Received: by 2002:ab2:7988:0:b0:1f4:b336:87c4 with SMTP id g8csp122352lqj; Thu, 11 Apr 2024 11:34:07 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV+HrEHkXo7euR1UNGP/lz0EumX7oFGAxVt8iOo8RYh6IZsHeKss2NsX3WPoqtsVHkqA3EBR1Tx/VU8iNHoap0ydfcu01AZ/hlCnAJZGg== X-Google-Smtp-Source: AGHT+IGpDdi00iA4OIwOo23VvWNe/EjBw/QqkcjbOoIT6fYZdal6dnrQZJNMdU5Car3Y6mMzCquL X-Received: by 2002:a17:902:7616:b0:1dd:bf6a:2b97 with SMTP id k22-20020a170902761600b001ddbf6a2b97mr220977pll.60.1712860447087; Thu, 11 Apr 2024 11:34:07 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1712860447; cv=pass; d=google.com; s=arc-20160816; b=vcJpPDMpTiSU2lcQiGyNDbiHxmQqUZ+CkYbVvUamOW+rWr0TV/fDcdJh7n8Fczhlhg u13TfWokgLfTXSax/wQ7X/wzW8WyTEoyvElqCbl38wmgFrR2YmW7m0lk+qqMH0YNqMD7 1JIyBsGmB4BeFZxMQm9fPWzKScMCOf3ShvehTCihAdCmbSpNUcZ4dBlINN2vQ/DyW8hZ rqxuCNc0fNuaCE/gnfZWDwICcSZJ2drpHVPDTeTGM314+VMQ5vOF4PKXIg0TD2EUChMI ojUT9RqhJxx8DuMFBrdas+xcS4wS/87LsTNAZYJE+zytjKJmXShWbpV+bSaUr8ivlm6E DirA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=2OyM+clVKBMLI18tEOZmwU9RMDce6Apgb7FSUXC0ZlQ=; fh=tozrgPLu5kpQXJjj/9d/x92GtO2qgYwOFoIRQ6V+jKs=; b=x8PkTozMLBLldLJ5ZNpc1CHp0P7aJTUNli1bwbHmpryGD5yWgXFCpXAPiBkfrqNUUe Lb2gyKomW+OAaPmZ7YqFUaBdREq+1UHnD3FrLYH5Abq1GgP6HuVTLZIxusVSZE1YFvDp 8icLFymwlWLIymT/w+QS9dt5BYAhj5HqoELJ7c1X3zGv6MgjnGwoLFcgeS4l93g6IzNR fZfwzuMacWYk05oMxXUjwnHIi/9l+qB03nXOcDRtBFUFh9pUUahlzIAuzchNltGnH3KS zNrIBSpDDKnHt0xV2rrNhktPzNe/MITlxqh1oy35cM9wuRWo+twaWjiIgoEgR1kpxhZc 34Xg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=vp96rktp; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-141311-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141311-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id e2-20020a170902cf4200b001e43c7fbfe6si1661986plg.280.2024.04.11.11.34.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Apr 2024 11:34:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-141311-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=vp96rktp; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-141311-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-141311-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 198A4B225D9 for ; Thu, 11 Apr 2024 17:48:11 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 86499199EB2; Thu, 11 Apr 2024 16:22:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vp96rktp" Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6FA71199E9F for ; Thu, 11 Apr 2024 16:22:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712852544; cv=none; b=sXaLYam5qfg20yMclGdK/UudFv79Qhv8EWtTkNnEIe1PqI/td/DUN1WKoAVqXX9ybm+TWWZ9wK79Oly4Fw3SK7WNClqun+6EHaKI3/byeHODryRH+EB8xWwrAO1zkycmXme2IRjvd3K61Vr3askZ802A8VKhcq4htoLdl/NQ7Jg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1712852544; c=relaxed/simple; bh=p6FrjYIuiPv/OWpL96geXDj904xQ+ExT33zK5ULyOlw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=hc7drhYIKA6dqtg8pVZv+AlcSAC8dsMJcksT4AnWz2Iy+kmaMd9MUz9Z3iOjVMsmbQv7biNGjpajphzOHL0a7qqPXEryhOsgtqm/DtHO1iVQp1FaLqKHfADgumXQ2ijOlkOQFJnLnNFCxCfd6sv8/1k0qJt8l7y6P+EVtvs03k0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vp96rktp; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-dc3645a6790so13384460276.0 for ; Thu, 11 Apr 2024 09:22:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1712852542; x=1713457342; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2OyM+clVKBMLI18tEOZmwU9RMDce6Apgb7FSUXC0ZlQ=; b=vp96rktpy6Kz6r5ihcstSGE4QUNDRhRqJwwKNJIfjHA+om/vvULP95S/oml4rP3qsY