From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEC0CC678D5 for ; Wed, 8 Mar 2023 01:11:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 337AD6B0072; Tue, 7 Mar 2023 20:11:48 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2BF5D280001; Tue, 7 Mar 2023 20:11:48 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 15F626B0074; Tue, 7 Mar 2023 20:11:48 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id F33C86B0072 for ; Tue, 7 Mar 2023 20:11:47 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id C0847A0E0F for ; Wed, 8 Mar 2023 01:11:47 +0000 (UTC) X-FDA: 80543953854.16.F3B4BDC Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by imf05.hostedemail.com (Postfix) with ESMTP id ECE2C100010 for ; Wed, 8 Mar 2023 01:11:45 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=CTurYiWZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf05.hostedemail.com: domain of isaku.yamahata@gmail.com designates 209.85.214.177 as permitted sender) smtp.mailfrom=isaku.yamahata@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678237906; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=J8ONqigr/nW5tIGEdhR+R75AMkzFf0+8XY3jd4ywJU8=; b=C1Bt7gKm26FDeNLnQjw6CDMdSFp+tgTyVvzx1bfwMW84r3hlzFvqlXNJUsVaiweMEIKhCJ +R2PM37rYJW9UgH+sm4WWrxbZZ9JH+AzQAqNRWeraevvXQ9N3VS3pV4ymwjbSNUAwhzY8p Zsf88Oa90cEBrPBPqMmsgfvM3jeCQiA= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=CTurYiWZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf05.hostedemail.com: domain of isaku.yamahata@gmail.com designates 209.85.214.177 as permitted sender) smtp.mailfrom=isaku.yamahata@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678237906; a=rsa-sha256; cv=none; b=GCDRhJ+Z6ox528imL9A/1/KKbginziKRyut/+ZTcCeT4c2v2we2m+pzneeusfTyxE4TqXf 04v3sTTQKDQWnzzfQ4VdHfQi49uLhKP9mTB4NybS0OXa2kxEQaGOaGpyyEttivHSSdcYU1 6nQXi8EzqSL2YcnFdpH3NnqCoVEF9YE= Received: by mail-pl1-f177.google.com with SMTP id p6so16253201plf.0 for ; Tue, 07 Mar 2023 17:11:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678237905; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=J8ONqigr/nW5tIGEdhR+R75AMkzFf0+8XY3jd4ywJU8=; b=CTurYiWZ1Reif4YElUxcDwN65AMotRsNZDFfJ2kkGI+x1H061rieocTa0gAfRwvoqD hi5o+VCD2ur3RVP9FCM70oWpMOXT6+Eg+csEgOzmqX+imPr9V3+UstRE4q33FyGHoOgV Ls5LfMps+bNLyousqRclhKwK9u/bgOBXqLS/xFk5ZnwVuoerlNIz8kCMzYRLmLQa+eGC cVcUvWBSvf972Qn4vL3I+687/RgYp0RkD2X7S2qCXE4cry2bHxDjg8zu4GtglLW+wYZi QLa79vj205bTcpGSx5iOPZdKi3mYBfIvDTmbW6Vj0TrM52JdhbEqMw0uDaBieR0wFCa6 cDMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678237905; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=J8ONqigr/nW5tIGEdhR+R75AMkzFf0+8XY3jd4ywJU8=; b=R1V1vt6XEVjm/7S+UvGM1Imp6G4JLIHUFDLgIOjpU8tbRlWJEm8Mj8utLnqHE6x1kB 1um13O4AUgohRsJTsB3CVamtKvvDvjRSv2Vd1Toua4dF7NG836gyV8NdXNZhhsJbjVoI zYIzXPUWpEfrYWe7N5TsPgfla4yMtrlo1XqIkxRZDzYc+LNAOG6QTxbTK2Mn6XJA0nYM EMXsRfWKY6sS4toFABazuXQG5KzThLbMGZB5pUWXzmqNKhxyMsxR53adPvn36PAHUq7Z uDnlN/1iOEsCJc/5xcmGV5zVm4dmuYXWJALFWtZ7yKjMp2pVMHbDrFipE9hTfJqIqill kHSQ== X-Gm-Message-State: AO0yUKUGnR0HCn3kmnG3OCYjViAlwOcdQfRiUq9BRwFP11yb6zUh+FKe oNmxk+yAFlAyXskeMx+qKiE= X-Google-Smtp-Source: AK7set+ES0Hb20zvp5kC5ZcodaywSCanx9+95gQWDBrVrMkniBi+h2ZtoNgZCRC5UzA7EkKCq3HZfA== X-Received: by 2002:a17:902:ebc4:b0:19d:461:9628 with SMTP id p4-20020a170902ebc400b0019d04619628mr18533027plg.34.1678237904581; Tue, 07 Mar 2023 17:11:44 -0800 (PST) Received: from localhost ([192.55.54.55]) by smtp.gmail.com with ESMTPSA id q10-20020a63504a000000b004fcda0e59c3sm8153904pgl.69.2023.03.07.17.11.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 07 Mar 2023 17:11:43 -0800 (PST) Date: Tue, 7 Mar 2023 17:11:42 -0800 From: Isaku Yamahata To: Kai Huang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, dave.hansen@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, david@redhat.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, isaku.yamahata@gmail.com Subject: Re: [PATCH v10 00/16] TDX host kernel support Message-ID: <20230308011142.GA2841114@ls.amr.corp.intel.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: ECE2C100010 X-Stat-Signature: o6xuin6e4hkahiccgr9prtficmskt4be X-HE-Tag: 1678237905-757306 X-HE-Meta: U2FsdGVkX186GByUPPdAqwJRZxIdxKrwGSnM2HKizn44ibMBKsxNDZS2jwPt+IpXXsc3AJ+ChIYpIR72ZvuVfuprytdhkqTuFzqB8aRwXsnWgW59Ct/2V4c6gywxIgqQhderNL/QP463LRw7ByE76esMTRWP5TiKnE5o0hIEQITmRmZLmjARYmX+i/Z3HVF3vbeoJBI58wxbT77JoyaLimp0DCYrQBgqm7IGpFkaDLQF0rMCAH1KaMWKKzoC/I+PDTX/hAOFn9uHleTAhW+DhL+LIGDCUTr5NgA83j1PVyrjbnucGf9OgKSqARh0Dt/EfEK24BDR7gSUFPVaxvmsqAS9Agvbi+KjkTUsM3eu/Jdau9nA6KlJulwQBs5/L2XMHA5axx5ENpWxMPBazJcM8NOxBhZarudN7vzZ+M7dthTrKOAcp0C9qayuIZP7qks6BAEJbo4XhxxlL4Ixl3dLWJThmSGoDkgm1a3GISxhVd2r2gvGE3UG4gsjxr+2f9V9y4YFCfw3AMkIdCEwybEiHbTjqZibvizMnfLqcm2VyVY0aAx5JhtqmH2SSB3NkFULS/tmIwfIKkkMbClHoQgvEAv5qtWD5T/d0hjf85kp8EUfAne1mDvHf7v3ng8ajVs0CORH0/NjVmkRdYZA6hNEvzf4VpNZ+mXsgVPud4Wq7sblpRhcpksFC5Iu0x+dzDLTq+MYnyzpFH4CQ4hI58FcEP/YbaDUp4n2ZWVxzvZrgzE6oyjaMj60QuPQpr2TxM/cZX2TOoeh2gJThiX9nGiCWpDn8gsEpitIxhrrebOgCXYcAbdTq3C+pgjzWlqgJx8a4a7Q5/s//ge2JYN1W7Cfq+m9HDywaptj7BOW7jvoM0x+ge9iYPdzCCwPKaAVI4ZArhTo/9eJdT4BGdmfJmFSZfHMnO8U+sqnGXpN14aNJCCultiaPAHuaV51JFtejSm9XSsuy7gDDFPCgdCG3QI 2NrondRZ 0dCT/WjFk362vREyYtsCeIUwzEGUmLX5WGIRwj2e7xBYano6vstgzH72IcEQ+hvyytDXjCsx/Fklj9PXar3LmkmCfDnTZ8OFBsuRO6w+bsnudxcqwFSzOJCcsSwQY16nXzLFauLZnATiJ4NnJ8m55z4w9X7Tc/HzQ/lXRYYF9x/J77uRmuPJrLC72SfL0r5ltW0x1z7MQJvvdBCGJPjmUC/cRVg/U/W/2GgBWro0icsTkYlCG9hMbhiy627IDrCHxTXrRfjzQ8FSCUTaAzmptQts9FMOjD/+sgFD/CuUIPA8AZlBcERu3vYhrq/dJlqO013g+9Upeu2ygFqIFRWvPNLoCHPt7pJX18au8m3Sp5mFXoCnKY+/Tb5l44xRJ6bgk5BgDdNk5misqT6dnMw9y8xcw642BxwMxBAvy4bOvkGaveSiU0kYQi8tUZNdDAdDjD0NiIRJxhxBCM2TSB71IhwYz/lH0716u6pf02LDyPEz/jWhyfa9fCyHFybHJVXG4CTstkoa8apDhJzGojiBAwZ16bj3mBNUhj/ntGtot8hNIek1fbp+ehY7KMxZR5hy8z8ybO0ODoXnTzgG925gHGiQr0RtKxlMWsRZ8ySGusMdYmTb6e90NXo24ALfGlMabiaqBsL6uLRczAqKdR7iCjPRb1yKNBui2q0O/5QCxHVBJZwk= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Mar 07, 2023 at 03:13:45AM +1300, Kai Huang wrote: > Intel Trusted Domain Extensions (TDX) protects guest VMs from malicious > host and certain physical attacks. TDX specs are available in [1]. > > This series is the initial support to enable TDX with minimal code to > allow KVM to create and run TDX guests. KVM support for TDX is being > developed separately[2]. A new "userspace inaccessible memfd" approach > to support TDX private memory is also being developed[3]. The KVM will > only support the new "userspace inaccessible memfd" as TDX guest memory. > > This series doesn't aim to support all functionalities, and doesn't aim > to resolve all things perfectly. For example, memory hotplug is handled > in simple way (please refer to "Kernel policy on TDX memory" and "Memory > hotplug" sections below). > > (For memory hotplug, sorry for broadcasting widely but I cc'ed the > linux-mm@kvack.org following Kirill's suggestion so MM experts can also > help to provide comments.) > > And TDX module metadata allocation just uses alloc_contig_pages() to > allocate large chunk at runtime, thus it can fail. It is imperfect now > but _will_ be improved in the future. > > Also, the patch to add the new kernel comline tdx="force" isn't included > in this initial version, as Dave suggested it isn't mandatory. But I > _will_ add one once this initial version gets merged. > > All other optimizations will be posted as follow-up once this initial > TDX support is upstreamed. > > Hi Dave, Peter, Thomas, Dan (and Intel reviewers), > > The environment to test the new LP.INIT SEAMCALL behaviour hasn't been > done yet, thus I haven't tested the new behaviour. Instead, I tested > with all cpus are online when initializing the TDX module. CPU hotplug > path isn't really tested although I did some basic test that I can > offline some cpus after module initialization, online them again and the > LP.INIT was skipped successfully for them. > > However I believe there should be no issue when the new module is ready. > I will test and report back when the new module is ready. > > I would appreciate if folks could review this presumptive series anyway. > > And I would appreciate reviewed-by or acked-by tags if the patches look > good to you. > > ----- Changelog history: ------ > > - v9 -> v10: > > - Changed the per-cpu initalization handling > - Gave up "ensuring all online cpus are TDX-runnable when TDX module > is initialized", but just provide two basic functions, tdx_enable() > and tdx_cpu_enable(), to let the user of TDX to make sure the > tdx_cpu_enable() has been done successfully when the user wants to > use particular cpu for TDX. > - Thus, moved per-cpu initialization out of tdx_enable(). Now > tdx_enable() just assumes VMXON and tdx_cpu_enable() has been done > on all online cpus before calling it. > - Merged the tdx_enable() skeleton patch and per-cpu initialization > patch together to tell better story. > - Moved "SEAMCALL infrastructure" patch before the tdx_enable() patch. > > v9: https://lore.kernel.org/lkml/cover.1676286526.git.kai.huang@intel.com/ > > - v8 -> v9: > > - Added patches to handle TDH.SYS.INIT and TDH.SYS.LP.INIT back. > - Other changes please refer to changelog histroy in individual patches. I've rebased my TDX KVM patches to this patch series and updated initialization. With all LPs online with the existing TDX module and I did cpu online/offline while TD running. Test-by: Isaku Yamahata -- Isaku Yamahata