Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp3364086iog; Mon, 27 Jun 2022 14:35:27 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v36fZCPAtSealZ5Tb5aVz+WLQGz/9FROFrRWXY5APpnlmZpedeKLsOK/TcFCeVfyrwsPPP X-Received: by 2002:a63:2a92:0:b0:40d:2013:9cee with SMTP id q140-20020a632a92000000b0040d20139ceemr14146707pgq.546.1656365727279; Mon, 27 Jun 2022 14:35:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656365727; cv=none; d=google.com; s=arc-20160816; b=SrYxsi4WYPRWrwp41zrbjhHSqJUnOFOia9tTOqzJZHlHNnCkVpfo/rXDyoOB1TLAK2 /alDXsaK3R33HfjPZpKYp1C2bB9UXjzl4ttgVl87CGggT6DOFdgnnw74a4IvP2JqMOiv d1icxBwpf1sEv4/J1QlxLhDPf4te0IvH4lEQfQmEGW0tt7/YYVca0le5dEMISUjbQzCB beBL6UBVBjC2au0sjYWG7nEcHiHlds30bJfde48WPT3aRxeOyk7qI67uhjtIWQS957Nj K1X0KMBidChTLY8VN9vZKd7yJLOtPx2GXg559cKbEIWC4GLUH47uTDHf7kZdaJIGzLGq 51Hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=x4NdZG9B1+e41Chg8gqoVDi6JZqGK6kuiTUA8Cu8RK0=; b=Ibi20Nzbi2kBTIoZpfOatrE+VVmzx58EvVgguWXWqD9B+6vmiXLwNKslTtfeJG77bS BGM0X9rORQ5MhkibWTZEtbWc/vGrK9n8yAFn704uFZTIScWKMn3owJEI+nHysqUA9xTh PONidI5O0IZ7hqt1Kp2TZABL0queAT4Igeq5JRZ9cvcEoL+63gAcGdidobzxKn3Xo5yO CjFvunVUs1fLzfKdHnd9t9EMQ4FDGWlsTiCcIfSqHX8m48Id9xIvwHMPhUDCXgRwurOG Wjra33tLs+MxmEFxeuqpbGc6z8iV2/cIzVRcVv81YLk/Zm3gfsz6GpcTEa0Vu7pLc6jY PqhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=PTRCsYMF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lp5-20020a17090b4a8500b001ed1871bb53si15823573pjb.2.2022.06.27.14.35.14; Mon, 27 Jun 2022 14:35:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=PTRCsYMF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238130AbiF0U7i (ORCPT + 99 others); Mon, 27 Jun 2022 16:59:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239653AbiF0U7g (ORCPT ); Mon, 27 Jun 2022 16:59:36 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 290845FD5; Mon, 27 Jun 2022 13:59:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1656363575; x=1687899575; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=Qlh2pWlwHqBy4thP9knrY3EK29U5a83tGaMLEWAlvBo=; b=PTRCsYMFkf0MBbsG6QK1IcSOcg0iK0AYE0g60CcsyJwIM5a7TuRjZU2D m7sI24Q61lKqEL8kX4wuDEC2KwloyxMGs28AfBKaJ0Frewu2+30zKvwdD /xCYlbqVXj46zwd8ZIhrjIWu7yLkqRiNwi19nu3nfifDe/Js3+uzHl+QW YLKd24Xbbs6vctqVYOfka8/Ki4mcV5tnOrxfJTxwi/PlQl0QG7f4H8WG1 Uf5KjmcLeTJK1h7G/b6ypEa8uOvMpWTUDnoP4yqogjDDkMXuwWxTOlBZU 5OOZOvn/+F7MrVnVknETgj2HpO+XmZFJcQ1m0wZa9yJS2i/rua2kn5CpT g==; X-IronPort-AV: E=McAfee;i="6400,9594,10391"; a="282295696" X-IronPort-AV: E=Sophos;i="5.92,227,1650956400"; d="scan'208";a="282295696" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jun 2022 13:59:34 -0700 X-IronPort-AV: E=Sophos;i="5.92,227,1650956400"; d="scan'208";a="732476412" Received: from jsagoe-mobl1.amr.corp.intel.com (HELO [10.209.12.66]) ([10.209.12.66]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jun 2022 13:59:33 -0700 Message-ID: <84e93539-a2f9-f68e-416a-ea3d8fc725af@intel.com> Date: Mon, 27 Jun 2022 13:58:35 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1 Subject: Re: [PATCH v5 07/22] x86/virt/tdx: Implement SEAMCALL function Content-Language: en-US To: Kai Huang , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, len.brown@intel.com, tony.luck@intel.com, rafael.j.wysocki@intel.com, reinette.chatre@intel.com, dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, isaku.yamahata@intel.com References: <095e6bbc57b4470e1e9a9104059a5238c9775f00.1655894131.git.kai.huang@intel.com> <069a062e-a4a6-09af-7b74-7f4929f2ec0b@intel.com> <5ce7ebfe54160ea35e432bf50207ebed32db31fc.camel@intel.com> From: Dave Hansen In-Reply-To: <5ce7ebfe54160ea35e432bf50207ebed32db31fc.camel@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/26/22 22:23, Kai Huang wrote: > On Fri, 2022-06-24 at 11:38 -0700, Dave Hansen wrote: >> On 6/22/22 04:16, Kai Huang wrote: >>> SEAMCALL instruction causes #GP when SEAMRR isn't enabled, and #UD when >>> CPU is not in VMX operation. The TDX_MODULE_CALL macro doesn't handle >>> SEAMCALL exceptions. Leave to the caller to guarantee those conditions >>> before calling __seamcall(). >> >> I was trying to make the argument earlier that you don't need *ANY* >> detection for TDX, other than the ability to make a SEAMCALL. >> Basically, patch 01/22 could go away. ... >> So what does patch 01/22 buy us? One EXTABLE entry? > > There are below pros if we can detect whether TDX is enabled by BIOS during boot > before initializing the TDX Module: > > 1) There are requirements from customers to report whether platform supports TDX > and the TDX keyID numbers before initializing the TDX module so the userspace > cloud software can use this information to do something. Sorry I cannot find > the lore link now. Never listen to customers literally. It'll just lead you down the wrong path. They told you, "we need $FOO in dmesg" and you ran with it without understanding why. The fact that you even *need* to find the lore link is because you didn't bother to realize what they really needed. dmesg is not ABI. It's for humans. If you need data out of the kernel, do it with a *REAL* ABI. Not dmesg. > 2) As you can see, it can be used to handle ACPI CPU/memory hotplug and driver > managed memory hotplug. Kexec() support patch also can use it. > > Particularly, in concept, ACPI CPU/memory hotplug is only related to whether TDX > is enabled by BIOS, but not whether TDX module is loaded, or the result of > initializing the TDX module. So I think we should have some code to detect TDX > during boot. This is *EXACTLY* why our colleagues at Intel needs to tell us about what the OS and firmware should do when TDX is in varying states of decay. Does the mere presence of the TDX module prevent hotplug? Or, if a system has the TDX module loaded but no intent to ever use TDX, why can't it just use hotplug like a normal system which is not addled with the TDX albatross around its neck? > Also, it seems adding EXTABLE to TDX_MODULE_CALL doesn't have significantly less > code comparing to detecting TDX during boot: It depends on a bunch of things. It might only be a line or two of assembly. If you actually went and tried it, you might be able to convince me it's a bad idea.