HAtpXlOIwiIigtnPtvkzYkF1HbgjB9O0bdmWvlTF4PTNo47jfj5RP8xc/D3Yrbc5FQJZ r7XGNNbc0J96i1X1KH/WdfxuX/xyvlraN+4WKcV2xpoKTSAz4n8tbNnMiOGc9HR8bYIH rlHJ3IHLQwp+K2f8yjFNfMN/FJLcEPtgmhFIz3LE9wA+b1Fyz5fqda5eOaTTPqRbJ7Oq QASgNUG82mkhL6rFT3ndkwy6i83yMLg2Mnh+vPSbVDDhxez6lXI3uGViSwHDJ/JU/1kF hHmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712852542; x=1713457342; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2OyM+clVKBMLI18tEOZmwU9RMDce6Apgb7FSUXC0ZlQ=; b=FkyInAeElCYoST4UUfI6TG+JT1n0WVHQ2ut2FMyY6NeE236xh0ZLwFVnx3rad3lufS O0rr5oKG/mo6uUM33XI3HB7kFEQHNxFxxF9v6TktLSiwC9PidfGT9uyxV/jVQqKuf6fD XY+7G1ioq2DtPdVKjlSQAjvKFF4VS+i6M2PpvkzLaZ8eCye5TxfWSHLyT0jq27lz9jgT pZ+MHzHFw9uZ/H6yBXAvtYBqcHLIVX2U+IFZmQDizGqWZ9WXlmirY0zUFcZMNgaOReII vgt3t1W9oq3GN+bvz6/QWYX5712hfVXy5y1h/erFc/F/+gqb82kNtp40sTXV2zDuRP6B aDbA== X-Forwarded-Encrypted: i=1; AJvYcCWm3jxe2B88Q6o81lAlQNLmkibPMTVS1DfQhOJeQKwngau6LV5IP8SErDP0lRFkSZjrMDG1AJGfZo9VJLPq+RKfp1Qh4fjguZ7yD59r X-Gm-Message-State: AOJu0Yx+ORyZzKBPMaapDWzmjksUpa1OtEWXOnWkQKbEDsc1kJIp/kgs ncNcy0//0IqkWzP9t7gpZuhEe57G9ILAnRz8oxSirrmIABDsid5RxQ0KgkWYqiCXhSV+lUanrUC snQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:6902:1887:b0:dcd:875:4c40 with SMTP id cj7-20020a056902188700b00dcd08754c40mr1893180ybb.10.1712852542506; Thu, 11 Apr 2024 09:22:22 -0700 (PDT) Date: Thu, 11 Apr 2024 09:22:21 -0700 In-Reply-To: <20240411144322.14585-2-xry111@xry111.site> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240411144322.14585-1-xry111@xry111.site> <20240411144322.14585-2-xry111@xry111.site> Message-ID: Subject: Re: [PATCH v7 2/2] x86/mm: Don't disable INVLPG if the kernel is running on a hypervisor From: Sean Christopherson To: Xi Ruoyao Cc: Dave Hansen , Michael Kelley , Pawan Gupta , Andy Lutomirski , Peter Zijlstra , Thomas Gleixner , Ingo Molnar , Borislav Petkov , "H. Peter Anvin" , x86@kernel.org, linux-kernel@vger.kernel.org, Andrew Cooper Content-Type: text/plain; charset="us-ascii" s/INVLPG/PCID again On Thu, Apr 11, 2024, Xi Ruoyao wrote: > The Intel erratum for "incomplete Global INVLPG flushes" says: > > This erratum does not apply in VMX non-root operation. It applies > only when PCIDs are enabled and either in VMX root operation or > outside VMX operation. > > So if the kernel is running in a hypervisor, we are in VMX non-root No, this is not strictly true. The HYPERVISOR flag only states that the kernel is running as a guest, it doesn't say anything about what mode the guest is run in. E.g. a fully PV guest running at CPL3 isn't in VMX non-root mode. Ditto for a fully emulated environment. Of course, in such a setup the hypervisor really shouldn't be advertising PCID support, and I've no idea if Xen PV (or any other PV mode) even shoves guest PCIDs into hardware, i.e. PCID might be emulated and thus not subject to the hardware bug. In other words, simply checking HYPERVISOR *might* be safe, but it might not. If we wanted to be paranoid, this could also check X86_FEATURE_VMX, which also doesn't guarantee VMX non-root mode and would unnecessarily restrict PCID usage to setups that allow nested VMX, but AFAIK there aren't any hypervisors which fully emulate VMX. > operation and we should be safe to use INVLPG. s/INVLPG/PCID