| Message ID | b8541a3c70058a74c837352901f2e6a8b45e4fa2.1713258186.git.vaishali.thakkar@vates.tech (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | x86/svm: Add flushbyasid in the supported features | expand |
On 16/04/2024 10:08 am, Vaishali Thakkar wrote: > TLB Flush by ASID is missing in the list of supported features > here. So, add it. > > Signed-off-by: Vaishali Thakkar <vaishali.thakkar@vates.tech> > --- > xen/arch/x86/hvm/svm/svm.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c > index a745acd903..4719fffae5 100644 > --- a/xen/arch/x86/hvm/svm/svm.c > +++ b/xen/arch/x86/hvm/svm/svm.c > @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) > P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); > P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); > P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); > + P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); > P(cpu_has_svm_decode, "DecodeAssists"); > P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); > P(cpu_has_svm_vgif, "Virtual GIF"); This is consistent with pre-existing behaviour, so Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> However, an ever increasing list of lines like this is something I'm trying to push back against. They don't match the configured state of VMs in the system, not least because one of the things required to fix security vulnerabilities in nested virt is to break the (false) assumption that there is a single global state of how a VM is configured. These ones in particular are just about to appear in CPU policies. ~Andrew
On 4/16/24 3:38 PM, Andrew Cooper wrote: > On 16/04/2024 10:08 am, Vaishali Thakkar wrote: >> TLB Flush by ASID is missing in the list of supported features >> here. So, add it. >> >> Signed-off-by: Vaishali Thakkar <vaishali.thakkar@vates.tech> >> --- >> xen/arch/x86/hvm/svm/svm.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c >> index a745acd903..4719fffae5 100644 >> --- a/xen/arch/x86/hvm/svm/svm.c >> +++ b/xen/arch/x86/hvm/svm/svm.c >> @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) >> P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); >> P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); >> P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); >> + P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); >> P(cpu_has_svm_decode, "DecodeAssists"); >> P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); >> P(cpu_has_svm_vgif, "Virtual GIF"); > > This is consistent with pre-existing behaviour, so > > Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> Thanks. > However, an ever increasing list of lines like this is something I'm > trying to push back against. > > They don't match the configured state of VMs in the system, not least Right, makes sense to not add more stuff to print here. > because one of the things required to fix security vulnerabilities in > nested virt is to break the (false) assumption that there is a single > global state of how a VM is configured. > > These ones in particular are just about to appear in CPU policies. As part of nested virt work? > ~Andrew
diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index a745acd903..4719fffae5 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2510,6 +2510,7 @@ const struct hvm_function_table * __init start_svm(void) P(cpu_has_svm_lbrv, "Last Branch Record (LBR) Virtualisation"); P(cpu_has_svm_nrips, "Next-RIP Saved on #VMEXIT"); P(cpu_has_svm_cleanbits, "VMCB Clean Bits"); + P(cpu_has_svm_flushbyasid, "TLB flush by ASID"); P(cpu_has_svm_decode, "DecodeAssists"); P(cpu_has_svm_vloadsave, "Virtual VMLOAD/VMSAVE"); P(cpu_has_svm_vgif, "Virtual GIF");
TLB Flush by ASID is missing in the list of supported features here. So, add it. Signed-off-by: Vaishali Thakkar <vaishali.thakkar@vates.tech> --- xen/arch/x86/hvm/svm/svm.c | 1 + 1 file changed, 1 insertion(+)