From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 23118CDB474 for ; Fri, 20 Oct 2023 15:13:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65BFA8D0059; Fri, 20 Oct 2023 11:13:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 60C238D0003; Fri, 20 Oct 2023 11:13:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D30B8D0059; Fri, 20 Oct 2023 11:13:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 3DB758D0003 for ; Fri, 20 Oct 2023 11:13:23 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id F343D40745 for ; Fri, 20 Oct 2023 15:13:22 +0000 (UTC) X-FDA: 81366183444.26.FBB079B Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) by imf20.hostedemail.com (Postfix) with ESMTP id 44EAB1C000C for ; Fri, 20 Oct 2023 15:13:21 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="x8FK4xm/"; spf=pass (imf20.hostedemail.com: domain of 3D5kyZQYKCDwqcYlhaemmejc.amkjglsv-kkitYai.mpe@flex--seanjc.bounces.google.com designates 209.85.215.202 as permitted sender) smtp.mailfrom=3D5kyZQYKCDwqcYlhaemmejc.amkjglsv-kkitYai.mpe@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697814801; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3V/dl8/M0q65AbM9FO9EXQIgvMQ5r2H2FMc2x5re+aA=; b=D51v4M/ElP6MIF5ZsY/AVhstXdk1P04A8hHpwrBDurUrQHvYyF2SX1ZO7Pt+ghxIcFsWHp Jf3VmKM0be8/U3JynIqFry6w59c6yJSamL7m/7JL0KoLQpU4Kk3u4tv/K75uIlDG9LsXmW A9Rb3jlFPfFNYzyGweNpm6kL58NS0WM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697814801; a=rsa-sha256; cv=none; b=l9pB2hibZKd1ztEgE88FU5ern1tKssgm1EDd/NAB334Qps0pShqn5PiDSAJxRolZVA0gHl 7uT/Pc9YmfiRAOR8qz27ht/7jBCjJVyVXaHt+FIbYEYI9HB6IH+pPgZeRni1Ndp3TFmiof 8zT6mz94UptltU0N4RVT7HscOB6uGDw= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="x8FK4xm/"; spf=pass (imf20.hostedemail.com: domain of 3D5kyZQYKCDwqcYlhaemmejc.amkjglsv-kkitYai.mpe@flex--seanjc.bounces.google.com designates 209.85.215.202 as permitted sender) smtp.mailfrom=3D5kyZQYKCDwqcYlhaemmejc.amkjglsv-kkitYai.mpe@flex--seanjc.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-563ab574cb5so663529a12.1 for ; Fri, 20 Oct 2023 08:13:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1697814800; x=1698419600; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3V/dl8/M0q65AbM9FO9EXQIgvMQ5r2H2FMc2x5re+aA=; b=x8FK4xm/e6AMI5JbD1yuqs2TlqOIDtWgqnn+eJmsmiIRf4j9MozSTPOxN1DcbfH/B0 itoDDvePweA9R0PN0YgfNH2Z96iuEFDrZ/aLI4O6/c1P+sgm7ztzTMeOcHnkktzmrTPF znhWkiC28FqZwqvxZTBgzFX0FX4JrOHDjtQVOt8slYGyuJNezUM1IgQkp2p93VF+6t86 Ku+9KoWqbGBbpOkHHZt5Gc2S7MNSkz9+s8wHygakkRZVCc/sbhSFKrESCRiX5Bam7rEQ I70bgtGWhUsfL/5IZS5XUFbfaj2FT9En+O/Xnu+fgGAtrjhIFp4OQvhmuFe6bTCjcsaT 