Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp1076747rwl; Wed, 5 Apr 2023 11:24:29 -0700 (PDT) X-Google-Smtp-Source: AKy350a34q6cBv+OPqO2baCT1U8/KtAlNf4Vi2wbjNHuqPXBkwkYNHDMqnPlrSzvQgugmgg1kK2k X-Received: by 2002:a05:6a21:8692:b0:c7:6f26:ca0 with SMTP id ox18-20020a056a21869200b000c76f260ca0mr24317pzb.54.1680719069566; Wed, 05 Apr 2023 11:24:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680719069; cv=none; d=google.com; s=arc-20160816; b=FD77ONEKhZLLPH+ZsLZ88kUtcXibhWc36Yy0Ykv0fu1NWunpGqJupyX67tJ67n9T2A 5QEty0F+BzzM9G734EgMNooh/RNW+AQAhTiKht1gB1ykAJIzDIMN2A6Jub4qM7JnayH7 74CtV6lJANlI+vJXex90TP6WJnF63kS5Vej1JBQDyIB+ZVQCTjk/ehs7VbuK1A0vNId/ WME/t89xRGe2eHCMmjZ4ypK0pYMOm6wRVxjfx9Og1pnKzR5kfiDhrXFdPTNPJnbjTeQK ql13bj/b5Tzh7DUZCROq6/RNk+pPp+ImPG0WTqNo1sKTbnpcvH89ZVAucu1D4GnanjAW UgTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7ZHK4aGRVhFnY6NcH5+15nBOfRFUXM0rvRmFZC+ICfo=; b=UP+gwSvx9HDxfSICZKzQEIq7o6WxKDBxoojlSRf7xsS/pW2kaq7kpXVYqQk9eohoWY +eRmVJei2yymVf6hcy6WtBiJofhPfpdLEdIAMl0XA03QU20ObLSG30Qk7/UER5WVlb69 PGajuRIkw7rlB72AHLBP3WU61a917YMSjf1MVfE/AYEmHnr9eS+IY/vQA72A82YkPdYK TOw31R0oPVNyuy7yowRPhnTHFGxepaXhpPlBKIGa3jkUcAmIsj7rX+1aqm5ZUge8tnsa RBfeMIthZXIAE9Q8f/sBckQtrKXKrzSGAlvI6FXAihnXjpQwkGr1yxHh3qMnm4bU1WrL 4VPQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=a5RkMZRa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 81-20020a630054000000b0050b1a4d8625si13103087pga.723.2023.04.05.11.24.17; Wed, 05 Apr 2023 11:24:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=a5RkMZRa; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231447AbjDESQZ (ORCPT + 99 others); Wed, 5 Apr 2023 14:16:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229479AbjDESQW (ORCPT ); Wed, 5 Apr 2023 14:16:22 -0400 Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8249A659B; Wed, 5 Apr 2023 11:16:21 -0700 (PDT) Received: by mail-pg1-x52e.google.com with SMTP id d22so22285631pgw.2; Wed, 05 Apr 2023 11:16:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680718581; x=1683310581; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=7ZHK4aGRVhFnY6NcH5+15nBOfRFUXM0rvRmFZC+ICfo=; b=a5RkMZRahnPfsXfeRYnYj5gb+AMW2gJvfd7au3Oc9cGAA7i5Siy5JjOWOIgdPFGRQT fpGksFrFOpblOYVvw+80Cy0pPo7gpORkzseprf7Z+qJ1I35BcbtMeMpOoLsAkikEUx9U pwEjrICQhSEIdXGL5atO2bQ0j7SUGrUg/rX2YljD6681joVLEx9s7+m14F2gujc2YIG6 nUUkI8zk7wC+97BaiX+nA1YkQ9MTtgmea7eGywUKMCaq2P6dykqipmDmgCkH03ELxhLA wTgRjjzBkfMERMegaHko3ibYHpKG4cqfqSamYlH7aKlkACKKuh1gkt1UntfzRohRmU2B 3Jew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680718581; x=1683310581; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=7ZHK4aGRVhFnY6NcH5+15nBOfRFUXM0rvRmFZC+ICfo=; b=6oay6n16H+y9VwJiwbs9HCQ5IKWKZ4piT87jJr7cP/77IJmtqERo4+ZWoNfvNgfrkb rid0spypR36MvBWe/gZfFKJ4QipBsYLmHCvCS9sVLEMwVlrwy5fr60/q1fX+VbrzaGJW blbkoM9KWn+Y6Gdd5aynTKILIMir2dqawLtOY4EOUsNtdzwWchBMYIncx7f7lhXptHNC ogkJweQOMjYNNFiQkPKmhmBbm5bEGg2/0XEOqd1QEh7iml+7BA68bB2FMxmi62Hh8d/O bkfQWZ2kAIqk25N9AhRlJwB5dzLOD/UqK3WTRiIP02qbI5BTEK9tc/i/xwA/ECE/zr5n K7FQ== X-Gm-Message-State: AAQBX9dk6wRPl6vWmsuqB4juRcY3echaGDKiRcRy5FZNFP/HPorJPXr3 Fdbjrz0TJ23R9wX0SoqwXvVMgaKFNPY= X-Received: by 2002:aa7:9f48:0:b0:627:eece:5ca5 with SMTP id h8-20020aa79f48000000b00627eece5ca5mr6246199pfr.18.1680718580641; Wed, 05 Apr 2023 11:16:20 -0700 (PDT) Received: from localhost ([192.55.54.55]) by smtp.gmail.com with ESMTPSA id k26-20020aa792da000000b00593e4e6516csm10939356pfa.124.2023.04.05.11.16.