Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6389820rwb; Tue, 22 Nov 2022 12:40:13 -0800 (PST) X-Google-Smtp-Source: AA0mqf50Xx7oW3WolI3fFHRmOaWhCSrglrzFTsa0vVRBRTnX4lUuTbOwSHpiJHga2yXo4FcOcX7F X-Received: by 2002:aa7:8c19:0:b0:573:620a:3b1c with SMTP id c25-20020aa78c19000000b00573620a3b1cmr6209291pfd.50.1669149613591; Tue, 22 Nov 2022 12:40:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669149613; cv=none; d=google.com; s=arc-20160816; b=ivxf4M7iPGaTZaCHsHxzvnWMTHF/4Mc/BuWDMDaiuCglBTsaeDjl8/t9NwQ209q60a Fx8EZZx6k7npJrQsBiKCUJZQtxeSG3UcqieB7T4yi0k2wtQkEMzv/MxpcwJFgCFkMU5d h7nTU6ZOTnIVcT1Ahcc5tSkAmJkMoCOvQCKLo5PdpU7L52k5ZbIbm0VCKCNu/Lg85xyf BNYo3nAl3e2FSaHBoLPht9LMIkG6IiNS3Fkrub0dXecJT8by3fdo6Xg82u5SyRJHEPO0 N3Xm1G/w1uBElKH0gznXyaxeUfp0ghny/hqcC/RQiomIFEkK9PRjZPk5ZmSBVCEzW7bf q3dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=SWa/5fKbR+fcYp/HKOeGlxTtLMCqMbq1I3NIhIrAkW0=; b=B/Diykyv0VuL7aoNs8MOOqjRCE9SVpVJaSr2vyhTLU4PdzYeB1QxWUawtCnCbsXk9M SylgBEAkxAfkG06EwqZHS+RiwbTkYgv4KuDKwahXAARCUSRvwlPKOvIRocxesGTgbg5Q 0kbVCUbVETjDo1PMgoCuhrbC0sK6ZcTYb3NoaADZin5KdPFxhFpJAXB/45YT0UtVmCg8 eEZVao4deuSgiUDck9bApbB4fYmZRTjlH2wziCuBVAs5oAM8u6CxnOa+0Z9pAG1yWliC +0Ph/piP8HmhCHak7iSatIikPh6JA8GbymTRSkSxE6ZyO58qN5rV+f6bZJevqdLa1fRg z9zA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=wilo2REL; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f16-20020a63f110000000b00477357230d4si12338062pgi.347.2022.11.22.12.40.01; Tue, 22 Nov 2022 12:40:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=wilo2REL; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234164AbiKVUDn (ORCPT + 90 others); Tue, 22 Nov 2022 15:03:43 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232341AbiKVUDl (ORCPT ); Tue, 22 Nov 2022 15:03:41 -0500 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AD637DEFC; Tue, 22 Nov 2022 12:03:40 -0800 (PST) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1669147418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=SWa/5fKbR+fcYp/HKOeGlxTtLMCqMbq1I3NIhIrAkW0=; b=wilo2RELa/r/tn0tqcS6/gVkFvmBJ34cbwrFjZ2LolGixYbLrHyDqJKhSFG2Bg2rPvU3BV GawXrqRdoFKHpoHmdLNItf4wEyZjttUv8B6lRLTOgJUHRmblMXE8kkia+f0WPOcMeoawyK UUyMhwwlUaEHLvvKkwS55jOvvIpGqyWofGIahgd3rt6ZQbllIdrSBogtjZg9Z58aEhhi92 Tmd7FfQMmW0+qD97ULdEOddZlobt/jMXefnlwk5u/tLfIFpv8yFLfuBZI5Gttut+y0zqkt A2JAwZtaRdinFkWQKSxgrm89qHIbw25lMfKcv5GVw/Af3VfeR3raH4FsX9MFdg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1669147418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=SWa/5fKbR+fcYp/HKOeGlxTtLMCqMbq1I3NIhIrAkW0=; b=bgi7uUODLdtKRu2n4st+LFM1E9j6zqOCr9C27K9Jns4W84FUStTn+1qMBRMnYpoKNAVZg5 a0/bhyVPpuJEi2CQ== To: Dave Hansen , Peter Zijlstra , Kai Huang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com Subject: Re: [PATCH v7 04/20] x86/virt/tdx: Add skeleton to initialize TDX on demand In-Reply-To: <19d93ff0-df0d-dc9d-654b-a9ca6f7be1d0@intel.com> References: <87edtvgu1l.ffs@tglx> <19d93ff0-df0d-dc9d-654b-a9ca6f7be1d0@intel.com> Date: Tue, 22 Nov 2022 21:03:37 +0100 Message-ID: <87mt8ig3ja.