On Mon, Jun 07, 2021 at 08:51:42AM +0200, Paolo Bonzini wrote: > On 07/06/21 05:25, Tian, Kevin wrote: > > Per Intel SDM wbinvd is a privileged instruction. A process on the > > host has no privilege to execute it. > > (Half of) the point of the kernel is to do privileged tasks on the > processes' behalf. There are good reasons why a process that uses VFIO > (without KVM) could want to use wbinvd, so VFIO lets them do it with a ioctl > and adequate checks around the operation. Yes, exactly. You cannot write a correct VFIO application for hardware that uses the no-snoop bit without access to wbinvd. KVM or not does not matter. Jason
