From: Sean Christopherson <seanjc@google.com>
To: Isaku Yamahata <isaku.yamahata@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Kai Huang <kai.huang@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
Ashok Raj <ashok.raj@intel.com>, Tony Luck <tony.luck@intel.com>,
"david@redhat.com" <david@redhat.com>,
"bagasdotme@gmail.com" <bagasdotme@gmail.com>,
Dave Hansen <dave.hansen@intel.com>,
"ak@linux.intel.com" <ak@linux.intel.com>,
Rafael J Wysocki <rafael.j.wysocki@intel.com>,
"kirill.shutemov@linux.intel.com"
<kirill.shutemov@linux.intel.com>,
Reinette Chatre <reinette.chatre@intel.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
Isaku Yamahata <isaku.yamahata@intel.com>,
"nik.borisov@suse.com" <nik.borisov@suse.com>,
"hpa@zytor.com" <hpa@zytor.com>, Sagi Shahar <sagis@google.com>,
"imammedo@redhat.com" <imammedo@redhat.com>,
"bp@alien8.de" <bp@alien8.de>, Chao Gao <chao.gao@intel.com>,
Len Brown <len.brown@intel.com>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Ying Huang <ying.huang@intel.com>,
Dan J Williams <dan.j.williams@intel.com>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand
Date: Fri, 30 Jun 2023 14:24:56 -0700 [thread overview]
Message-ID: <ZJ9IKALhz1Q6ogu1@google.com> (raw)
In-Reply-To: <20230630190514.GH3436214@ls.amr.corp.intel.com>
On Fri, Jun 30, 2023, Isaku Yamahata wrote:
> On Fri, Jun 30, 2023 at 08:30:20PM +0200,
> Peter Zijlstra <peterz@infradead.org> wrote:
>
> > On Fri, Jun 30, 2023 at 09:55:32AM +0000, Huang, Kai wrote:
> > > On Fri, 2023-06-30 at 11:26 +0200, Peter Zijlstra wrote:
> > > > On Thu, Jun 29, 2023 at 12:10:00AM +0000, Huang, Kai wrote:
> > > > > On Wed, 2023-06-28 at 15:17 +0200, Peter Zijlstra wrote:
> > > > > > On Tue, Jun 27, 2023 at 02:12:37AM +1200, Kai Huang wrote:
> > > > > > > +EXPORT_SYMBOL_GPL(tdx_cpu_enable);
> > > > > >
> > > > > > I can't find a single caller of this.. why is this exported?
> > > > >
> > > > > It's for KVM TDX patch to use, which isn't in this series.
> > > > >
> > > > > I'll remove the export. KVM TDX series can export it.
> > > >
> > > > Fair enough; where will the KVM TDX series call this? Earlier there was
> > > > talk about doing it at kvm module load time -- but I objected (and still
> > > > do object) to that.
> > > >
> > > > What's the current plan?
> > > >
> > >
> > > The direction is still doing it during module load (not my series anyway). But
> > > this can be a separate discussion with KVM maintainers involved.
> >
> > They all on Cc afaict.
> >
> > > I understand you have concern that you don't want to have the memory & cpu time
> > > wasted on enabling TDX by default. For that we can have a kernel command line
> > > to disable TDX once for all (we can even make it default).
> >
> > That's insane, I don't want to totally disable it. I want it done at
> > guard creation. Do the whole TDX setup the moment you actually create a
> > TDX guast.
> >
> > Totally killing TDX is stupid,
I dunno about that, *totally* killing TDX would make my life a lot simpler ;-)
> > just about as stupid as doing it on module load (which equates to always
> > doing it).
> >
> > > Also, KVM will have a module parameter 'enable_tdx'. I am hoping this could
> > > reduce your concern too.
