From: Nikolay Borisov <nik.borisov@suse.com>
To: kirill.shutemov@linux.intel.com, Kai Huang <kai.huang@intel.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
linux-mm@kvack.org, x86@kernel.org, dave.hansen@intel.com,
tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de,
bp@alien8.de, mingo@redhat.com, hpa@zytor.com, seanjc@google.com,
pbonzini@redhat.com, david@redhat.com, dan.j.williams@intel.com,
rafael.j.wysocki@intel.com, ashok.raj@intel.com,
reinette.chatre@intel.com, len.brown@intel.com,
ak@linux.intel.com, isaku.yamahata@intel.com,
ying.huang@intel.com, chao.gao@intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com,
sagis@google.com, imammedo@redhat.com
Subject: Re: [PATCH v12 18/22] x86/virt/tdx: Keep TDMRs when module initialization is successful
Date: Wed, 28 Jun 2023 15:48:15 +0300 [thread overview]
Message-ID: <fd7e5b2b-57ca-efcb-9295-29dfb41cc061@suse.com> (raw)
In-Reply-To: <20230628122342.zdnqsgnugalqj6ix@box.shutemov.name>
On 28.06.23 г. 15:23 ч., kirill.shutemov@linux.intel.com wrote:
> On Tue, Jun 27, 2023 at 02:12:48AM +1200, Kai Huang wrote:
>> On the platforms with the "partial write machine check" erratum, the
>> kexec() needs to convert all TDX private pages back to normal before
>> booting to the new kernel. Otherwise, the new kernel may get unexpected
>> machine check.
>>
>> There's no existing infrastructure to track TDX private pages. Change
>> to keep TDMRs when module initialization is successful so that they can
>> be used to find PAMTs.
>>
>> With this change, only put_online_mems() and freeing the buffer of the
>> TDSYSINFO_STRUCT and CMR array still need to be done even when module
>> initialization is successful. Adjust the error handling to explicitly
>> do them when module initialization is successful and unconditionally
>> clean up the rest when initialization fails.
>>
>> Signed-off-by: Kai Huang <kai.huang@intel.com>
>> ---
>>
>> v11 -> v12 (new patch):
>> - Defer keeping TDMRs logic to this patch for better review
>> - Improved error handling logic (Nikolay/Kirill in patch 15)
>>
>> ---
>> arch/x86/virt/vmx/tdx/tdx.c | 84 ++++++++++++++++++-------------------
>> 1 file changed, 42 insertions(+), 42 deletions(-)
>>
>> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
>> index 52b7267ea226..85b24b2e9417 100644
>> --- a/arch/x86/virt/vmx/tdx/tdx.c
>> +++ b/arch/x86/virt/vmx/tdx/tdx.c
>> @@ -49,6 +49,8 @@ static DEFINE_MUTEX(tdx_module_lock);
>> /* All TDX-usable memory regions. Protected by mem_hotplug_lock. */
>> static LIST_HEAD(tdx_memlist);
>>
>> +static struct tdmr_info_list tdx_tdmr_list;
>> +
>> /*
>> * Wrapper of __seamcall() to convert SEAMCALL leaf function error code
>> * to kernel error code. @seamcall_ret and @out contain the SEAMCALL
>> @@ -1047,7 +1049,6 @@ static int init_tdmrs(struct tdmr_info_list *tdmr_list)
>> static int init_tdx_module(void)
>> {
>> struct tdsysinfo_struct *sysinfo;
>> - struct tdmr_info_list tdmr_list;
>> struct cmr_info *cmr_array;
>> int ret;
>>
>> @@ -1088,17 +1089,17 @@ static int init_tdx_module(void)
>> goto out_put_tdxmem;
>>
>> /* Allocate enough space for constructing TDMRs */
>> - ret = alloc_tdmr_list(&tdmr_list, sysinfo);
>> + ret = alloc_tdmr_list(&tdx_tdmr_list, sysinfo);
>> if (ret)
>> goto out_free_tdxmem;
>>
>> /* Cover all TDX-usable memory regions in TDMRs */
>> - ret = construct_tdmrs(&tdx_memlist, &tdmr_list, sysinfo);
>> + ret = construct_tdmrs(&tdx_memlist, &tdx_tdmr_list, sysinfo);
>> if (ret)
>> goto out_free_tdmrs;
>>
>> /* Pass the TDMRs and the global KeyID to the TDX module */
>> - ret = config_tdx_module(&tdmr_list, tdx_global_keyid);
>> + ret = config_tdx_module(&tdx_tdmr_list, tdx_global_keyid);
>> if (ret)
>> goto out_free_pamts;
>>
>> @@ -1118,51 +1119,50 @@ static int init_tdx_module(void)
>> goto out_reset_pamts;
>>
>> /* Initialize TDMRs to complete the TDX module initialization */
>> - ret = init_tdmrs(&tdmr_list);
>> + ret = init_tdmrs(&tdx_tdmr_list);
>> + if (ret)
>> + goto out_reset_pamts;
>> +
>> + pr_info("%lu KBs allocated for PAMT.\n",
>> + tdmrs_count_pamt_kb(&tdx_tdmr_list));
>> +
>> + /*
>> + * @tdx_memlist is written here and read at memory hotplug time.
