj+mjfXVOl5q2gAi7y4H/LdlZLfSl2xIzcGxbldKL0nofOTszNi7vWUCG2Am 4qVDtyT+SdodJO1FvNseHzJVkdf2qBu3luroaIyzhkgrllnBJZR5GkQKHADaPqdLyQzL OcJBokg5l2gLMjz9jHSEdDeil0tzMd4z18Y1vRahZEidZZKmA6NNwoWkzKG55H2m6ENK w7RA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=M6urPmM3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q205si14241143ioq.7.2021.05.24.16.41.49; Mon, 24 May 2021 16:42:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=M6urPmM3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229541AbhEXXlZ (ORCPT + 99 others); Mon, 24 May 2021 19:41:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44316 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229503AbhEXXlZ (ORCPT ); Mon, 24 May 2021 19:41:25 -0400 Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 70A2AC061574 for ; Mon, 24 May 2021 16:39:56 -0700 (PDT) Received: by mail-pg1-x534.google.com with SMTP id q15so21263589pgg.12 for ; Mon, 24 May 2021 16:39:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ScP+JQEFIOUy2qItnppcbf9xv+MC926aHBMDbL0Nw9U=; b=M6urPmM3g0V4emOnatNp6BiNMDnYW7u0A/GnhbIndDOjpI9JBwEjf6ywlQgDHNI2yG 6QDiQkG9ekynmu8cvn58g0l18O3M4UtkdbYeaKsEYT6ghXHfi2wfl/rWLlzKtZqBJJuC fPl4wlWafumvVE7M25KxTo8Um95KtkuAVAGBvhB0Fqdk/fncZbHE8fSniiBkEo9h6ctQ NWo69A1xoalGvD+1biY79Y3oGnYi/Thb9MUqvHjhQiyb3WeLRWHzXCnZvj/7NEFzjD7v fD08n9qqIJK1I4QEEQtngsyg+vm3Bhwe3rXKAhaTlO6uI8H/5UUNWyvB383Z+lXAIo0Z CIuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ScP+JQEFIOUy2qItnppcbf9xv+MC926aHBMDbL0Nw9U=; b=VroUsZze5tTZoDcPBXuspqqCk53sWnb61gF9nSv8ukrVUpJyQzUyixf2/2U4SXgUBX Qfmx1zpZQJ/ysrtF46syIRIRtPkuPQ0wpBilbW8MAF43DStFlsyKh7EuIBYn/8fm2X+L OvB97KB96QJozOKEy0wSStILsBzQOLlDqWZydezhhniPxWPE0Y0PBwnVCkilHqLYAD6v ggH5EEEH42AcMsHL0OTtO/pp46KtdzBKspz/BL9sAWCLxeWZRioJaIqw7liHd2j4Z9GD 8jVa9Zdo2l2IVWNiYpS7pcaemOrJ+4o+/e4UgoTjZFBrrT/aA9vv6ZwxGdqSQYmGUMi9 fU+A== X-Gm-Message-State: AOAM533uSs3696W+X1qImC0OfT7xPPiUx0dDcsMY2MptyxKtxW2f8b0Q i4Z8YaoKcBkz9LKODNtZEfgBsnYitB0MhJojsa7bqQ== X-Received: by 2002:a63:4b43:: with SMTP id k3mr15974638pgl.450.1621899595958; Mon, 24 May 2021 16:39:55 -0700 (PDT) MIME-Version: 1.0 References: <37ad50ca-f568-4c62-56e2-9e9b1f34084c@linux.intel.com> <20210524233211.802033-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20210524233211.802033-2-sathyanarayanan.kuppuswamy@linux.intel.com> In-Reply-To: <20210524233211.802033-2-sathyanarayanan.kuppuswamy@linux.intel.com> From: Dan Williams Date: Mon, 24 May 2021 16:39:49 -0700 Message-ID: Subject: Re: [RFC v2-fix-v2 2/2] x86/tdx: Ignore WBINVD instruction for TDX guest To: Kuppuswamy Sathyanarayanan Cc: Peter Zijlstra , Andy Lutomirski , Dave Hansen , Tony Luck , Andi Kleen , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Raj Ashok , Sean Christopherson , Linux Kernel Mailing List Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 24, 2021 at 4:32 PM Kuppuswamy Sathyanarayanan wrote: > > Functionally only DMA devices can notice a side effect from > WBINVD's cache flushing. But, TDX does not support DMA, > because DMA typically needs uncached access for MMIO, and > the current TDX module always sets the IgnorePAT bit, which > prevents that. I thought we discussed that there are other considerations for wbinvd besides DMA? In any event this paragraph is actively misleading because it disregards ACPI and Persistent Memory secure-erase whose usages of wbinvd have nothing to do with DMA. I would much prefer a patch to shutdown all the known wbinvd users as a precursor to this patch rather than assuming it's ok to simply ignore it. You have mentioned that TDX does not need to use those paths, but rather than assume they can't be used why not do the audit to explicitly disable them? Otherwise this statement seems to imply that the audit has not been done.