From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3CF1CEB64DC for ; Thu, 6 Jul 2023 14:50:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A7CFF6B0071; Thu, 6 Jul 2023 10:50:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A2CD46B0072; Thu, 6 Jul 2023 10:50:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8F5C98D0001; Thu, 6 Jul 2023 10:50:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 805D16B0071 for ; Thu, 6 Jul 2023 10:50:02 -0400 (EDT) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id CE533140C80 for ; Thu, 6 Jul 2023 14:50:01 +0000 (UTC) X-FDA: 80981471802.19.5E6EDF7 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by imf09.hostedemail.com (Postfix) with ESMTP id DF838140016 for ; Thu, 6 Jul 2023 14:49:56 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=K8H1WZyM; spf=pass (imf09.hostedemail.com: domain of dave.hansen@intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=dave.hansen@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688654999; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XiP7v9LJ79kBKJKTUFUrvHE8qy+JYU6OdfdFuC4NZ2k=; b=n6Hyv/zjYVcDNPs1TIvzSloWCWVN3J4403c7Gq1I5DSvQC5ZL3IL12rxpuy8UvtJugV14l Un8QBRFfgsIb5eDxqM3s4WEFvZzE9tDPYhf1mwu9O7erbvuwBPxLWM/ptYUtVAyPSz40/6 Y2plk02yY+FO0/8EIEwUiFUaatQFLe0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688654999; a=rsa-sha256; cv=none; b=tcZwH1ZK84n4z1B7UuA7WjAGfZE1aM2S+yDJbsAAyAYVzXNRVgn1PzIwRwvz+SwYrs+T6J HdKJkXcddkU4cGUoBMBme0LCTPL3B9CuRm/XfA3dRavzNO7VvwPtho2cOc8x3/N13J+q0W G/GNRwmQuHkega2fwQCb7slvbpyF4ZI= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=K8H1WZyM; spf=pass (imf09.hostedemail.com: domain of dave.hansen@intel.com designates 192.55.52.136 as permitted sender) smtp.mailfrom=dave.hansen@intel.com; dmarc=pass (policy=none) header.from=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1688654997; x=1720190997; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=0nzzDQA6LpkeZuLlmFjdXa775S2+WzO38zFOZwwC/sU=; b=K8H1WZyMJR5lhIIfVT8w5bB2qHTBCTD6e1tPh+b7PAbZ6zD63JG8dL+u ZZ3Kl+o3OiERlJRDLSBjUFAyasNNld/mBrgURjsYhX3kqeiJ7Kdq28SZM Kkl3nrE9WYqHXsLLRhCRYeVdSvRQGrkqQkR6Wb9bEFgItdfQNsj6/d/vN rnJ6MjCxxdn7EtCvg0PlQMrp41peCzyxA2i97PsodW63ElnoMetzB1iIb j2lQSaVLsBqnGCQ/ej6dWx83/jvvdONp/qG7iXeFAF9oyC8KVJovUJ7pg s780WreYGnk32PujJVidLAT2HSmTS22anYNJqDf04uouwhEJ+7zb2oepZ w==; X-IronPort-AV: E=McAfee;i="6600,9927,10763"; a="343209108" X-IronPort-AV: E=Sophos;i="6.01,185,1684825200"; d="scan'208";a="343209108" Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jul 2023 07:49:54 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10763"; a="749174196" X-IronPort-AV: E=Sophos;i="6.01,185,1684825200"; d="scan'208";a="749174196" Received: from adityan1-mobl1.amr.corp.intel.com (HELO [10.212.197.9]) ([10.212.197.9]) by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Jul 2023 07:49:53 -0700 Message-ID: <0c32f845-aad0-3059-2efa-9f6e3bb3affb@intel.com> Date: Thu, 6 Jul 2023 07:49:52 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand Content-Language: en-US To: Peter Zijlstra Cc: Sean Christopherson , Isaku Yamahata , Kai Huang , "kvm@vger.kernel.org" , Ashok Raj , Tony Luck , "david@redhat.com" , "bagasdotme@gmail.com" , "ak@linux.intel.com" , Rafael J Wysocki , "kirill.shutemov@linux.intel.com" , Reinette Chatre , "pbonzini@redhat.com" , "mingo@redhat.com" , "tglx@linutronix.de" , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , Isaku Yamahata , "nik.borisov@suse.com" , "hpa@zytor.com" , Sagi Shahar , "imammedo@redhat.com" , "bp@alien8.de" , Chao Gao , Len Brown , "sathyanarayanan.kuppuswamy@linux.intel.com" , Ying Huang , Dan J Williams , "x86@kernel.org" References: <104d324cd68b12e14722ee5d85a660cccccd8892.1687784645.git.kai.huang@intel.com> <20230628131717.GE2438817@hirez.programming.kicks-ass.net> <0c9639db604a0670eeae5343d456e43d06b35d39.camel@intel.com> <20230630092615.GD2533791@hirez.programming.kicks-ass.net> <2659d6eef84f008635ba300f4712501ac88cef2c.camel@intel.com> <20230630183020.GA4253@hirez.programming.kicks-ass.net> <20230630190514.GH3436214@ls.amr.corp.intel.com> <20230704165836.GB462772@hirez.programming.kicks-ass.net> <1a8099e2-da28-6b2a-7b5a-1d6346b7f95d@intel.com> <20230705145750.GD4253@hirez.programming.kicks-ass.net> From: Dave Hansen In-Reply-To: <20230705145750.GD4253@hirez.programming.kicks-ass.net> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: DF838140016 X-Rspam-User: X-Stat-Signature: 4957t3cw4p8y8e1m7qd9q6zziqrd4h8i X-Rspamd-Server: rspam03 X-HE-Tag: 1688654996-116343 X-HE-Meta: U2FsdGVkX19HCJUsh/DRrZTw8RyWnOiDcWAhL2RpXzdhrv6b81sx8FSoNTUs6r3AKTkNjP6moFhCTjWJp9OMT9UnVKVBH5cgNuB654A4h7iEp43QSITBa2DFc1yJM1yX3JXhSehlMGesDnPxr0pIOT7AqKPQt2/YCh2f/RfHMsHWzrGVioXeis+vnhCPLO+UAgv2AaKf86gJFSelYDcRNtsoh9YmSpGIPjeBXmJNNiPwkHC1ceUXAojHj1g7QutE3iIVeNkvlGhRQb2NPdmlB7qMSOAIbUEbgjigQDCQrxx3xODU1xewDvIdfuo4J/YP/wwT+CRH/ehl1wF9AnGLHIpc+RuA0OJW8dGmHIWStR66nt/VFC16NCn5MNh18+BcAFRffCIdOT5RW3HKLAe2fWAgdVsoZyUvDEYrI8BUosm7e1xFS5bGmxzJ/O8KIA+w7PxYrfL5zPVevO/HewLP0cAcxC6khDHAb9y1BES6DgzLl1sD79RDAJTzxnmLfVd28sY5KVyB24gWVisuWYbwAOeJ8FrZlxhEcLPh6Em9CGieXMIDnQ3RpbUANo9TLh/hNfQbl7daw9JogLb4vSmWIZJy15qMkXoT8PXWr/Wln2KXmvZWo7uOO8a9x9vQmd0w5QH5aXRoq117Bu9WsveO0AGJ1pzuKkeMVyasWNlNTDrX5Pj77biasi6jvh5oUZbt/MNizMVhN8BP3CszCpl1foGNvjaRYZBQGI+W19qr0ZfNi4AoJN278n3Ck88HUKVtZZ134QK+fWIVr1aFmCwCTYX+n7ZJ6KIf9udPz8qBg6DJYcv33lvcsCCevZjesJzda65GJDeYjo2mD9QY4UAKpHC1waiSzbTGPq6o+SY89EyebZHcB1TYqv4RRT/uE5+mnEwkgCuap7KWjCpTuG8B8thY64lYItGpzyUXHYsC9sVjY1sBMpHXFcB6kqeNGic5yEIvV2YS2npT9a+t3pj 4XE78UJl OCFax3LcCJ3Cc5ccUPm0ediJkyqMYGRvL/Zr9SwXl3Zm1vB+d8Eickc5kT6rfa5dPI8imVBAsdbjQ0jK1HX3G8GD9ZWpDekzKa8bApGPaJ6Z9sW+mLZArWmIGjxQhpGQIWCm3Zn2jVq2rkjUqCmy8VrETTOHJ8jivL1jQLXd3Dq6ZIMIZjnQ07eiLWyZrwW2NIGQEhc+cR70gAAdlGhVc2F77QSx5XTjtZCMuGDcugmVDmIG+i8cBRhWsFbERaxGU4U3u X-Bogosity: Ham, tests=bogofilter, spamicity=0.000019, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 7/5/23 07:57, Peter Zijlstra wrote: > On Wed, Jul 05, 2023 at 07:34:06AM -0700, Dave Hansen wrote: >> On 7/4/23 09:58, Peter Zijlstra wrote: >>> If we have concerns about allocating the PAMT array, can't we use CMA >>> for this? Allocate the whole thing at boot as CMA such that when not >>> used for TDX it can be used for regular things like userspace and >>> filecache pages? >> I never thought of CMA as being super reliable. Maybe it's improved >> over the years. >> >> KVM also has a rather nasty habit of pinning pages, like for device >> passthrough. I suspect that means that we'll have one of two scenarios: >> >> 1. CMA works great, but the TDX/CMA area is unusable for KVM because >> it's pinning all its pages and they just get moved out of the CMA >> area immediately. The CMA area is effectively wasted. >> 2. CMA sucks, and users get sporadic TDX failures when they wait a long >> time to run a TDX guest after boot. Users just work around the CMA >> support by starting up TDX guests at boot or demanding a module >> parameter be set. Hacking in CMA support was a waste. >> >> Am I just too much of a pessimist? > Well, if CMA still sucks, then that needs fixing. If CMA works, but we > have a circular fail in that KVM needs to long-term pin the PAMT pages > but long-term pin is evicted from CMA (the whole point of long-term pin, > after all), then surely we can break that cycle somehow, since in this > case the purpose of the CMA is being able to grab that memory chunk when > we needs it. > > That is, either way around is just a matter of a little code, no? It's not a circular dependency, it's conflicting requirements. CMA makes memory more available, but only in the face of unpinned pages. KVM can pin lots of pages, even outside of TDX-based VMs. So we either need to change how CMA works fundamentally or stop KVM from pinning pages.