>> + * Lock out memory hotplug code while building it.
>> + */
>> + put_online_mems();
>> + /*
>> + * For now both @sysinfo and @cmr_array are only used during
>> + * module initialization, so always free them.
>> + */
>> + free_page((unsigned long)sysinfo);
>> +
>> + return 0;
>> out_reset_pamts:
>> - if (ret) {
>> - /*
>> - * Part of PAMTs may already have been initialized by the
>> - * TDX module. Flush cache before returning PAMTs back
>> - * to the kernel.
>> - */
>> - wbinvd_on_all_cpus();
>> - /*
>> - * According to the TDX hardware spec, if the platform
>> - * doesn't have the "partial write machine check"
>> - * erratum, any kernel read/write will never cause #MC
>> - * in kernel space, thus it's OK to not convert PAMTs
>> - * back to normal. But do the conversion anyway here
>> - * as suggested by the TDX spec.
>> - */
>> - tdmrs_reset_pamt_all(&tdmr_list);
>> - }
>> + /*
>> + * Part of PAMTs may already have been initialized by the
>> + * TDX module. Flush cache before returning PAMTs back
>> + * to the kernel.
>> + */
>> + wbinvd_on_all_cpus();
>> + /*
>> + * According to the TDX hardware spec, if the platform
>> + * doesn't have the "partial write machine check"
>> + * erratum, any kernel read/write will never cause #MC
>> + * in kernel space, thus it's OK to not convert PAMTs
>> + * back to normal. But do the conversion anyway here
>> + * as suggested by the TDX spec.
>> + */
>> + tdmrs_reset_pamt_all(&tdx_tdmr_list);
>> out_free_pamts:
>> - if (ret)
>> - tdmrs_free_pamt_all(&tdmr_list);
>> - else
>> - pr_info("%lu KBs allocated for PAMT.\n",
>> - tdmrs_count_pamt_kb(&tdmr_list));
>> + tdmrs_free_pamt_all(&tdx_tdmr_list);
>> out_free_tdmrs:
>> - /*
>> - * Always free the buffer of TDMRs as they are only used during
>> - * module initialization.
>> - */
>> - free_tdmr_list(&tdmr_list);
>> + free_tdmr_list(&tdx_tdmr_list);
>> out_free_tdxmem:
>> - if (ret)
>> - free_tdx_memlist(&tdx_memlist);
>> + free_tdx_memlist(&tdx_memlist);
>> out_put_tdxmem:
>> - /*
>> - * @tdx_memlist is written here and read at memory hotplug time.
>> - * Lock out memory hotplug code while building it.
>> - */
>> put_online_mems();
>> out:
>> - /*
>> - * For now both @sysinfo and @cmr_array are only used during
>> - * module initialization, so always free them.
>> - */
>> free_page((unsigned long)sysinfo);
>> return ret;
>> }
>
> This diff is extremely hard to follow, but I think the change to error
> handling Nikolay proposed has to be applied to the function from the
> beginning, not changed drastically in this patch.
>
I agree. That change should be broken across the various patches
introducing each piece of error handling.
