On 03/04/2025 7:36 pm, Teddy Astie wrote: > Yes, while proving it on the hypervisor side may be doable, I am quite > unsure about PV guests. > Some calls to HYPERVISOR_mmuext_op incidentally call invlpg and alike > which could be affected with this change, as the guest can "assume" some > behavior aspects of invlpg.
I wouldn't worry about PV guests. They have to delegate TLB flushing to Xen anyway, and already don't get to choose whether Xen uses INVLPG, or INVPCID, or something else to perform the requested action. We've e.g. switched from INVLPG to INVPCID as a consequence of Meltdown, and nothing exploded[1]. > Aside enabling this flag for Xen/PV guests, it can be useful to expose > it to the guests. While it's currently not going to change anything as > most of the related instructions are trapped and managed by the > hypervisor, it does affect the behavior of inside-guest INVLPGB if > enabled in the VMCB. Good point. Linux 6.14 does now use it when available. You should split this patch in two. First patch exposes it for guests, so use an H tag in cpufeatureset.h (available in HAP domains by default), and adjust hvm_efer_valid(). I think that's all you need to do, although remember CHANGELOG.md. Then the second patch turns it on for Xen. ~Andrew [1] Well, XSA-292 was a spectacular explosion, but we fixed that.
