Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3093949iob; Fri, 6 May 2022 18:34:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyDN1S/AlruWeKncw5rbtckU20FOKi5u91pV9Sk//vvvXsc29eQNfe7TBCybN6hvK5d7Ewd X-Received: by 2002:a17:903:2c1:b0:158:f9d0:839c with SMTP id s1-20020a17090302c100b00158f9d0839cmr6383766plk.118.1651887265925; Fri, 06 May 2022 18:34:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651887265; cv=none; d=google.com; s=arc-20160816; b=o/UGape6P7ATwoVZ+iMw8aXM8s9lSelrtdRELuWfLNnaEGAizg3yN6eDlIz7zazA5a HgWQu8iOh3T9W1zsnt/9cUknRZtsBdfdb2yKi8JOxJe7lrDbgi9fxYKx7tGwHKT9bbea oQt5I95XLxwwk24lizMHNETAeUb6+75sgtV4oLP5K9qH5l5NCEthVaSgpmmXGOPMYlGu zxmP/LbqKuHsVd3kyszDOFjTa4yVu7cUdqDLOLqQG65/ydARjisRXrDRBK01M82um0e0 b5UXXyi0lD8meulYdzvZ2Jdl7ro6SSkxAzuGjKbcBdsfTBA5ftX28El/lvcMWKAV54sk eXMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=78OPiVHfntqnRbOd9M747x82Ue0+DetsVmv4PON/95U=; b=BZkGPn4tFmHW0gVedGjuIRpEWm3fLfwO5jQYmYWhvG9cXrysOJujhJxP9PFw+grl15 bq0yj7vDp8zl4aTeY1ygnH7cPzmhQ6SwQ9HcGNg/rPoTjWkih/um3tEEBnjwMolvQBkl 2fmb0oNMGZlxwRaSZCmCXMnXhAFUcjkBn5Jd106cY4ek+XptoFAhwRjM78ctkUZYL5+p AqDkxuF0bJA3fhTOwL22jzoFOK1DKa6P7zTRYy8Z+VLV2Wd5tgbjNHAeTtMvbxP2qCMN d9pcAU1w4GSdLTNfUQ+91VgG1G8zaiRoCft8mG0gaRuqqtZ9ZmVdmZCKvcBbMym0MtBs vcGQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20210112.gappssmtp.com header.s=20210112 header.b=zJdwUWEK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id il15-20020a17090b164f00b001d2865c095fsi7980444pjb.61.2022.05.06.18.34.10; Fri, 06 May 2022 18:34:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20210112.gappssmtp.com header.s=20210112 header.b=zJdwUWEK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233532AbiEFA0H (ORCPT + 99 others); Thu, 5 May 2022 20:26:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58194 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237705AbiEFA0F (ORCPT ); Thu, 5 May 2022 20:26:05 -0400 Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 662505DA6C for ; Thu, 5 May 2022 17:22:23 -0700 (PDT) Received: by mail-pj1-x102e.google.com with SMTP id z5-20020a17090a468500b001d2bc2743c4so5543634pjf.0 for ; Thu, 05 May 2022 17:22:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=78OPiVHfntqnRbOd9M747x82Ue0+DetsVmv4PON/95U=; b=zJdwUWEKBW78+NuXYF8y2nHSAnxLX7jPQLzHUIBL62jwfbrHF2xs++JGrtckXkxFxq CJpHUuISe2baxKxRRGseBtXIFiyaoOEcFw4ysBcufDVCzA0qIpc4FP402/7ZM1P6C/F4 FjW0a4MBBcMW+VHiOKTNiV0JJq1WM1W61iUN44khJ0lhOpjkrZqGsDyrwvvb6p7mUVej m9EUnxwXxiolGp1TCpG5nQOsIbJ6FDmCQaQSurQIiT0OklR9qNFBZAk5GsqfAldv0t18 2npuS5ccFS8a9tpRxlFaHL1+sG51E1eqMiCxUmpbemsdu8nt60IreiC4ibwblN2uxV03 2j2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=78OPiVHfntqnRbOd9M747x82Ue0+DetsVmv4PON/95U=; b=vcytoyXBCP3JbPgODlhAPOe0y+9C/MuWwSeqUxPoPoJvhRyy0emgR1LmncVLNYt3va j2ZCWoxAv/fhQXSvSHACUtwZmly1au32U0Z07q42kRgeifnFEQ/P7uRxFyXH7kgZUxmW f50dism5poYDrdLGYZqujZh+fdjITF4M8OuVd7BU1AkC4/W8EpvYgK2DvHaoLOvyhIeB OJ919tWbUBbB3/hANDeXrX5PdDFJ+66X/5QuGE9JRVJR4wLv/Vk4lz1x0gPYc6Ksj7w7 WQmlLohq1VxWL/6umqsM/K7Gvsv0YoXrPr61wLCDOv/AGqKuCwiISyi0HoyV9N18og3q hWHA== X-Gm-Message-State: AOAM531EDWC67839QBy0ZeWvvYxtmcWfFMnV6kP+FFTeN/XLQ9VmTD9s V1C3V5tOOCi0hcFi7pn1f44pucpWBfnpF8LYJtFm/g== X-Received: by 2002:a17:902:da8b:b0:15e:c0e8:d846 with SMTP id j11-20020a170902da8b00b0015ec0e8d846mr871765plx.34.1651796542871; Thu, 05 May 2022 17:22:22 -0700 (PDT) MIME-Version: 1.0 References: <522e37eb-68fc-35db-44d5-479d0088e43f@intel.com> <9b388f54f13b34fe684ef77603fc878952e48f87.camel@intel.com> <664f8adeb56ba61774f3c845041f016c54e0f96e.camel@intel.com> <1b681365-ef98-ec78-96dc-04e28316cf0e@intel.com> <8bf596b45f68363134f431bcc550e16a9a231b80.camel@intel.com> <6bb89ca6e7346f4334f06ea293f29fd12df70fe4.camel@intel.com> In-Reply-To: From: Dan Williams Date: Thu, 5 May 2022 17:22:11 -0700 Message-ID: Subject: Re: [PATCH v3 00/21] TDX host kernel support To: Kai Huang Cc: Dave Hansen , Linux Kernel Mailing List , KVM list , Sean Christopherson , Paolo Bonzini , "Brown, Len" , "Luck, Tony" , Rafael J Wysocki , Reinette Chatre , Peter Zijlstra , Andi Kleen , "Kirill A. Shutemov" , Kuppuswamy Sathyanarayanan , Isaku Yamahata , Mike Rapoport Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 5, 2022 at 3:14 PM Kai Huang wrote: > > Thanks for feedback! > > On Thu, 2022-05-05 at 06:51 -0700, Dan Williams wrote: > > [ add Mike ] > > > > > > On Thu, May 5, 2022 at 2:54 AM Kai Huang wrote: > > [..] > > > > > > Hi Dave, > > > > > > Sorry to ping (trying to close this). > > > > > > Given we don't need to consider kmem-hot-add legacy PMEM after TDX module > > > initialization, I think for now it's totally fine to exclude legacy PMEMs from > > > TDMRs. The worst case is when someone tries to use them as TD guest backend > > > directly, the TD will fail to create. IMO it's acceptable, as it is supposedly > > > that no one should just use some random backend to run TD. > > > > The platform will already do this, right? > > > > In the current v3 implementation, we don't have any code to handle memory > hotplug, therefore nothing prevents people from adding legacy PMEMs as system > RAM using kmem driver. In order to guarantee all pages managed by page That's the fundamental question I am asking why is "guarantee all pages managed by page allocator are TDX memory". That seems overkill compared to indicating the incompatibility after the fact. > allocator are all TDX memory, the v3 implementation needs to always include > legacy PMEMs as TDX memory so that even people truly add legacy PMEMs as system > RAM, we can still guarantee all pages in page allocator are TDX memory. Why? > Of course, a side benefit of always including legacy PMEMs is people > theoretically can use them directly as TD guest backend, but this is just a > bonus but not something that we need to guarantee. > > > > I don't understand why this > > is trying to take proactive action versus documenting the error > > conditions and steps someone needs to take to avoid unconvertible > > memory. There is already the CONFIG_HMEM_REPORTING that describes > > relative performance properties between initiators and targets, it > > seems fitting to also add security properties between initiators and > > targets so someone can enumerate the numa-mempolicy that avoids > > unconvertible memory. > > I don't think there's anything related to performance properties here. The only > goal here is to make sure all pages in page allocator are TDX memory pages. Please reconsider or re-clarify that goal. > > > > > No, special casing in hotplug code paths needed. > > > > > > > > I think w/o needing to include legacy PMEM, it's better to get all TDX memory > > > blocks based on memblock, but not e820. The pages managed by page allocator are > > > from memblock anyway (w/o those from memory hotplug). > > > > > > And I also think it makes more sense to introduce 'tdx_memblock' and > > > 'tdx_memory' data structures to gather all TDX memory blocks during boot when > > > memblock is still alive. When TDX module is initialized during runtime, TDMRs > > > can be created based on the 'struct tdx_memory' which contains all TDX memory > > > blocks we gathered based on memblock during boot. This is also more flexible to > > > support other TDX memory from other sources such as CLX memory in the future. > > > > > > Please let me know if you have any objection? Thanks! > > > > It's already the case that x86 maintains sideband structures to > > preserve memory after exiting the early memblock code. > > > > May I ask what data structures are you referring to? struct numa_meminfo. > Btw, the purpose of 'tdx_memblock' and 'tdx_memory' is not only just to preserve > memblock info during boot. It is also used to provide a common data structure > that the "constructing TDMRs" code can work on. If you look at patch 11-14, the > logic (create TDMRs, allocate PAMTs, sets up reserved areas) around how to > construct TDMRs doesn't have hard dependency on e820. If we construct TDMRs > based on a common 'tdx_memory' like below: > > int construct_tdmrs(struct tdx_memory *tmem, ...); > > It would be much easier to support other TDX memory resources in the future. "in the future" is a prompt to ask "Why not wait until that future / need arrives before adding new infrastructure?" > The thing I am not sure is Dave wants to keep the code minimal (as this series > is already very big in terms of LoC) to make TDX running, and for now in > practice there's only system RAM during boot is TDX capable, so I am not sure we > should introduce those structures now. > > > Mike, correct > > me if I am wrong, but adding more is less desirable than just keeping > > the memblock around?