Received: by 2002:a89:2c3:0:b0:1ed:23cc:44d1 with SMTP id d3csp533595lqs;
        Tue, 5 Mar 2024 08:49:49 -0800 (PST)
X-Forwarded-Encrypted: i=3; AJvYcCWZn6J/Jb+VqvBa0ohgjK7eL7vs6vIx2+MalPEkHcsBowgjsN8DPCzBX57hml3RLE1ax0O19BH3jUqdJXC7Xb4X3tqapfQESUazhzAQrg==
X-Google-Smtp-Source: AGHT+IHoR0mkHddlVvd6Yw5irnq5I38s1slK1jBpSqYGwyIEzULuUD8jyEWtH006rr/04fXRam10
X-Received: by 2002:a17:906:4e90:b0:a45:d2c:eeed with SMTP id v16-20020a1709064e9000b00a450d2ceeedmr6273706eju.18.1709657389701;
        Tue, 05 Mar 2024 08:49:49 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1709657389; cv=pass;
        d=google.com; s=arc-20160816;
        b=sKKtQVJKKSXW3SIqznVQWHRFxMo0cEYiyRLFrKNBFCcEkHKDwP0tHtFE4aPlYSuVFO
         HF6tj/XVVCZPRXHMJBoTe2tDvYuerV6SsKQlPwns47owz+VqeMKbWIbHF74xGTXdZhdw
         oX0sIIIjPmfWF95hivRcJ6LrW8ImV3l67avWrCt2F1q2LYjMz6So4osI8VlNju+EA9mQ
         uG5ZXj4wy9Vdns/VLOVBXJrDYGR++HylMIKvuKQDhxRgQyK6U61Atcw55noliaAIMvzq
         3A043SwjbEFcg7zzNfcBiAytUxP4a1XF17byI+We08m/dmtCf1yV6PJL9dffWiX/AHBX
         XgxA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=cc:to:from:subject:message-id:references:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date
         :dkim-signature;
        bh=xXZIc3wNbndhWEpVASmyszcv7nKEE3gY7hgo/qGmKlo=;
        fh=tqgSxbMuue72qShwOlKmwPKur12p0+e97cK/cjqQ++Q=;
        b=kwOX4TCqhCZWkk718Pfa9dtDUX3jZ/pPTPpn3f6S5WBQIIj8yG/P5xVmRLEkDijOFO
         sp3hTud3zoa3lNwpzmepKgVPsRPs+ZmJ72exrvKRydDNrtKK0ZbIfxC8ZbaEA61+stOA
         pLmLXJeD1epV5o3+Uw0U8reJLndfW1UjrX6wYjvgid7mgjSq5yJO3H05kwV68MHd0XuN
         PNASrYdEqKg2MF2UlYcgJJpl4vwmpwHs2C5EE3J4bQx64J+LEjB1Rn3SCWLvOw5ipAxp
         WCThj1HZxjRn8v7D3rMY1y++oynVlePY+U6mfbGsXOPP8xysho5+fG3VXNOzyf6EGhVu
         ioOA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=DIyeloCv;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-92711-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-92711-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel+bounces-92711-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id h20-20020a170906591400b00a3cef7298b4si5185121ejq.217.2024.03.05.08.49.49
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 05 Mar 2024 08:49:49 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-92711-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20230601 header.b=DIyeloCv;
       arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com);
       spf=pass (google.com: domain of linux-kernel+bounces-92711-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-92711-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 450B71F22199
	for <linux.lists.archive@gmail.com>; Tue,  5 Mar 2024 16:49:49 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 569AADDA7;
	Tue,  5 Mar 2024 16:49:40 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="DIyeloCv"
Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE618D27E
	for <linux-kernel@vger.kernel.org>; Tue,  5 Mar 2024 16:49:37 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1709657379; cv=none; b=XericJOGOh+f5Exh7oX2eYn2HUICu1hm3RtmJfNFAIo+swE4O4HqWytHyPCMtUApkWgczlP+b5HIEPL+rOn/1+bvg91eXnEBhV5GS7dWJvl3qDnYegbD9d6xTlBn44+W/Aq62cTx5Qm/cxAXj8WrJQaiVGH0JJcPYxobN81VEbk=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1709657379; c=relaxed/simple;
	bh=qbV5GBHxAnDxkjaJfXmOkJweCyzg1dMqs5oq5rbAGZU=;
	h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From:
	 To:Cc:Content-Type; b=VoXRk38QgN57jYROe/DtyDy088Ywhmy+gtAk3zFDyt5O/OCeqYtghHtpUZxscTfnc/GeELSeEyLs7KX/NEQPEvXAfVWetHPn3pQriBZQ1H0rfzZfp4uvjytQ9uP8K4Y4flLkDQqX/UhKK/0mHk1++NXPvbPn/j+5GSwHgQ0eBf4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=DIyeloCv; arc=none smtp.client-ip=209.85.128.202
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-608852fc324so86197717b3.2
        for <linux-kernel@vger.kernel.org>; Tue, 05 Mar 2024 08:49:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1709657377; x=1710262177; darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=xXZIc3wNbndhWEpVASmyszcv7nKEE3gY7hgo/qGmKlo=;
        b=DIyeloCvJwx3wyJzp/sRdl21zVK9eSajcjoF6lrNH6PP2VwyHScJ9W0pFaR5X+gTQK
         /Uzs5BVb5n4LKmvcS9Av+SbK2nrEl6HLDrLcQsksIfcexUSwwjFla/GYONfbAL6pAv4E
         vTSTF5Bruy4cQLFjYqbFz91icTo+srspxw3uQj0/54kTgjsII6bQM12e3E5l00gKsIHt
         5ZxxrgKnx9m8nEQ1WYngkrvZSPYvER2MK+P9VxGoIWkpW/iTLlxA5NHaJSASx0NHPNG4
         bVg3mhu22BjqEIhQVagU3k86ngTFy96TKXjYOH4A75dWSvq0wCquBm74YbW6zUutU7RZ
         QZiA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1709657377; x=1710262177;
        h=cc:to:from:subject:message-id:references:mime-version:in-reply-to
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=xXZIc3wNbndhWEpVASmyszcv7nKEE3gY7hgo/qGmKlo=;
        b=kX+4IpTUuUAMAzxjjFLRGodD4HqvhhTSJArVPB7kBaek7iM4FgbBZCgoFzKm+bBaf5
         fHNU9I8ez2hz66X6aqbs6Bkv+3+SFuFtgYhmyLRubmMquYonbBMQHPCCuScuGlqrK4aP
         fFXVE36ifno4/LdaLbWxBJar/ekSoZZdc5VINw2GtcLdXeuDpK296HQp5ECoTg/gA5vq
         pNLxTo4e7EPsVulvQfMoURIvrGKf+ikHHiNPJEPaq72uVo48RSLlyzx3lHrQO9TyfsWj
         +bOqiKAJ6wpm3qcc3WgCWIUQGvIVhVOpr1D9PL3G/Bj0wKGbYnLmnDTaKxE5Zbq/Cvwu
         U53Q==
X-Forwarded-Encrypted: i=1; AJvYcCVuvGMJCHjuTG/+R9DPiqXIiyKQgmdSrecDJ+oAkGjs/nfbv8RNyWtmj1JS544BCSyf6C+ydRdc4ebmAqS77nmS17Xaqk43vk6pYQaN
X-Gm-Message-State: AOJu0YxxmgUtmGXGThcNZW20Bs9qDr7IhaAx2gws/phypK8WVU2JEMBO
	3mGf+im7Dai19UMF6SebqH5GrvoIZIKcaX3JF4659rg/wmCX6vGAUvqzjB5/dld25+uV0ylSeof
	pXQ==
X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37])
 (user=seanjc job=sendgmr) by 2002:a05:6902:110a:b0:dbd:b165:441 with SMTP id
 o10-20020a056902110a00b00dbdb1650441mr3120332ybu.0.1709657377037; Tue, 05 Mar
 2024 08:49:37 -0800 (PST)
Date: Tue, 5 Mar 2024 08:49:35 -0800
In-Reply-To: <722904540.5000784.1709650623262.JavaMail.zimbra@sjtu.edu.cn>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
References: <722904540.5000784.1709650623262.JavaMail.zimbra@sjtu.edu.cn>
Message-ID: <ZedNH2DFpsg5RvHC@google.com>
Subject: Re: [PATCH] KVM:SVM: Flush cache only on CPUs running SEV guest
From: Sean Christopherson <seanjc@google.com>
To: Zheyun Shen <szy0127@sjtu.edu.cn>
Cc: pbonzini <pbonzini@redhat.com>, tglx <tglx@linutronix.de>, 
	thomas lendacky <thomas.lendacky@amd.com>, kvm <kvm@vger.kernel.org>, 
	linux-kernel <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"