next prev parent reply other threads:[~2023-06-28 12:48 UTC|newest]
Thread overview: 159+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-26 14:12 [PATCH v12 00/22] TDX host kernel support Kai Huang
2023-06-26 14:12 ` [PATCH v12 01/22] x86/tdx: Define TDX supported page sizes as macros Kai Huang
2023-06-26 14:12 ` [PATCH v12 02/22] x86/virt/tdx: Detect TDX during kernel boot Kai Huang
2023-06-26 14:12 ` [PATCH v12 03/22] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC Kai Huang
2023-06-26 14:12 ` [PATCH v12 04/22] x86/cpu: Detect TDX partial write machine check erratum Kai Huang
2023-06-29 11:22 ` David Hildenbrand
2023-06-26 14:12 ` [PATCH v12 05/22] x86/virt/tdx: Add SEAMCALL infrastructure Kai Huang
2023-06-27 9:48 ` kirill.shutemov
2023-06-27 10:28 ` Huang, Kai
2023-06-27 11:36 ` kirill.shutemov
2023-06-28 0:19 ` Isaku Yamahata
2023-06-28 3:09 ` Chao Gao
2023-06-28 3:34 ` Huang, Kai
2023-06-28 11:50 ` kirill.shutemov
2023-06-28 23:31 ` Huang, Kai
2023-06-29 11:25 ` David Hildenbrand
2023-06-28 12:58 ` Peter Zijlstra
2023-06-28 13:54 ` Peter Zijlstra
2023-06-28 23:25 ` Huang, Kai
2023-06-29 10:15 ` kirill.shutemov
2023-06-28 23:21 ` Huang, Kai
2023-06-29 3:40 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 06/22] x86/virt/tdx: Handle SEAMCALL running out of entropy error Kai Huang
2023-06-28 13:02 ` Peter Zijlstra
2023-06-28 23:30 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand Kai Huang
2023-06-26 21:21 ` Sathyanarayanan Kuppuswamy
2023-06-27 10:37 ` Huang, Kai
2023-06-27 9:50 ` kirill.shutemov
2023-06-27 10:34 ` Huang, Kai
2023-06-27 12:18 ` kirill.shutemov
2023-06-27 22:37 ` Huang, Kai
2023-06-28 0:28 ` Huang, Kai
2023-06-28 11:55 ` kirill.shutemov
2023-06-28 13:35 ` Peter Zijlstra
2023-06-29 0:15 ` Huang, Kai
2023-06-30 9:22 ` Peter Zijlstra
2023-06-30 10:09 ` Huang, Kai
2023-06-30 18:42 ` Isaku Yamahata
2023-07-01 8:15 ` Huang, Kai
2023-06-28 0:31 ` Isaku Yamahata
2023-06-28 13:04 ` Peter Zijlstra
2023-06-29 0:00 ` Huang, Kai
2023-06-30 9:25 ` Peter Zijlstra
2023-06-30 9:48 ` Huang, Kai
2023-06-28 13:08 ` Peter Zijlstra
2023-06-29 0:08 ` Huang, Kai
2023-06-28 13:17 ` Peter Zijlstra
2023-06-29 0:10 ` Huang, Kai
2023-06-30 9:26 ` Peter Zijlstra
2023-06-30 9:55 ` Huang, Kai
2023-06-30 18:30 ` Peter Zijlstra
2023-06-30 19:05 ` Isaku Yamahata
2023-06-30 21:24 ` Sean Christopherson
2023-06-30 21:58 ` Dan Williams
2023-06-30 23:13 ` Dave Hansen
2023-07-03 10:38 ` Peter Zijlstra
2023-07-03 10:49 ` Peter Zijlstra
2023-07-03 14:40 ` Dave Hansen
2023-07-03 15:03 ` Peter Zijlstra
2023-07-03 15:26 ` Dave Hansen
2023-07-03 17:55 ` kirill.shutemov
2023-07-03 18:26 ` Dave Hansen
2023-07-05 7:14 ` Peter Zijlstra
2023-07-04 16:58 ` Peter Zijlstra
2023-07-04 21:50 ` Huang, Kai
2023-07-05 7:16 ` Peter Zijlstra
2023-07-05 7:54 ` Huang, Kai
2023-07-05 14:34 ` Dave Hansen
2023-07-05 14:57 ` Peter Zijlstra
2023-07-06 14:49 ` Dave Hansen
2023-07-10 17:58 ` Sean Christopherson
2023-06-29 11:31 ` David Hildenbrand
2023-06-29 22:58 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 08/22] x86/virt/tdx: Get information about TDX module and TDX-capable memory Kai Huang
2023-06-27 9:51 ` kirill.shutemov
2023-06-27 10:45 ` Huang, Kai
2023-06-27 11:37 ` kirill.shutemov
2023-06-27 11:46 ` Huang, Kai
2023-06-28 14:10 ` Peter Zijlstra
2023-06-29 9:15 ` Huang, Kai
2023-06-30 9:34 ` Peter Zijlstra
2023-06-30 9:58 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 09/22] x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory Kai Huang
2023-06-28 14:17 ` Peter Zijlstra
2023-06-29 0:57 ` Huang, Kai
2023-07-11 11:38 ` David Hildenbrand
