Re: [PATCH] x86/svm: Add flushbyasid in the supported features
On 4/16/24 3:38 PM, Andrew Cooper wrote: On 16/04/2024 10:08 am, Vaishali Thakkar wrote: TLB Flush by ASID is missing in the list of supported features here. So, add it. Signed-off-by: Vaishali Thakkar --- xen/arch/x86/hvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a745acd903..4719fffae5 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); +P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); P(cpu_has_svm_decode, "DecodeAssists"); P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); P(cpu_has_svm_vgif, "Virtual GIF"); This is consistent with pre-existing behaviour, so Acked-by: Andrew Cooper Thanks. However, an ever increasing list of lines like this is something I'm trying to push back against. They don't match the configured state of VMs in the system, not least Right, makes sense to not add more stuff to print here. because one of the things required to fix security vulnerabilities in nested virt is to break the (false) assumption that there is a single global state of how a VM is configured. These ones in particular are just about to appear in CPU policies. As part of nested virt work? ~Andrew
Re: [PATCH] x86/svm: Add flushbyasid in the supported features
On 16/04/2024 10:08 am, Vaishali Thakkar wrote: > TLB Flush by ASID is missing in the list of supported features > here. So, add it. > > Signed-off-by: Vaishali Thakkar > --- > xen/arch/x86/hvm/svm/svm.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c > index a745acd903..4719fffae5 100644 > --- a/xen/arch/x86/hvm/svm/svm.c > +++ b/xen/arch/x86/hvm/svm/svm.c > @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) > P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); > P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); > P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); > +P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); > P(cpu_has_svm_decode, "DecodeAssists"); > P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); > P(cpu_has_svm_vgif, "Virtual GIF"); This is consistent with pre-existing behaviour, so Acked-by: Andrew Cooper However, an ever increasing list of lines like this is something I'm trying to push back against. They don't match the configured state of VMs in the system, not least because one of the things required to fix security vulnerabilities in nested virt is to break the (false) assumption that there is a single global state of how a VM is configured. These ones in particular are just about to appear in CPU policies. ~Andrew
[PATCH] x86/svm: Add flushbyasid in the supported features
TLB Flush by ASID is missing in the list of supported features here. So, add it. Signed-off-by: Vaishali Thakkar --- xen/arch/x86/hvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a745acd903..4719fffae5 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); +P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); P(cpu_has_svm_decode, "DecodeAssists"); P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); P(cpu_has_svm_vgif, "Virtual GIF"); -- 2.44.0
