KVM: SEV: Avoid WBINVD for HVA-based MMU notifications for SNP

ashkalra · bonzini · commit ea262f8a7c36 · 2024-05-12T04:09:33.000-04:00
With SNP/guest_memfd, private/encrypted memory should not be mappable,
and MMU notifications for HVA-mapped memory will only be relevant to
unencrypted guest memory. Therefore, the rationale behind issuing a
wbinvd_on_all_cpus() in sev_guest_memory_reclaimed() should not apply
for SNP guests and can be ignored.

Signed-off-by: Ashish Kalra &lt;ashish.kalra@amd.com&gt;
Reviewed-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
[mdr: Add some clarifications in commit]
Signed-off-by: Michael Roth &lt;michael.roth@amd.com&gt;
Message-ID: &lt;20240501085210.2213060-17-michael.roth@amd.com&gt;
Signed-off-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
@@ -3039,7 +3039,13 @@ static void sev_flush_encrypted_page(struct kvm_vcpu *vcpu, void *va)
 
 void sev_guest_memory_reclaimed(struct kvm *kvm)
 {
-	if (!sev_guest(kvm))
+	/*
+	 * With SNP+gmem, private/encrypted memory is unreachable via the
+	 * hva-based mmu notifiers, so these events are only actually
+	 * pertaining to shared pages where there is no need to perform
+	 * the WBINVD to flush associated caches.
+	 */
+	if (!sev_guest(kvm) || sev_snp_guest(kvm))
 		return;
 
 	wbinvd_on_all_cpus();