2023-07-11 12:27 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 10/22] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions Kai Huang
2023-06-26 14:12 ` [PATCH v12 11/22] x86/virt/tdx: Fill out " Kai Huang
2023-07-04 7:28 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 12/22] x86/virt/tdx: Allocate and set up PAMTs for TDMRs Kai Huang
2023-06-27 9:51 ` kirill.shutemov
2023-07-04 7:40 ` Yuan Yao
2023-07-04 8:59 ` Huang, Kai
2023-07-11 11:42 ` David Hildenbrand
2023-07-11 11:49 ` Huang, Kai
2023-07-11 11:55 ` David Hildenbrand
2023-06-26 14:12 ` [PATCH v12 13/22] x86/virt/tdx: Designate reserved areas for all TDMRs Kai Huang
2023-07-05 5:29 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 14/22] x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID Kai Huang
2023-07-05 6:49 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 15/22] x86/virt/tdx: Configure global KeyID on all packages Kai Huang
2023-07-05 8:13 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 16/22] x86/virt/tdx: Initialize all TDMRs Kai Huang
2023-07-06 5:31 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 17/22] x86/kexec: Flush cache of TDX private memory Kai Huang
2023-06-26 14:12 ` [PATCH v12 18/22] x86/virt/tdx: Keep TDMRs when module initialization is successful Kai Huang
2023-06-28 9:04 ` Nikolay Borisov
2023-06-29 1:03 ` Huang, Kai
2023-06-28 12:23 ` kirill.shutemov
2023-06-28 12:48 ` Nikolay Borisov [this message]
2023-06-29 0:24 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 19/22] x86/kexec(): Reset TDX private memory on platforms with TDX erratum Kai Huang
2023-06-28 9:20 ` Nikolay Borisov
2023-06-29 0:32 ` Dave Hansen
2023-06-29 0:58 ` Huang, Kai
2023-06-29 3:19 ` Huang, Kai
2023-06-29 5:38 ` Huang, Kai
2023-06-29 9:45 ` Huang, Kai
2023-06-29 9:48 ` Nikolay Borisov
2023-06-28 12:29 ` kirill.shutemov
2023-06-29 0:27 ` Huang, Kai
2023-07-07 4:01 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 20/22] x86/virt/tdx: Allow SEAMCALL to handle #UD and #GP Kai Huang
2023-06-28 12:32 ` kirill.shutemov
2023-06-28 15:29 ` Peter Zijlstra
2023-06-28 20:38 ` Peter Zijlstra
2023-06-28 21:11 ` Peter Zijlstra
2023-06-28 21:16 ` Peter Zijlstra
2023-06-30 9:03 ` kirill.shutemov
2023-06-30 10:02 ` Huang, Kai
2023-06-30 10:22 ` kirill.shutemov
2023-06-30 11:06 ` Huang, Kai
2023-06-29 10:33 ` Huang, Kai
2023-06-30 10:06 ` Peter Zijlstra
2023-06-30 10:18 ` Huang, Kai
2023-06-30 15:16 ` Dave Hansen
2023-07-01 8:16 ` Huang, Kai
2023-06-30 10:21 ` Peter Zijlstra
2023-06-30 11:05 ` Huang, Kai
2023-06-30 12:06 ` Peter Zijlstra
2023-06-30 15:14 ` Peter Zijlstra
2023-07-03 12:15 ` Huang, Kai
2023-07-05 10:21 ` Peter Zijlstra
2023-07-05 11:34 ` Huang, Kai
2023-07-05 12:19 ` Peter Zijlstra
2023-07-05 12:53 ` Huang, Kai
2023-07-05 20:56 ` Isaku Yamahata
2023-07-05 12:21 ` Peter Zijlstra
2023-06-29 11:16 ` kirill.shutemov
2023-06-29 10:00 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 21/22] x86/mce: Improve error log of kernel space TDX #MC due to erratum Kai Huang
2023-06-28 12:38 ` kirill.shutemov
2023-07-07 7:26 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 22/22] Documentation/x86: Add documentation for TDX host support Kai Huang
2023-06-28 7:04 ` [PATCH v12 00/22] TDX host kernel support Yuan Yao
2023-06-28 8:12 ` Huang, Kai
2023-06-29 1:01 ` Yuan Yao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fd7e5b2b-57ca-efcb-9295-29dfb41cc061@suse.com \
--to=nik.borisov@suse.com \
--cc=ak@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=bagasdotme@gmail.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=reinette.chatre@intel.com \
--cc=sagis@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox