Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp314561iob; Thu, 28 Apr 2022 03:06:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzBCziwfQ82hQ+CkROXGcP1r1Lb+mYKmjHcfgXvW+qi3hoeoitc8nkQoMl11TY/9yiN48TF X-Received: by 2002:a17:903:1d0:b0:15c:f02f:d2d6 with SMTP id e16-20020a17090301d000b0015cf02fd2d6mr25325785plh.77.1651140379246; Thu, 28 Apr 2022 03:06:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651140379; cv=none; d=google.com; s=arc-20160816; b=FkrCVuimOvan/e8S+oprpOdCdjvLplWmpkg/lKM1a6z4w3RDXaF0btHAqP6yUqU1UH WPI/o7uoKPXCpdYPpThdPEiE+pnUzmh9NiUEe1SKBi+1AXutNx42BCEU9hNXe27FsbWe Bp9YfyOkU5lSw1al5Tmm6KZwCyB1s4tKjjEcWJj9HqauO9Li6f9VyfAyPO2nxegMhvzv LoxfgFFq9uRc+D0gVKOVU895zvah9U5v2SExtvK7+ldB0JqFtfffzmQw2Lo0IqPDkpx7 A2fqgDbsPZcVmH/pVlcfVtPPbHJXsux9oMw/iCZJZYyUJed1GGjp5vGCOwbMg3X/RF75 E5EQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=yQbarXm1rkLkOU3eWdHEGdgpeeJGd/he1hVVND9t4ac=; b=0PmUyHq3mgPMhF7q6IWpXKiANLjDMowK7BWeHxXf62uh6zSxfNcW2wd9AStcdzl4jn NimcoqTBT9MZ5S2wEy7cD3N9BJBtDwSUST4ncKwr1Yi8iAU6vfuVfnyfbfTR7/CgJ6+r 4+gxeuaThyJlRndsR0x8pIe08gNhqOhADVrWE+tAIQiGTBjT26EV4toqcIWCLfDnxNYq zgCN8AyhRA8q0wZoWDyuWQyeRthr3roKKpGakzl1Tjl/zQZlHYsGlSnEnCCDydjwVWn9 yB6XyvCBxFCNDhHvdqPFEdkAijzPfDpsTXvyULdfB/0FP8beKeHWHFGUQ2kwmZ0IsJZE BurA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=MIKPzHJq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id rj10-20020a17090b3e8a00b001d991dfad30si7348174pjb.153.2022.04.28.03.06.05; Thu, 28 Apr 2022 03:06:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=MIKPzHJq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240431AbiD1BZE (ORCPT + 99 others); Wed, 27 Apr 2022 21:25:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233607AbiD1BZC (ORCPT ); Wed, 27 Apr 2022 21:25:02 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3CFD68BF02; Wed, 27 Apr 2022 18:21:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651108910; x=1682644910; h=message-id:subject:from:to:cc:date:in-reply-to: references:mime-version:content-transfer-encoding; bh=r5hrV7mZOtCpu7DBMAczG1A8dnsdM0A81gJCQHLw+9c=; b=MIKPzHJqS99px1iAAQ6m2CBgaWw+mZFkFMSmMWPUT9/gKhGgrbBrFLtV Z4qlry7Bka7CkEtXEAOH8BGZrvFZuM91rMS3SqKuxwVqIjCHVfqSAhvN8 3biOgn7jaBdC+ZFOSHMrsrczWiXAoK3qRhltFzNbUZdn7phJV4pPpFQzi M99Bz/t0MS5G+bGVa0WdtmAguB2JNIMFebdkYvEhe0sY6LzHqE7VVIOnI rwr+VSywGTJKwQfm1VsVpc8WIqXknXpQFSvnhTXcuaTw9RrrptYNQ79Lu 0vrKOZtX44fxMPdt1oMF5nLv2WZaRRqLlGWklLFdcn5DR3/O8F5CK+yEP Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10330"; a="265936800" X-IronPort-AV: E=Sophos;i="5.90,294,1643702400"; d="scan'208";a="265936800" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2022 18:21:48 -0700 X-IronPort-AV: E=Sophos;i="5.90,294,1643702400"; d="scan'208";a="559328068" Received: from rrnambia-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.60.78]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Apr 2022 18:21:44 -0700 Message-ID: Subject: Re: [PATCH v3 00/21] TDX host kernel support From: Kai Huang To: Dan Williams , Dave Hansen Cc: Linux Kernel Mailing List , KVM list , Sean Christopherson , Paolo Bonzini , "Brown, Len" , "Luck, Tony" , Rafael J Wysocki , Reinette Chatre , Peter Zijlstra , Andi Kleen , "Kirill A. Shutemov" , Kuppuswamy Sathyanarayanan , Isaku Yamahata Date: Thu, 28 Apr 2022 13:21:42 +1200 In-Reply-To: References: <522e37eb-68fc-35db-44d5-479d0088e43f@intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2022-04-27 at 18:01 -0700, Dan Williams wrote: > On Tue, Apr 26, 2022 at 1:10 PM Dave Hansen wrote: > [..] > > > 3. Memory hotplug > > > > > > The first generation of TDX architecturally doesn't support memory > > > hotplug. And the first generation of TDX-capable platforms don't support > > > physical memory hotplug. Since it physically cannot happen, this series > > > doesn't add any check in ACPI memory hotplug code path to disable it. > > > > > > A special case of memory hotplug is adding NVDIMM as system RAM using > > Saw "NVDIMM" mentioned while browsing this, so stopped to make a comment... > > > > kmem driver. However the first generation of TDX-capable platforms > > > cannot enable TDX and NVDIMM simultaneously, so in practice this cannot > > > happen either. > > > > What prevents this code from today's code being run on tomorrow's > > platforms and breaking these assumptions? > > The assumption is already broken today with NVDIMM-N. The lack of > DDR-T support on TDX enabled platforms has zero effect on DDR-based > persistent memory solutions. In other words, please describe the > actual software and hardware conflicts at play here, and do not make > the mistake of assuming that "no DDR-T support on TDX platforms" == > "no NVDIMM support". Sorry I got this information from planning team or execution team I guess. I was told NVDIMM and TDX cannot "co-exist" on the first generation of TDX capable machine. "co-exist" means they cannot be turned on simultaneously on the same platform. I am also not aware NVDIMM-N, nor the difference between DDR based and DDR-T based persistent memory. Could you give some more background here so I can take a look? > > > > Another case is admin can use 'memmap' kernel command line to create > > > legacy PMEMs and use them as TD guest memory, or theoretically, can use > > > kmem driver to add them as system RAM. To avoid having to change memory > > > hotplug code to prevent this from happening, this series always include > > > legacy PMEMs when constructing TDMRs so they are also TDX memory. > > I am not sure what you are trying to say here? We want to always make sure the memory managed by page allocator is TDX memory. So if the legacy PMEMs are unconditionally configured as TDX memory, then we don't need to prevent them from being added as system memory via kmem driver. > > > > 4. CPU hotplug > > > > > > The first generation of TDX architecturally doesn't support ACPI CPU > > > hotplug. All logical cpus are enabled by BIOS in MADT table. Also, the > > > first generation of TDX-capable platforms don't support ACPI CPU hotplug > > > either. Since this physically cannot happen, this series doesn't add any > > > check in ACPI CPU hotplug code path to disable it. > > What are the actual challenges posed to TDX with respect to CPU hotplug? During the TDX module initialization, there is a step to call SEAMCALL on all logical cpus to initialize per-cpu TDX staff. TDX doesn't support initializing the new hot-added CPUs after the initialization. There are MCHECK/BIOS changes to enforce this check too I guess but I don't know details about this. > > > > Also, only TDX module initialization requires all BIOS-enabled cpus are > > Please define "BIOS-enabled" cpus. There is no "BIOS-enabled" line in > /proc/cpuinfo for example. It means the CPUs with "enable" bit set in the MADT table. -- Thanks, -Kai