> >
> > I don't get this obsession with doing at module load time :/
Waiting until userspace attempts to create the first TDX guest adds complexity
and limits what KVM can do to harden itself. Currently, all feature support in
KVM is effectively frozen at module load. E.g. most of the setup code is
contained in __init functions, many module-scoped variables are effectively
RO after init (though they can't be marked as such until we smush kvm-intel.ko
and kvm-amd.ko into kvm.ko, which is tentatively the long-term plan). All of
those patterns would get tossed aside if KVM waits until userspace attempts to
create the first guest.
The userspace experience would also be poor, as KVM can't know whether or TDX is
actually supported until the TDX module is fully loaded and configured. KVM waits
until VM creation to enable VMX, but that's pure enabling and more or less
guaranteed to succeed, e.g. will succeed barring hardware failures, software bugs,
or *severe* memory pressure.
There are also latency and noisy neighbor concerns, e.g. we *really* don't want
to end up in a situation where creating a TDX guest for a customer can observe
arbitrary latency *and* potentially be disruptive to VMs already running on the
host.
Userspace can workaround the second and third issues by spawning a dummy TDX guest
as early as possible, but that adds complexity to userspace, especially if there's
any desire for it to be race free, e.g. with respect to reporting system capabilities
to the control plan.
On the flip side, limited hardware availability (unless Intel has changed its
tune) and the amount of enabling that's required in BIOS and whatnot makes it
highly unlikely that random Linux users are going to unknowingly boot with TDX
enabled.
That said, if this is a sticking point, let's just make enable_tdx off by default,
i.e. force userspace to opt-in. Deployments that *know* they may want to schedule
TDX VMs on the host can simply force the module param. And for everyone else,
since KVM is typically configured as a module by distros, KVM can be unloaded and
reload if the user realizes they want TDX well after the system is up and running.
> The KVM maintainers prefer the initialization on kvm_intel.ko loading time. [1]
You can say "Sean", I'm not the bogeyman :-)
> I can change enable_tdx parameter for kvm_intel.ko instead of boolean.
> Something like
>
> enable_tdx
> ondemand: on-demand initialization when creating the first TDX guest
> onload: initialize TDX module when loading kvm_intel.ko
No, that's the most complex path and makes no one happy.
> disable: disable TDX support
next prev parent reply other threads:[~2023-06-30 21:25 UTC|newest]
Thread overview: 159+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-26 14:12 [PATCH v12 00/22] TDX host kernel support Kai Huang
2023-06-26 14:12 ` [PATCH v12 01/22] x86/tdx: Define TDX supported page sizes as macros Kai Huang
2023-06-26 14:12 ` [PATCH v12 02/22] x86/virt/tdx: Detect TDX during kernel boot Kai Huang
2023-06-26 14:12 ` [PATCH v12 03/22] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC Kai Huang
2023-06-26 14:12 ` [PATCH v12 04/22] x86/cpu: Detect TDX partial write machine check erratum Kai Huang
2023-06-29 11:22 ` David Hildenbrand
2023-06-26 14:12 ` [PATCH v12 05/22] x86/virt/tdx: Add SEAMCALL infrastructure Kai Huang
2023-06-27 9:48 ` kirill.shutemov
2023-06-27 10:28 ` Huang, Kai
2023-06-27 11:36 ` kirill.shutemov
2023-06-28 0:19 ` Isaku Yamahata
2023-06-28 3:09 ` Chao Gao
2023-06-28 3:34 ` Huang, Kai
2023-06-28 11:50 ` kirill.shutemov
2023-06-28 23:31 ` Huang, Kai
2023-06-29 11:25 ` David Hildenbrand
2023-06-28 12:58 ` Peter Zijlstra
2023-06-28 13:54 ` Peter Zijlstra
2023-06-28 23:25 ` Huang, Kai
2023-06-29 10:15 ` kirill.shutemov
2023-06-28 23:21 ` Huang, Kai
2023-06-29 3:40 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 06/22] x86/virt/tdx: Handle SEAMCALL running out of entropy error Kai Huang
2023-06-28 13:02 ` Peter Zijlstra
2023-06-28 23:30 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand Kai Huang
2023-06-26 21:21 ` Sathyanarayanan Kuppuswamy
2023-06-27 10:37 ` Huang, Kai
2023-06-27 9:50 ` kirill.shutemov
2023-06-27 10:34 ` Huang, Kai
2023-06-27 12:18 ` kirill.shutemov
2023-06-27 22:37 ` Huang, Kai
2023-06-28 0:28 ` Huang, Kai
2023-06-28 11:55 ` kirill.shutemov
2023-06-28 13:35 ` Peter Zijlstra
2023-06-29 0:15 ` Huang, Kai
2023-06-30 9:22 ` Peter Zijlstra
2023-06-30 10:09 ` Huang, Kai
2023-06-30 18:42 ` Isaku Yamahata
2023-07-01 8:15 ` Huang, Kai
2023-06-28 0:31 ` Isaku Yamahata
2023-06-28 13:04 ` Peter Zijlstra
2023-06-29 0:00 ` Huang, Kai
2023-06-30 9:25 ` Peter Zijlstra
2023-06-30 9:48 ` Huang, Kai
2023-06-28 13:08 ` Peter Zijlstra
2023-06-29 0:08 ` Huang, Kai
2023-06-28 13:17 ` Peter Zijlstra
2023-06-29 0:10 ` Huang, Kai
2023-06-30 9:26 ` Peter Zijlstra
2023-06-30 9:55 ` Huang, Kai
2023-06-30 18:30 ` Peter Zijlstra
2023-06-30 19:05 ` Isaku Yamahata
2023-06-30 21:24 ` Sean Christopherson [this message]
2023-06-30 21:58 ` Dan Williams
2023-06-30 23:13 ` Dave Hansen
2023-07-03 10:38 ` Peter Zijlstra
2023-07-03 10:49 ` Peter Zijlstra
2023-07-03 14:40 ` Dave Hansen
2023-07-03 15:03 ` Peter Zijlstra
2023-07-03 15:26 ` Dave Hansen
2023-07-03 17:55 ` kirill.shutemov
2023-07-03 18:26 ` Dave Hansen
2023-07-05 7:14 ` Peter Zijlstra
2023-07-04 16:58 ` Peter Zijlstra
2023-07-04 21:50 ` Huang, Kai
2023-07-05 7:16 ` Peter Zijlstra
2023-07-05 7:54 ` Huang, Kai
2023-07-05 14:34 ` Dave Hansen
2023-07-05 14:57 ` Peter Zijlstra
2023-07-06 14:49 ` Dave Hansen
2023-07-10 17:58 ` Sean Christopherson
2023-06-29 11:31 ` David Hildenbrand
2023-06-29 22:58 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 08/22] x86/virt/tdx: Get information about TDX module and TDX-capable memory Kai Huang
2023-06-27 9:51 ` kirill.shutemov
2023-06-27 10:45 ` Huang, Kai
2023-06-27 11:37 ` kirill.shutemov
2023-06-27 11:46 ` Huang, Kai
2023-06-28 14:10 ` Peter Zijlstra
2023-06-29 9:15 ` Huang, Kai
2023-06-30 9:34 ` Peter Zijlstra
2023-06-30 9:58 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 09/22] x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory Kai Huang
2023-06-28 14:17 ` Peter Zijlstra
2023-06-29 0:57 ` Huang, Kai
2023-07-11 11:38 ` David Hildenbrand
2023-07-11 12:27 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 10/22] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions Kai Huang
2023-06-26 14:12 ` [PATCH v12 11/22] x86/virt/tdx: Fill out " Kai Huang
2023-07-04 7:28 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 12/22] x86/virt/tdx: Allocate and set up PAMTs for TDMRs Kai Huang
