[PATCH v2] arm64: tlbflush: Don't broadcast if mm was only active on local cpu
Will Deacon
will at kernel.org
Mon Jun 15 07:44:20 PDT 2026
On Mon, Jun 15, 2026 at 01:39:43PM +0100, Mark Rutland wrote:
> On Sun, Jun 14, 2026 at 12:04:44PM +0100, Will Deacon wrote:
> > On Sat, May 23, 2026 at 07:17:10PM +0530, Linu Cherian wrote:
>
> > > static inline void flush_tlb_mm(struct mm_struct *mm)
> > > {
> > > unsigned long asid;
> > > + bool local;
> > >
> > > - dsb(ishst);
> > > + local = flush_tlb_user_pre(mm, TLBF_NONE);
> > > asid = __TLBI_VADDR(0, ASID(mm));
> > > - __tlbi(aside1is, asid);
> > > - __tlbi_user(aside1is, asid);
> > > - __tlbi_sync_s1ish(mm);
> > > + if (local) {
> > > + __tlbi(aside1, asid);
> > > + __tlbi_user(aside1, asid);
> > > + dsb(nsh);
> > > + } else {
> > > + __tlbi(aside1is, asid);
> > > + __tlbi_user(aside1is, asid);
> > > + __tlbi_sync_s1ish(mm);
> > > + }
> > > + flush_tlb_user_post(local);
> >
> > I think you've changed this since Ryan's original patch, but why are you
> > only calling __tlbi_sync_s1ish() for the !local case? Doesn't that break
> > the erratum workaround when running as a VM if the vCPU is migrated?
>
> The errata mitigated by __tlbi_sync_s1ish() only affect broadcast
> maintenance (the 'ish' in the name was intended to convey that). No
> workaround is necessary for local TLB maintenance; aside from anything
> else, when some PE executes the DSB to complete the maintenance, that
> DSB alone is sufficient to complete memory accesses made by that PE.
>
> If it would make things clearer, we could add a __tlbi_sync_s1nsh()
> helper for the local case, which would boil down to a DSB NSH.
No, I don't think that's what I'm concerned about.
> Regardless of the erratum, to correctly handle a vCPU being migrated
> from pCPU-x to pCPU-y, we rely on:
>
> * The host to set HCR_EL2.FB to ensure that TLB maintenance is
> broadcast to the ISH domain.
>
> * The host to set HCR_EL2.BSU to ensure the DSB is upgrade to ISH such
> that any guest-issued DSB NSH will it can complete any TLB maintenance
> that was upgraded to ISH.
>
> * The host to issue a DSB ISH on pCPU-x before the vCPU can run on
> pCPU-y, to complete any outstanding maintenance that was issued on
> pCPU-x. IIUC a DSB ISH on pCPU-y is not architecturally sufficient; it
> must be executed on the same CPU which issued the TLB maintenance.
>
> ... but as above, all of that should be independent of any of the errata
> that require the workaround.
Yes, I understand all of the above but the case I'm struggling with is
where a vCPU runs on a system that needs the TLB invalidation to be
performed twice. For non-broadcast invalidation (from the guest
perspective), this patch will mean that it only performs the
invalidation once. So if the vCPU migrates to another physical CPU, can
that effectively undo the HCR_EL2.FB upgrade unless KVM issues TLB
invalidation as well as a DSB on migration?
Maybe I'm missing something, as it looks like upstream already elides
the call to __tlbi_sync_s1ish() for the NOBROADCAST case.
Will
More information about the linux-arm-kernel
mailing list