On Fri, Nov 10, 2023, Jacky Li wrote:
> Remove the wbinvd_on_all_cpus inside sev_mem_enc_unregister_region() and
> sev_vm_destroy() because kvm mmu notifier invalidation event would flush
> the cache.
This needs a much longer explanation of why this is safe. This might also need
an opt-in, e.g. if userspace is reusing the memory for something else without
freeing it back to the kernel, and thus is relying on KVM to do the WBINVD.
The key thing is that userspace can access the memory at any time and _can_ do
CLFLUSH{OPT} if userspace wants to do its own conversions. I.e. the WBINVD doesn't
protect against a misbehaving corrupting guest/userspace data. But it's still
possible that userspace is relying on the WBINVD, and thou shalt not break userspace.