6X+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697814800; x=1698419600; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3V/dl8/M0q65AbM9FO9EXQIgvMQ5r2H2FMc2x5re+aA=; b=W516fYOg3NY54KZkD2pwp3LlK+SYOrp5wQDWPUPyiaJMTFP1BImSYmJHYnpHbooNdE SeWesQyknZ2cp1A25EH8KM20XtzmD5KneLk3N1jB0VpwIAv5WR8D7hFNKwFw5UJabwF4 3+GAIId5gD9JWZtU49KhU1+E2x4d7nw0TuKV0/MW2N9JHR/u+aX+zydUCn36RdNFWOMx g+ysBpytK2wPt3BsIV0fvKI0Cb6VfcI+H6OYX9MNp03MA/q328x+FOTGuWilq+NDf2lt wli9UMHZI7xuiJRyFqT0LzrI0hbW73jQDQCLIrul0QCT50ScBerlyvZCJ9HsYgOXLq/s 0nmA== X-Gm-Message-State: AOJu0YzyJOwJ4uyxNH9uHkGbdtpmMWNvVAz0MSLZBxaDoI7KepuWxokC CDA09cVMU9BXZFROz4AHF3rORo4zAQQ= X-Google-Smtp-Source: AGHT+IHj2CnltiuYTZGUURvallHU7NdpsdbRO5EASAoqLjOVj8l+CRE78eMRyOyK3JHzlnarHigshf8H7dA= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:d346:b0:1c6:d25:8730 with SMTP id l6-20020a170902d34600b001c60d258730mr54330plk.0.1697814799716; Fri, 20 Oct 2023 08:13:19 -0700 (PDT) Date: Fri, 20 Oct 2023 08:13:18 -0700 In-Reply-To: Mime-Version: 1.0 References: <20231016132819.1002933-49-michael.roth@amd.com> <924b755a-977a-4476-9525-a7626d728e18@amd.com> <2034624b-579f-482e-8a7a-0dfc91740d7e@amd.com> Message-ID: Subject: Re: [PATCH v10 48/50] KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event From: Sean Christopherson To: Alexey Kardashevskiy Cc: Dionna Amalie Glaze , Michael Roth , kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, vkuznets@redhat.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, pgonda@google.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, jarkko@kernel.org, ashish.kalra@amd.com, nikunj.dadhania@amd.com, pankaj.gupta@amd.com, liam.merwick@oracle.com, zhi.a.wang@intel.com, Brijesh Singh Content-Type: text/plain; charset="us-ascii" X-Rspamd-Queue-Id: 44EAB1C000C X-Rspam-User: X-Stat-Signature: wuqam1kpgynwchnmcyb58n3saqxnof45 X-Rspamd-Server: rspam03 X-HE-Tag: 1697814801-184970 X-HE-Meta: U2FsdGVkX1//tqOTWn6KUtj9Okinhml6vIAzkEVUg+DcX3z1xwpzC+n74TmjAdUQPayyBZtwr5u6IO82mEszon8XfDKdk8HDAfYpxeojVVAmslwN9HSXLPIaXdZxcROMw/G0QdBz9EvmlrCk8lBf3fOqF1oXasTYO4S7IjVdn7Y2UnYDyxKcuqqRTzP8hK6eLI3YDUD39vR0cPoeqXRI/S5F6GpfDBjUoprK4AzoP0AnNWD0DEk/8K4+DGdSzK45xVA1yJ1aszwjhiEIW0CmY8BTaStCNNnQJZaxV3zOyvEYD7HqgA5ptv9BuW9tGpOFffy4Hw0/MBNExXH0faZTkPAXQzlj6pcejVSnascpr9jp+NqMdOXcPLASSebj3hp33FzgWgl/8ju1ALG1RTXEcG5stuixP3MYSIsswQlXGq+lgJzr+PmuAuzDGbZDoC99QEPAJYcO/ixtYLXZkD2Wr5DssR+TPYYcxA70A0+pW3x8hBr+nOqQJDQvLrT/Gfdzy17I+sSge2sF55zsG2tQlacQvC7rPiCykxK690ZNfiX5Gi8rX/rUAgxHx2qM5ZjsykY7EbWm/rWsaJEwr5wAiyVUTLRO4Yq0dQ0mrp8yEpULa+qUU4va8yS4Me5SxNQwbALqWzPLAU93/aufOsPWc/RYwQZA7cmyD9MgfpobqfQsJBL9CD7vuDS9N11KNtHe7dx2S93hx84q/KXbmdNqW6r4ZK3vUZC8aZq8vhKiSIxWVpVAGDqolqUz/uzsFFhgpNQy8UQkic8Ylnk86d6dkxZZbq9m11eeqZeY5rZjLBkq/HH9fMMlXd+/LJfIcXPwlNBYEGFvWrR+Cw4r7uREAAiI29+5Alhnm/jssPNMG/2+gExs5s9Z2l4EEFqBAsTQRfLl1+ID7a/cbbS9d+Ogi5d4rbP/Cosc2XxbYVg5wMgbPLIfOrsJGn3//E7M04dVbgW4/hlz3fWjGgTeBTX