On Thu, Feb 11, 2021 at 4:34 PM Sean Christopherson <seanjc@xxxxxxxxxx> wrote: > > Remove the restriction that prevents VMX from exposing INVPCID to the > guest without PCID also being exposed to the guest. The justification of > the restriction is that INVPCID will #UD if it's disabled in the VMCS. > While that is a true statement, it's also true that RDTSCP will #UD if > it's disabled in the VMCS. Neither of those things has any dependency > whatsoever on the guest being able to set CR4.PCIDE=1, which is what is > effectively allowed by exposing PCID to the guest. > > Removing the bogus restriction aligns VMX with SVM, and also allows for > an interesting configuration. INVPCID is that fastest way to do a global > TLB flush, e.g. see native_flush_tlb_global(). Allowing INVPCID without > PCID would let a guest use the expedited flush while also limiting the > number of ASIDs consumed by the guest. > > Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx> I always thought this was a bizarre one-off restriction. Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
