Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6389820rwb;
        Tue, 22 Nov 2022 12:40:13 -0800 (PST)
X-Google-Smtp-Source: AA0mqf50Xx7oW3WolI3fFHRmOaWhCSrglrzFTsa0vVRBRTnX4lUuTbOwSHpiJHga2yXo4FcOcX7F
X-Received: by 2002:aa7:8c19:0:b0:573:620a:3b1c with SMTP id c25-20020aa78c19000000b00573620a3b1cmr6209291pfd.50.1669149613591;
        Tue, 22 Nov 2022 12:40:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669149613; cv=none;
        d=google.com; s=arc-20160816;
        b=ivxf4M7iPGaTZaCHsHxzvnWMTHF/4Mc/BuWDMDaiuCglBTsaeDjl8/t9NwQ209q60a
         Fx8EZZx6k7npJrQsBiKCUJZQtxeSG3UcqieB7T4yi0k2wtQkEMzv/MxpcwJFgCFkMU5d
         h7nTU6ZOTnIVcT1Ahcc5tSkAmJkMoCOvQCKLo5PdpU7L52k5ZbIbm0VCKCNu/Lg85xyf
         BNYo3nAl3e2FSaHBoLPht9LMIkG6IiNS3Fkrub0dXecJT8by3fdo6Xg82u5SyRJHEPO0
         N3Xm1G/w1uBElKH0gznXyaxeUfp0ghny/hqcC/RQiomIFEkK9PRjZPk5ZmSBVCEzW7bf
         q3dw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:references
         :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from;
        bh=SWa/5fKbR+fcYp/HKOeGlxTtLMCqMbq1I3NIhIrAkW0=;
        b=B/Diykyv0VuL7aoNs8MOOqjRCE9SVpVJaSr2vyhTLU4PdzYeB1QxWUawtCnCbsXk9M
         SylgBEAkxAfkG06EwqZHS+RiwbTkYgv4KuDKwahXAARCUSRvwlPKOvIRocxesGTgbg5Q
         0kbVCUbVETjDo1PMgoCuhrbC0sK6ZcTYb3NoaADZin5KdPFxhFpJAXB/45YT0UtVmCg8
         eEZVao4deuSgiUDck9bApbB4fYmZRTjlH2wziCuBVAs5oAM8u6CxnOa+0Z9pAG1yWliC
         +0Ph/piP8HmhCHak7iSatIikPh6JA8GbymTRSkSxE6ZyO58qN5rV+f6bZJevqdLa1fRg
         z9zA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=wilo2REL;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id f16-20020a63f110000000b00477357230d4si12338062pgi.347.2022.11.22.12.40.01;
        Tue, 22 Nov 2022 12:40:13 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linutronix.de header.s=2020 header.b=wilo2REL;
       dkim=neutral (no key) header.i=@linutronix.de header.s=2020e;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S234164AbiKVUDn (ORCPT <rfc822;2bno13@gmail.com> + 90 others);
        Tue, 22 Nov 2022 15:03:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46714 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232341AbiKVUDl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 22 Nov 2022 15:03:41 -0500
Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AD637DEFC;
        Tue, 22 Nov 2022 12:03:40 -0800 (PST)
From:   Thomas Gleixner <tglx@linutronix.de>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020; t=1669147418;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=SWa/5fKbR+fcYp/HKOeGlxTtLMCqMbq1I3NIhIrAkW0=;
        b=wilo2RELa/r/tn0tqcS6/gVkFvmBJ34cbwrFjZ2LolGixYbLrHyDqJKhSFG2Bg2rPvU3BV
        GawXrqRdoFKHpoHmdLNItf4wEyZjttUv8B6lRLTOgJUHRmblMXE8kkia+f0WPOcMeoawyK
        UUyMhwwlUaEHLvvKkwS55jOvvIpGqyWofGIahgd3rt6ZQbllIdrSBogtjZg9Z58aEhhi92
        Tmd7FfQMmW0+qD97ULdEOddZlobt/jMXefnlwk5u/tLfIFpv8yFLfuBZI5Gttut+y0zqkt
        A2JAwZtaRdinFkWQKSxgrm89qHIbw25lMfKcv5GVw/Af3VfeR3raH4FsX9MFdg==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de;
        s=2020e; t=1669147418;
        h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
         to:to:cc:cc:mime-version:mime-version:content-type:content-type:
         in-reply-to:in-reply-to:references:references;
        bh=SWa/5fKbR+fcYp/HKOeGlxTtLMCqMbq1I3NIhIrAkW0=;
        b=bgi7uUODLdtKRu2n4st+LFM1E9j6zqOCr9C27K9Jns4W84FUStTn+1qMBRMnYpoKNAVZg5
        a0/bhyVPpuJEi2CQ==
To:     Dave Hansen <dave.hansen@intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Kai Huang <kai.huang@intel.com>
Cc:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com,
        dan.j.williams@intel.com, rafael.j.wysocki@intel.com,
        kirill.shutemov@linux.intel.com, ying.huang@intel.com,
        reinette.chatre@intel.com, len.brown@intel.com,
        tony.luck@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com,
        chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com,
        bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com
Subject: Re: [PATCH v7 04/20] x86/virt/tdx: Add skeleton to initialize TDX
 on demand
In-Reply-To: <19d93ff0-df0d-dc9d-654b-a9ca6f7be1d0@intel.com>
References: <cover.1668988357.git.kai.huang@intel.com>
 <d26254af8e5b3dcca8a070703c5d6d04f48d47a9.1668988357.git.kai.huang@intel.com>
 <Y3yQKDZFC8+oCyqK@hirez.programming.kicks-ass.net> <87edtvgu1l.ffs@tglx>
 <19d93ff0-df0d-dc9d-654b-a9ca6f7be1d0@intel.com>
Date:   Tue, 22 Nov 2022 21:03:37 +0100
Message-ID: <87mt8ig3ja.ffs@tglx>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Nov 22 2022 at 07:35, Dave Hansen wrote:

> On 11/22/22 02:31, Thomas Gleixner wrote:
>> Nothing in the TDX specs and docs mentions physical hotplug or a
>> requirement for invoking seamcall on the world.
>
> The TDX module source is actually out there[1] for us to look at.  It's
> in a lovely, convenient zip file, but you can read it if sufficiently
> motivated.

zip file? Version control from the last millenium?

The whole thing wants to be @github with a proper change history if
Intel wants anyone to trust this and take it serious.

/me refrains from ranting about the outrageous license choice.

> It has this lovely nugget in it:
>
> WARNING!!! Proprietary License!!  Avert your virgin eyes!!!

It's probably not the only reasons to avert the eyes.

>>     if (tdx_global_data_ptr->num_of_init_lps < tdx_global_data_ptr->num_of_lps)
>>     {
>>         TDX_ERROR("Num of initialized lps %d is smaller than total num of lps %d\n",
>>                     tdx_global_data_ptr->num_of_init_lps, tdx_global_data_ptr->num_of_lps);
>>         retval = TDX_SYS_CONFIG_NOT_PENDING;
>>         goto EXIT;
>>     }
>
> tdx_global_data_ptr->num_of_init_lps is incremented at TDH.SYS.INIT
> time.  That if() is called at TDH.SYS.CONFIG time to help bring the
> module up.
>
> So, I think you're right.  I don't see the docs that actually *explain*
> this "you must seamcall all the things" requirement.

The code actually enforces this.

At TDH.SYS.INIT which is the first operation it gets the total number
of LPs from the sysinfo table:

src/vmm_dispatcher/api_calls/tdh_sys_init.c:

    tdx_global_data_ptr->num_of_lps = sysinfo_table_ptr->mcheck_fields.tot_num_lps;

Then TDH.SYS.LP.INIT increments the count of initialized LPs.

src/vmm_dispatcher/api_calls/tdh_sys_lp_init.c:

    increment_num_of_lps(tdx_global_data_ptr)
       _lock_xadd_32b(&tdx_global_data_ptr->num_of_init_lps, 1);

Finally TDH.SYS.CONFIG checks whether _ALL_ LPs have been initialized.

src/vmm_dispatcher/api_calls/tdh_sys_config.c:

    if (tdx_global_data_ptr->num_of_init_lps < tdx_global_data_ptr->num_of_lps)

Clearly that's nowhere spelled out in the documentation, but I don't
buy the 'architecturaly required' argument not at all. It's an
implementation detail of the TDX module.

Technically there is IMO ZERO requirement to do so.

 1) The TDX module is global

 2) Seam-root and Seam-non-root operation are strictly a LP property.

    The only architectural prerequisite for using Seam on a LP is that
    obviously the encryption/decryption mechanics have been initialized
    on the package to which the LP belongs.

I can see why it might be complicated to add/remove an LP after
initialization fact, but technically it should be possible.

TDX/Seam is not that special.

But what's absolutely annoying is that the documentation lacks any
information about the choice of enforcement which has been hardcoded
into the Seam module for whatever reasons.

Maybe I overlooked it, but then it's definitely well hidden.

Thanks,

        tglx