zWa7ih/Z C/74RpdlLr7jBr28X6oU4Ae8od7FuxfWc0tlBcxMhO/l0kd34gt9EpgoDZ4v43KFpeckSJTKtvEoFfx9VkqizC96nL6GiaoRYSARQTqKTyVC+wO+RrtmdMHtYeuaNFzUUxU8Z0y3ez/t1VslWKZDR8LKaXyPsFPQnFGXrNA8NKoG+uvzoyQr/WS8tlcm9kmVz5zSbHeteHxzXF+uIShV+lMrSQFaZvUcFaOvcniNswgTJYHXPR5K7RzJ+rcpYs5CPwr1OYMxAtMiQSjV9HOmWDNF/6RM3S66qBWFM6En+w5SQOaVyitRNurRws7kQOJNk1Hk88p1WLxK2gzi8S9D42vxpF7CyaKTKYOybfMfqMb89zeL2lWvFO9dWHqUSMU9bNZIJtd+JIBCBIADV6eoChMCqHOQxTIAehpjBmm+shkD013Y47rRri0iMPG9tsQR45vuMAHrZV4iAzy0e1+ZFw9Ws9TL3GlcZfXcEzgDlRkIjdqsFzvLuYY/NVJd8ANiIojvX/G4YuQp4lcJFCOZCZ1IzuO/vwt1FFzHGB3f1gT4Vj/Ei95NkLBsCzk8zGNpGJdAgoWtHjXjjcXOEXxb/luNOb471FIByrdRaNtwDt9uvLtEAcz9g74Z/NgmIlgFmnZFa X-Bogosity: Ham, tests=bogofilter, spamicity=0.035519, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Oct 20, 2023, Alexey Kardashevskiy wrote: > > On 20/10/23 11:13, Sean Christopherson wrote: > > On Fri, Oct 20, 2023, Alexey Kardashevskiy wrote: > > > Plus, GHCB now has to go via the userspace before talking to the PSP which > > > was not the case so far (though I cannot think of immediate implication > > > right now). > > > > Any argument along the lines of "because that's how we've always done it" is going > > to fall on deaf ears. If there's a real performance bottleneck with kicking out > > to userspace, then I'll happily work to figure out a solution. If. > > No, not performance, I was trying to imagine what can go wrong if multiple > vcpus are making this call, all exiting to QEMU, in a loop, racing, > something like this. I am not at all concerned about userspace being able to handle parallel requests to get a certificate. Per-vCPU exits that access global/shared resources might not be super common, but they're certainly not rare. E.g. a guest access to an option ROM can trigger memslot updates in QEMU, which requires at least taking a mutex to guard KVM_SET_USER_MEMORY_REGION, and IIRC QEMU also uses RCU to protect QEMU accesses to address spaces. Given that we know there will be scenarios where certificates are changed/updated, I wouldn't be at all surprised if handling this in userspace is actually easier as it will give userspace more control and options, and make it easier to reason about the resulting behavior. E.g. userspace could choose between a lockless scheme and a r/w lock if there's a need to ensure per-VM and global certs are updated atomically from the guest's perspective.