2023-06-27 9:51 ` kirill.shutemov
2023-07-04 7:40 ` Yuan Yao
2023-07-04 8:59 ` Huang, Kai
2023-07-11 11:42 ` David Hildenbrand
2023-07-11 11:49 ` Huang, Kai
2023-07-11 11:55 ` David Hildenbrand
2023-06-26 14:12 ` [PATCH v12 13/22] x86/virt/tdx: Designate reserved areas for all TDMRs Kai Huang
2023-07-05 5:29 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 14/22] x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID Kai Huang
2023-07-05 6:49 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 15/22] x86/virt/tdx: Configure global KeyID on all packages Kai Huang
2023-07-05 8:13 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 16/22] x86/virt/tdx: Initialize all TDMRs Kai Huang
2023-07-06 5:31 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 17/22] x86/kexec: Flush cache of TDX private memory Kai Huang
2023-06-26 14:12 ` [PATCH v12 18/22] x86/virt/tdx: Keep TDMRs when module initialization is successful Kai Huang
2023-06-28 9:04 ` Nikolay Borisov
2023-06-29 1:03 ` Huang, Kai
2023-06-28 12:23 ` kirill.shutemov
2023-06-28 12:48 ` Nikolay Borisov
2023-06-29 0:24 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 19/22] x86/kexec(): Reset TDX private memory on platforms with TDX erratum Kai Huang
2023-06-28 9:20 ` Nikolay Borisov
2023-06-29 0:32 ` Dave Hansen
2023-06-29 0:58 ` Huang, Kai
2023-06-29 3:19 ` Huang, Kai
2023-06-29 5:38 ` Huang, Kai
2023-06-29 9:45 ` Huang, Kai
2023-06-29 9:48 ` Nikolay Borisov
2023-06-28 12:29 ` kirill.shutemov
2023-06-29 0:27 ` Huang, Kai
2023-07-07 4:01 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 20/22] x86/virt/tdx: Allow SEAMCALL to handle #UD and #GP Kai Huang
2023-06-28 12:32 ` kirill.shutemov
2023-06-28 15:29 ` Peter Zijlstra
2023-06-28 20:38 ` Peter Zijlstra
2023-06-28 21:11 ` Peter Zijlstra
2023-06-28 21:16 ` Peter Zijlstra
2023-06-30 9:03 ` kirill.shutemov
2023-06-30 10:02 ` Huang, Kai
2023-06-30 10:22 ` kirill.shutemov
2023-06-30 11:06 ` Huang, Kai
2023-06-29 10:33 ` Huang, Kai
2023-06-30 10:06 ` Peter Zijlstra
2023-06-30 10:18 ` Huang, Kai
2023-06-30 15:16 ` Dave Hansen
2023-07-01 8:16 ` Huang, Kai
2023-06-30 10:21 ` Peter Zijlstra
2023-06-30 11:05 ` Huang, Kai
2023-06-30 12:06 ` Peter Zijlstra
2023-06-30 15:14 ` Peter Zijlstra
2023-07-03 12:15 ` Huang, Kai
2023-07-05 10:21 ` Peter Zijlstra
2023-07-05 11:34 ` Huang, Kai
2023-07-05 12:19 ` Peter Zijlstra
2023-07-05 12:53 ` Huang, Kai
2023-07-05 20:56 ` Isaku Yamahata
2023-07-05 12:21 ` Peter Zijlstra
2023-06-29 11:16 ` kirill.shutemov
2023-06-29 10:00 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 21/22] x86/mce: Improve error log of kernel space TDX #MC due to erratum Kai Huang
2023-06-28 12:38 ` kirill.shutemov
2023-07-07 7:26 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 22/22] Documentation/x86: Add documentation for TDX host support Kai Huang
2023-06-28 7:04 ` [PATCH v12 00/22] TDX host kernel support Yuan Yao
2023-06-28 8:12 ` Huang, Kai
2023-06-29 1:01 ` Yuan Yao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZJ9IKALhz1Q6ogu1@google.com \
--to=seanjc@google.com \
--cc=ak@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=bagasdotme@gmail.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=reinette.chatre@intel.com \
--cc=sagis@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox