From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RZMYDh2N" Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A4F57DF for ; Fri, 1 Dec 2023 09:54:00 -0800 (PST) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-5d39d74bc14so28198667b3.3 for ; Fri, 01 Dec 2023 09:54:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1701453240; x=1702058040; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=7I2xmkQJIO9gmB40TsiPhHZp1nP18HWgbQtG2aSxBoA=; b=RZMYDh2NNbp8iIV43eX1nnzZtTwQWjmpEPlIhYVxKXRppMIe4JG+VaeUwg2ZNt5EbL 8JMKsOla5H+kXCc8HTKgkmrMHIZgIfxwaSEOMwGOTpd8J+GJoLImInJLsV8Mb6c8MIW6 yDgFQKRkOVtbMB4ZDh6mbABn5ves5H24f0hJQLvchIdBhcUDWPjCxODwI5cqi1cwRviK 6txy5wGekSIoPBbBqZTvBxFGA6kuxlyKSBT0IWbl4BGjFkIUiaAGJMuQdzMVFj1fuxXT vc94cgDKT6s1Oq1mc2tGa8wk3F/JeEDSPpfjp2XOdcNQPy9VbfCzZfzlKrAHmMlfG72J gmMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701453240; x=1702058040; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7I2xmkQJIO9gmB40TsiPhHZp1nP18HWgbQtG2aSxBoA=; b=HWPUQXlCtzb6mNBchOmoVdBOQ1DEMyQRTNWzldjVeac/coNLJqGWdmeL4arlSKyxII D2T8JKTsWFQJN0N/kUKSwnxU7c+1mQTxk9a/UtSy0rN2OLHAX4ZolhOrESeGejrpR075 CEsQjgqfqPerH1GzV7oEvpf4DtLrONkSbyjw5PlVLtMYg/kWUvau66CSTFn/OBNqZmT+ 7wHp5ea9OmO7wcX0XSBVda33/9hc89lSk7yhUIbF9bDjrmhAt/QQmg6O7aDUnSqXBGP3 lVrwqGZBAs+cDWDiz1WxUPk529rZKOEuIC2pjruwvL1Mmb4eB6ysxvR0juMGTlUK7k5t jB7g== X-Gm-Message-State: AOJu0YzecsnX5kmSaIasKsWPgXP5R/nTyawm0rcE9J4vlGvpurSofeBJ XsWMC9kyUwaQT8nUZ0UtwVgmfdA4Tj0= X-Google-Smtp-Source: AGHT+IHOZTV3fqnzutNIWSvk7FCLUL5Yiw4eUFmTIaK0HPqpGgvVq3LrS9NTFPvCHQ4Y4qIQQGlBn7fhmLk= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a05:690c:2e8f:b0:5d4:1846:3121 with SMTP id eu15-20020a05690c2e8f00b005d418463121mr91868ywb.8.1701453239917; Fri, 01 Dec 2023 09:53:59 -0800 (PST) Date: Fri, 1 Dec 2023 09:53:58 -0800 In-Reply-To: <20231110003734.1014084-2-jackyli@google.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20231110003734.1014084-1-jackyli@google.com> <20231110003734.1014084-2-jackyli@google.com> Message-ID: Subject: Re: [RFC PATCH 1/4] KVM: SEV: Drop wbinvd_on_all_cpus() as kvm mmu notifier would flush the cache From: Sean Christopherson To: Jacky Li Cc: Paolo Bonzini , Ovidiu Panait , Liam Merwick , Ashish Kalra , David Rientjes , David Kaplan , Peter Gonda , Mingwei Zhang , kvm@vger.kernel.org Content-Type: text/plain; charset="us-ascii" On Fri, Nov 10, 2023, Jacky Li wrote: > Remove the wbinvd_on_all_cpus inside sev_mem_enc_unregister_region() and > sev_vm_destroy() because kvm mmu notifier invalidation event would flush > the cache. This needs a much longer explanation of why this is safe. This might also need an opt-in, e.g. if userspace is reusing the memory for something else without freeing it back to the kernel, and thus is relying on KVM to do the WBINVD. The key thing is that userspace can access the memory at any time and _can_ do CLFLUSH{OPT} if userspace wants to do its own conversions. I.e. the WBINVD doesn't protect against a misbehaving corrupting guest/userspace data. But it's still possible that userspace is relying on the WBINVD, and thou shalt not break userspace.