On Tue, Mar 05, 2024, Zheyun Shen wrote:
> On Mon, Mar 04, 2024, Sean Christopherson wrote:
> > Instead of copy+paste WBINVD+cpumask_clear() everywhere, add a prep patch to
> > replace relevant open coded calls to wbinvd_on_all_cpus() with calls to
> > sev_guest_memory_reclaimed().  Then only sev_guest_memory_reclaimed() needs to
> > updated, and IMO it helps document why KVM is blasting WBINVD.
> 
> > I'm also pretty sure this should be a cpumask_var_t, and dynamically allocated
> > as appropriate.  And at that point, it should be allocated and filled if and only
> > if the CPU doesn't have X86_FEATURE_SME_COHERENT
> 
> I notice that several callers of wbinvd_on_all_cpus() must use wbinvd to flush cache
> instead of using clflush or just doing nothing if the CPU has X86_FEATURE_SME_COHERENT,
> according to https://github.com/AMDESE/linux/commit/2e2409afe5f0c284c7dfe5504058e8d115806a7d
> Therefore, I think the flush operation should be divided into two functions. One is the 
> optimized wbinvd, which does not consider X86_FEATURE_SME_COHERENT, and the other is 
> sev_guest_memory_reclaimed(), which should use clflush instead of wbinvd in case of 
> X86_FEATURE_SME_COHERENT. Thus the cpumask struct should be exist whether the CPU has
> X86_FEATURE_SME_COHERENT or not.

FWIW, the usage of sev_flush_asids() isn't tied to a single VM, i.e. KVM can't use
per-VM tracking in that case.  But...

> Besides, if we consider X86_FEATURE_SME_COHERENT to get rid of wbinvd in sev_guest_memory_reclaimed(),
> we should ensure the clflush is called on corresponding addresses, as mentioned in  
> https://github.com/AMDESE/linux/commit/d45829b351ee6ec5f54dd55e6aca1f44fe239fe6 
> However, caller of sev_guest_memory_reclaimed() (e.g., kvm_mmu_notifier_invalidate_range_start()) 
> only get HVA belongs to userspace(e.g., qemu), so calling clflush with this HVA may 
> lead to a page fault in kernel. I was wondering if notifying userspace applications to 
> do clflush themselves is the only solution here. But for the sake of safety, maybe KVM 
> cannot left the work for untrusted userspace applications?

Ugh, right, I forgot the whole mess with userspace virtual addresses.  Bummer.

> Or should I just temporarily ignore the X86_FEATURE_SME_COHERENT scenario
> which is hard to implement, and just refine the patch only for
> wbinvd_on_all_cpus() ?

Ignore X86_FEATURE_SME_COHERENT and just refine the patch to optimize WBINVDs that
are tied to a specific VM.  I simply forgot that KVM only uses CLFLUSHOPT when
purging VMSA pages.