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Nov 22 2022 at 07:35, Dave Hansen wrote: > On 11/22/22 02:31, Thomas Gleixner wrote: >> Nothing in the TDX specs and docs mentions physical hotplug or a >> requirement for invoking seamcall on the world. > > The TDX module source is actually out there[1] for us to look at. It's > in a lovely, convenient zip file, but you can read it if sufficiently > motivated. zip file? Version control from the last millenium? The whole thing wants to be @github with a proper change history if Intel wants anyone to trust this and take it serious. /me refrains from ranting about the outrageous license choice. > It has this lovely nugget in it: > > WARNING!!! Proprietary License!! Avert your virgin eyes!!! It's probably not the only reasons to avert the eyes. >> if (tdx_global_data_ptr->num_of_init_lps < tdx_global_data_ptr->num_of_lps) >> { >> TDX_ERROR("Num of initialized lps %d is smaller than total num of lps %d\n", >> tdx_global_data_ptr->num_of_init_lps, tdx_global_data_ptr->num_of_lps); >> retval = TDX_SYS_CONFIG_NOT_PENDING; >> goto EXIT; >> } > > tdx_global_data_ptr->num_of_init_lps is incremented at TDH.SYS.INIT > time. That if() is called at TDH.SYS.CONFIG time to help bring the > module up. > > So, I think you're right. I don't see the docs that actually *explain* > this "you must seamcall all the things" requirement. The code actually enforces this. At TDH.SYS.INIT which is the first operation it gets the total number of LPs from the sysinfo table: src/vmm_dispatcher/api_calls/tdh_sys_init.c: tdx_global_data_ptr->num_of_lps = sysinfo_table_ptr->mcheck_fields.tot_num_lps; Then TDH.SYS.LP.INIT increments the count of initialized LPs. src/vmm_dispatcher/api_calls/tdh_sys_lp_init.c: increment_num_of_lps(tdx_global_data_ptr) _lock_xadd_32b(&tdx_global_data_ptr->num_of_init_lps, 1); Finally TDH.SYS.CONFIG checks whether _ALL_ LPs have been initialized. src/vmm_dispatcher/api_calls/tdh_sys_config.c: if (tdx_global_data_ptr->num_of_init_lps < tdx_global_data_ptr->num_of_lps) Clearly that's nowhere spelled out in the documentation, but I don't buy the 'architecturaly required' argument not at all. It's an implementation detail of the TDX module. Technically there is IMO ZERO requirement to do so. 1) The TDX module is global 2) Seam-root and Seam-non-root operation are strictly a LP property. The only architectural prerequisite for using Seam on a LP is that obviously the encryption/decryption mechanics have been initialized on the package to which the LP belongs. I can see why it might be complicated to add/remove an LP after initialization fact, but technically it should be possible. TDX/Seam is not that special. But what's absolutely annoying is that the documentation lacks any information about the choice of enforcement which has been hardcoded into the Seam module for whatever reasons. Maybe I overlooked it, but then it's definitely well hidden. Thanks, tglx