From: Sean Christopherson <seanjc@google.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Amit Shah <amit@kernel.org>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
x86@kernel.org, linux-doc@vger.kernel.org, amit.shah@amd.com,
thomas.lendacky@amd.com, bp@alien8.de, tglx@linutronix.de,
peterz@infradead.org, jpoimboe@kernel.org,
pawan.kumar.gupta@linux.intel.com, corbet@lwn.net,
mingo@redhat.com, dave.hansen@linux.intel.com, hpa@zytor.com,
pbonzini@redhat.com, daniel.sneddon@linux.intel.com,
kai.huang@intel.com, sandipan.das@amd.com,
boris.ostrovsky@oracle.com, Babu.Moger@amd.com,
david.kaplan@amd.com, dwmw@amazon.co.uk
Subject: Re: [PATCH v6 1/1] x86: kvm: svm: set up ERAPS support for guests
Date: Fri, 21 Nov 2025 06:58:53 -0800 [thread overview]
Message-ID: <aSB-LUfcyx8B9MLr@google.com> (raw)
In-Reply-To: <1c76cb00-1fe1-4fd0-b7b9-86ddca6115ba@citrix.com>
On Fri, Nov 21, 2025, Andrew Cooper wrote:
> On 20/11/2025 8:11 pm, Sean Christopherson wrote:
> > The emulation requirements are not limited to shadow paging. From the APM:
> >
> > The ERAPS feature eliminates the need to execute CALL instructions to clear
> > the return address predictor in most cases. On processors that support ERAPS,
> > return addresses from CALL instructions executed in host mode are not used in
> > guest mode, and vice versa. Additionally, the return address predictor is
> > cleared in all cases when the TLB is implicitly invalidated (see Section 5.5.3 “TLB
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > Management,” on page 159) and in the following cases:
> >
> > • MOV CR3 instruction
> > • INVPCID other than single address invalidation (operation type 0)
>
> I already asked AMD for clarification here. AIUI, INVLPGB should be
> included in this list, and that begs the question what else is missed
> from the documentation.
>
> >
> > Yes, KVM only intercepts MOV CR3 and INVPCID when NPT is disabled (or INVPCID is
> > unsupported per guest CPUID), but that is an implementation detail, the instructions
> > are still reachable via emulator, and KVM needs to emulate implicit TLB flush
> > behavior.
>
> The Implicit flushes cover CR0.PG, CR4.{PSE,PGE,PCIDE,PKE}, SMI, RSM,
> writes to MTRR MSR, #INIT, A20M, and "other model specific MSRs, see NDA
> docs".
>
> The final part is very unhelpful in practice, and necessitates a RAS
> flush on any emulated WRMSR, unless AMD are going to start handing out
> the multi-coloured documents...
Does Xen actually emulate guest TLB flushes on all emulated WRMSRs? A RAS flush
seems like small peanuts compared to a TLB flush.
> The really fastpath MSRs are unintercepted and won't suffer this overhead.
Heh, if an unintercepted MSR is on the "naughty list", wouldn't that break shadow
paging schemes that rely on intercepting architectural TLB flushes to synchronize
shadow PTEs?
next prev parent reply other threads:[~2025-11-21 14:58 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-07 9:32 [PATCH v6 0/1] KVM: Add support for the ERAPS feature Amit Shah
2025-11-07 9:32 ` [PATCH v6 1/1] x86: kvm: svm: set up ERAPS support for guests Amit Shah
2025-11-20 20:11 ` Sean Christopherson
2025-11-21 2:40 ` Andrew Cooper
2025-11-21 14:58 ` Sean Christopherson [this message]
2025-11-21 15:21 ` Andrew Cooper
2025-11-24 16:15 ` Shah, Amit
2025-11-24 16:40 ` Andrew Cooper
2025-11-25 14:41 ` Shah, Amit
2025-11-25 14:54 ` Sean Christopherson
2025-12-11 16:09 ` Shah, Amit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aSB-LUfcyx8B9MLr@google.com \
--to=seanjc@google.com \
--cc=Babu.Moger@amd.com \
--cc=amit.shah@amd.com \
--cc=amit@kernel.org \
--cc=andrew.cooper3@citrix.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=daniel.sneddon@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=david.kaplan@amd.com \
--cc=dwmw@amazon.co.uk \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=sandipan.das@amd.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).