On 2025/2/12 23:56, Tom Lendacky wrote:
On 2/11/25 19:57, Vern Hao wrote:On 2025/2/11 00:48, Rik van Riel wrote:On Mon, 2025-02-10 at 15:30 +0800, Vern Hao wrote:I do some test on my Machine with AMD EPYC 7K83, these patches work on my host, but failed on my guest with qemu. in host, use lscpu cmd, you can see invlpgb in flags, but in guest no. So are you plan to support it in guest?How exactly did it fail in the guest? Did the guest simply not use INVLPGB because that CPUID flag was not presented in the CPUID that qemu shows to the guest, or did things crash somehow?i support these patches in host and guest, and add this patch to support cpuid flags in kvm. diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c index db3838667466..fd21d9438137 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -488,7 +488,7 @@ static inline int __do_cpuid_func(struct kvm_cpuid_entry2 *entry, u32 function, /* cpuid 0x80000008.ebx */ const u32 kvm_cpuid_8000_0008_ebx_x86_features = - F(CLZERO) | F(XSAVEERPTR) | + F(CLZERO) | F(XSAVEERPTR) | F(INVLPGB) | F(WBNOINVD) | F(AMD_IBPB) | F(AMD_IBRS) | F(AMD_SSBD) | F(VIRT_SSBD) | F(AMD_SSB_NO) | F(AMD_STIBP) | F(AMD_STIBP_ALWAYS_ON); But in guest, use lscpu cmd, i still can not see invlpgb, so i just wonder where is wrong ?Well, for one, the INVLPGB instruction has to be enabled in the VMCB in order for it to be used (unless it is an SEV-ES or SEV-SNP guest). Also, lscpu won't show "invlpgb" since the patches don't define the feature in the way that it would be visible via lscpu. You need to issue CPUID to see the bit is set or not. Also, you might need VMM support in order for that CPUID bit to be set in the guest. But, it will take hypervisor support to use INVLPGB in a non-SEV guest, since non-SEV guests do not use global ASIDs. In this case, the instruction will need to be intercepted and the hypervisor will need to determine how to process it. If you have an SEV guest, which use global ASIDs and use the same ASID for all vCPUs within a guest, you can use INVLPGB in the guest without issue and without needing to intercept the instruction. See "Guest Usage of INVLPGB" in AMD APM Vol 3 under the INVLPGB instruction documentation.
OK, Thanks a lot.
Obviously, my 5.10 version of the kernel KVM does not support this CPUID well, i test it on upstream kernel, it works well.
Thanks, TomMy understanding is that while INVLPGB can work in guests, actually implementing that is a whole other can of worms, and definitely not something we should try to tackle at the same time as bare metal support. A TLB flush hypercall, with IRQ-less flushing on the hypervisor side will probably get us 90% of the way there, potentially with less overall complexity than actually supporting INVLPGB in the guest.
