Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B28CC54EAA for ; Thu, 26 Jan 2023 22:00:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233120AbjAZWAE (ORCPT ); Thu, 26 Jan 2023 17:00:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233140AbjAZV74 (ORCPT ); Thu, 26 Jan 2023 16:59:56 -0500 Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF6DC7374C for ; Thu, 26 Jan 2023 13:59:54 -0800 (PST) Received: by mail-pf1-x430.google.com with SMTP id cr11so375182pfb.1 for ; Thu, 26 Jan 2023 13:59:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=YJnku2tU3/6C2F8suak76N7QwbI25qrwIMn4ZDl4TFI=; b=QYG1rYc8La4B3E/MkSHWT5RxKkar6r4pvkx3HyZiVu1tVarzy6kcr/VFFiVgtoi1Ra ZSGyz+F2QvIjob6gceJZgvtq5UdaIdQdLmz76BB7S6Oku1fG9U9Egjj5rOD7U/wtXrHj ajPPi91z5UUBPDJRxkK4s3OjwYYe/C9A3LB0+gDD8vLCFukSu4j7/E2PU+BzCCFQbYTc tF/xpGQBFYmFJARe2QE3SCqL4g6VLeW87RnW+IlnEm7OWti6WOaP+LFX8e7XrExX2aPi Av234avFZ8wqm7JOzqcgCvMQwyZJpQXCXFj3gSHq443MvbJzDGhPjWqMAoeu8cidWAUl gtgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=YJnku2tU3/6C2F8suak76N7QwbI25qrwIMn4ZDl4TFI=; b=SQh8DBitey40b7g2qLjiGDfuhfRUnHxmBO8NlLVq6j/K93UONvdXZS/NH3+DwssYVC AJSK5bkHLIztOGXdWgwk4lY7h+WxDirUkmEH4xtUbH8q2lCSfrpH26gOgKabPUSJugQ6 HPvdEjvxF1QVCOfquC8kjocgjN6Qg3pw/iCsX+yXeetUG+id2sM0XrokTq0kPrG5tvBJ 8kfe5m4RcALhXtdmf4VYYEPnA5wNTBhvc8AOjcCn74AWuV7NTcF8SCz7lsqLwUJNvgzi kJZXRT3BaSRbAiyvGzdGMZIwgr3F+zHmCEOkZDY4jQm/LN6oQ/wz+Q9xCtT6Ip6T6Gv2 TQ1Q== X-Gm-Message-State: AO0yUKUrrO1Srpw/EkxAPLigp3eC+Bl0rBNxgtgjZoql5zcfriu3Avow /O+9bLLKxYqqK2jy1QjXNoUQ0g== X-Google-Smtp-Source: AK7set+5EZ/qT4Z/ggWinkndf4ffSHynNy8XELCqMlevIgpOgNFZ8JsBSKxAPw5A8iCBg+mkSPUL3Q== X-Received: by 2002:a05:6a00:23cb:b0:581:bfac:7a52 with SMTP id g11-20020a056a0023cb00b00581bfac7a52mr1507578pfc.1.1674770394220; Thu, 26 Jan 2023 13:59:54 -0800 (PST) Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7]) by smtp.gmail.com with ESMTPSA id c64-20020a624e43000000b00586fbbdf6e4sm1316693pfb.34.2023.01.26.13.59.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Jan 2023 13:59:53 -0800 (PST) Date: Thu, 26 Jan 2023 21:59:49 +0000 From: Sean Christopherson To: "Huang, Kai" Cc: "pbonzini@redhat.com" , "Shahar, Sagi" , "isaku.yamahata@gmail.com" , "linux-kernel@vger.kernel.org" , "Aktas, Erdem" , "kvm@vger.kernel.org" , "sean.j.christopherson@intel.com" , "zhi.wang.linux@gmail.com" , "dmatlack@google.com" , "Yamahata, Isaku" Subject: Re: [PATCH v11 018/113] KVM: TDX: create/destroy VM structure Message-ID: References: <1c71eda35e03372f29162c6a5286f5b4d1e1d7e1.camel@intel.com> <3951e178bc38191074f5cccadc442212ff15c737.camel@intel.com> <144de0bf7cc86dd7807f1b559c3269bccbb56317.camel@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <144de0bf7cc86dd7807f1b559c3269bccbb56317.camel@intel.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jan 26, 2023, Huang, Kai wrote: > On Thu, 2023-01-26 at 17:28 +0000, Sean Christopherson wrote: > > In other words, once the PTE is zapped/blocked (branch is pruned), it's completely > > removed from the paging tree and no other tasks can access the branch (page table > > and its children). I.e. the only remaining reference to the branch is the pointer > > handed to the RCU callback. That means the RCU callback has exclusive access to the > > branch, i.e. can operate as if it were holding mmu_lock for write. Furthermore, the > > RCU callback also doesn't need to flush TLBs because that was again done when > > pruning the branch. > > > > It's the same idea that KVM already uses for root SPs, the only difference is how > > KVM determines that there is exactly one entity that holds a reference to the SP. > > Right. This works fine for normal non-TDX case. However for TDX unfortunately > the access to the removed branch (or the removed sub-page-table) isn't that > "exclusive" as the SEAMCALL to truly zap that branch still needs to hold the > write lock of the entire Secure EPT tree, so it can still conflict with other > threads handling new faults. I thought TDX was smart enough to read-lock only the part of the tree that it's actually consuming, and write-lock only the part of the tree that it's actually modifying? Hrm, but even if TDX takes a read-lock, there's still the problem of it needing to walk the upper levels, i.e. KVM needs to keep mid-level page tables reachable until they're fully removed. Blech. That should be a non-issue at this time though, as I don't think KVM will ever REMOVE a page table of a live guest. I need to look at the PROMOTE/DEMOTE flows...