Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp5661245rwb; Tue, 22 Nov 2022 03:15:29 -0800 (PST) X-Google-Smtp-Source: AA0mqf6Cb4a7nHtPuh5Jer+YOayF53CutmQRC0BTtF10YHFzf59Ke98s3qTSu1ZMfMSiZmdCcz83 X-Received: by 2002:aa7:c30c:0:b0:469:80b7:a16a with SMTP id l12-20020aa7c30c000000b0046980b7a16amr7575504edq.306.1669115729734; Tue, 22 Nov 2022 03:15:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669115729; cv=none; d=google.com; s=arc-20160816; b=Io9P0ywMG3KvGkr9jGghehtxr5OkoEOA45t9fiHJ4VAVS+Z/qjnq6/1ih5iLNA/ZKV EK18PgVBsjYBeNUEzlRBCiUectkAV8VC9B/Q4Drqww0UzuGhGeamsj1vIUt5slk1nrxR Q0yLGKU//3uASnwdAYeq/FVyltQ5yFf1gHMZ9VPnz9gImuNVEP2sd+/DGIKJYwyFgT/K SYsf8o9SsYVsYE9l0E0+2dok68qVlRdwgQ52qnR8Hz0aqiI3gFHM9I3OIHjNhiZOaLx9 iRczGRtF1LeA5fvLHxG8J6CjBZEYVNNviQKdxDNPBzq3nb17B1zk9pVhTyBKRWO4WunT +qEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=hyIj3LmVhEYLX36wfujnCfZwEDiB/P1zQlL73AIEtTc=; b=v3ZQ9I95CYrdECjfIkDv5Uw5o2akjOD79Rzt5nGA/5LnrRCCDiRgMCc/cAGKgVh5Hn VXPrjYayw3JFlIXt8IiFAxfsiYa0FMN/ijg1o9TcTOjTICSNNQ5JJw11r+fXmgf2PsKv F8SaV55RNX+Zgh2dpxzimsLJEivIB13A4JEfIM+oyFpAQ+TTxeN9rUXZZkj+vXkZLZNa HlsmbXzWPtiYIGuqURwoEPPZyaZO+l33iafjdxalctHJwcdSTQYqlF6ETh6eMmWOGjyN phQ405IUjhlUnbfwVysULtYasxMpKalvSyBwY3lU6oxClZq2e91NAqfLmQQGge9nx54d wXRQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=cpDQmqTR; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e2-20020a056402148200b00463d1e263a9si10639584edv.328.2022.11.22.03.15.07; Tue, 22 Nov 2022 03:15:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=cpDQmqTR; dkim=neutral (no key) header.i=@linutronix.de; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233575AbiKVKfY (ORCPT + 91 others); Tue, 22 Nov 2022 05:35:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233562AbiKVKeO (ORCPT ); Tue, 22 Nov 2022 05:34:14 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AAA99FEF; Tue, 22 Nov 2022 02:31:06 -0800 (PST) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1669113063; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=hyIj3LmVhEYLX36wfujnCfZwEDiB/P1zQlL73AIEtTc=; b=cpDQmqTRoiW4zJJjcEKCD9XuuGn+BRfmpEaX42L8Z0yJQsrtlsRLSMj4W9phuRsIDed2VG 9gFtP8CbKovyrFODpX+j8mfEcVvEg3+ROgz2qWRpqkf6hODFZQnExjbuyetqlfwYvdx+Yz FeQ+wDf3MGhLhA/q34a84itezufzgFDhEzUGYoZQXfYPdhxjpHR1Z2EvjPznhttVolg6H0 +Dxa90UvxxW3hJ/8WZemPpbEuvCN/AZ2Et/UIUqwUgWNYtckfEkQAMEd85iycIUu+Bzffu uLnARxlfknoXvOMXFrtO87NsRC/atGDyq0QFqT8mnKPEDlfqrhAGEQhlBha0AA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1669113063; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=hyIj3LmVhEYLX36wfujnCfZwEDiB/P1zQlL73AIEtTc=; b=v3qfWM+1iFsEhZ6c4Ia+vQVM01NXRwxlYDhbENglPpQJ/FJIqF5Je0Mi/8IJ30DWOcnwy+ dsN+LcrA2cuLuMAg== To: Peter Zijlstra , Kai Huang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com Subject: Re: [PATCH v7 04/20] x86/virt/tdx: Add skeleton to initialize TDX on demand In-Reply-To: References: Date: Tue, 22 Nov 2022 11:31:02 +0100 Message-ID: <87edtvgu1l.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22 2022 at 10:02, Peter Zijlstra wrote: > On Mon, Nov 21, 2022 at 01:26:26PM +1300, Kai Huang wrote: >> + cpus_read_unlock(); >> + >> + return ret; >> +} > > Uhm.. so if we've offlined all the SMT siblings because of some > speculation fail or other, this TDX thing will fail to initialize? > > Because as I understand it; this TDX initialization happens some random > time after boot, when the first (TDX using) KVM instance gets created, > long after the speculation mitigations are enforced. Correct. Aside of that it's completely unclear from the changelog why TDX needs to run the seamcall on _all_ present CPUs and why it cannot handle CPU being hotplugged later. It's pretty much obvious that a TDX guest can only run on CPUs where the seam module has been initialized, but where does the requirement come from that _ALL_ CPUs must be initialized and _ALL_ CPUs must be able to run TDX guests? I just went and read through the documentation again. "1. After loading the Intel TDX module, the host VMM should call the TDH.SYS.INIT function to globally initialize the module. 2. The host VMM should then call the TDH.SYS.LP.INIT function on each logical processor. TDH.SYS.LP.INIT is intended to initialize the module within the scope of the Logical Processor (LP)." This clearly tells me, that: 1) TDX must be globally initialized (once) 2) TDX must be initialized on each logical processor on which TDX root/non-root operation should be executed But it does not define any requirement for doing this on all logical processors and for preventing physical hotplug (Neither for CPUs nor for memory). Nothing in the TDX specs and docs mentions physical hotplug or a requirement for invoking seamcall on the world. Thanks, tglx