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Apr 2023 11:16:20 -0700 (PDT) Date: Wed, 5 Apr 2023 11:16:18 -0700 From: Isaku Yamahata To: Zhi Wang Cc: Isaku Yamahata , isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , David Matlack , Kai Huang , Sean Christopherson Subject: Re: [PATCH v13 019/113] KVM: TDX: create/destroy VM structure Message-ID: <20230405181618.GG1112017@ls.amr.corp.intel.com> References: <7c011a5c9dd92cfb9074297af22d132a4e57fd11.1678643052.git.isaku.yamahata@intel.com> <20230326140936.00003397@gmail.com> <20230330010153.GB1112017@ls.amr.corp.intel.com> <20230402114158.00000543@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230402114158.00000543@gmail.com> X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Apr 02, 2023 at 11:41:58AM +0300, Zhi Wang wrote: > > > > +void tdx_mmu_release_hkid(struct kvm *kvm) > > > > +{ > > > > + struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm); > > > > + cpumask_var_t packages; > > > > + bool cpumask_allocated; > > > > + u64 err; > > > > + int ret; > > > > + int i; > > > > + > > > > + if (!is_hkid_assigned(kvm_tdx)) > > > > + return; > > > > + > > > > + if (!is_td_created(kvm_tdx)) > > > > + goto free_hkid; > > > > + > > > > + cpumask_allocated = zalloc_cpumask_var(&packages, GFP_KERNEL); > > > > + cpus_read_lock(); > > > > + for_each_online_cpu(i) { > > > > + if (cpumask_allocated && > > > > + cpumask_test_and_set_cpu(topology_physical_package_id(i), > > > > + packages)) > > > > + continue; > > > > > > Is this necessary to check cpumask_allocated in the while loop? if cpumask > > > is not succefully allocated, wouldn't it be better to bail out just after > > > it? > > > > No because we can't return error here. It's better to do in-efficiently freeing > > resources instead of leak. > > > > We can move the check out of loop. But it would be ugly > > (if () {cpu loop} else {cpu loop} ) and this function isn't performance > > critical. Also I think it's okay to depend on compiler optimization for loop > > invariant. My compiler didn't optimize it in this case, though. > > > > Do you mean the tdh_mng_key_freeid() is still required if failing to allocate > the cpumask var and do TDH.PHYMEM_CACHE_WB(WBINVD) on each CPU? > > Out of curiosity, I took a look on the TDX module source code [1], it seems TDX > module has an additional check in TDH.MNG.KEY.FREEID. TDH.MNG.VPFLUSHDONE [2] > will mark the pending wbinvd in a bitmap: > > ... > /** > * Create the WBINVD_BITMAP per-package. > * Set to 1 num_of_pkgs bits from the LSB > */ > global_data_ptr->kot.entries[curr_hkid].wbinvd_bitmap = global_data_ptr->pkg_config_bitmap; /* <----HERE */ > > // Set new TD life cycle state > tdr_ptr->management_fields.lifecycle_state = TD_BLOCKED; > > // Set the proper new KOT entry state > global_data_ptr->kot.entries[curr_hkid].state = (uint8_t)KOT_STATE_HKID_FLUSHED; > ... > > And TDH.MNG.KEY.FREEID [3] will check if the pending WBINVD has been performed: > > ... > /** > * If TDH_PHYMEM_CACHE_WB was executed on all packages/cores, > * set the KOT entry, set the KOT entry state to HKID_FREE. > */ > curr_hkid = tdr_ptr->key_management_fields.hkid; > tdx_debug_assert(global_data_ptr->kot.entr/ies[curr_hkid].state == KOT_STATE_HKID_FLUSHED); > if (global_data_ptr->kot.entries[curr_hkid].wbinvd_bitmap != 0) /* HERE */ > { > TDX_ERROR("CACHEWB is not complete for this HKID (=%x)\n", curr_hkid); > return_val = TDX_WBCACHE_NOT_COMPLETE; > goto EXIT; > } > ... > > Guess the conclusion is: if TDH.PHYMEM.CACHE.WB is not performed on each > required CPU correctly, TDH.MNG.KEY.FREEID will fail as well. A leak seems > the only option (none of us likes a leak, but...). Why do we need to leak key? If we fails to allocate cpumask, we can issue TDH.PHYMEM.CACHE.WB on all pCPUs instead of all packages. If we call TDH.PHYMEM.CACHE.WB multiple times on the same package, it may return error. It's benign. It is suboptimal, but it's much better than leaking hkid. -- Isaku Yamahata