Received: by 2002:a05:7412:8598:b0:f9:33c2:5753 with SMTP id n24csp348476rdh; Tue, 19 Dec 2023 00:11:18 -0800 (PST) X-Google-Smtp-Source: AGHT+IFmpbmPYkwuDPy++5wXKHNT2EbHUC2U0hXw/zbxN8/vGvZfgZIo5v12WGcvoy528946Kw1W X-Received: by 2002:a05:620a:1a08:b0:77e:fba3:81bf with SMTP id bk8-20020a05620a1a0800b0077efba381bfmr21733131qkb.85.1702973478238; Tue, 19 Dec 2023 00:11:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702973478; cv=none; d=google.com; s=arc-20160816; b=i/b8plRis92yGuBnmwHvuSiFMV6U0VvAObWoRuDlO6UL/dSA86ySbXrDvl11/oBG2w KTUQlYrt03j46i6cGnUPhhUMXTJd1nLUhmysETmaMZc58huYZa3+zS6vosnWV+ZHIY8C FyBFJUWH3eo/p4JLMJ6mrwfg5wTWWpD0+lrGN7742T0qIO2Bt+qmjLXI+vYQ+TAjwas1 35nuXPsJDfPdl2EbkM8fzs941w8vxBZA72J92EYQsS/lVE6yX80IyYuJXqiFzaAfJMzR obaso63EiAAEscrFmcHFYvfrYnW5wYGwRES2LtopXn5fnhDvj2JE7jKMs2pgr0n6yRSi iPig== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :references:message-id:subject:cc:to:from:date:dkim-signature; bh=u8AN+OIGce1wibSpvT0Z8uum1UZ4ZNVOCDLUGLuDXgI=; fh=eMe0Ghs4ob/JjY/rKFXb9y8KvcUfivGVDhlphyRskYU=; b=lL4a8KVmqqDNod/Bg2jHCpoiTYPEwwOg5o+V21hJVjMjsp74ztclss0WJ4TZJFXNfe c19+I7fghsHGUNN6Vx99uvm/XLjOvJQ0s1y9KEQgCqib1fosDCQFU8hcaC1k8tYIn6qC NJBLaclpf6ePEiukJPqsBQzs5Xr+Sa6QKTu+7Geg+JQt2LFBPRAxXaOdm1ssutqBTZME 6GXY32xugepX4jixla/ebLnOyJgfneQDLunT2iNaaQYlWP2VB+w2MPP4A/Fny6518ccX 9U6arYqL79fwOaTlaTukGJP+VoXGBjaF67+H6TBeDtx8bEt1MEs6oOZSoeLBM2a/oW4k kxxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DN89CoEI; spf=pass (google.com: domain of linux-kernel+bounces-4864-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4864-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id ea24-20020a05620a489800b0077dc1476414si26553626qkb.758.2023.12.19.00.11.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Dec 2023 00:11:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-4864-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DN89CoEI; spf=pass (google.com: domain of linux-kernel+bounces-4864-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-4864-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 03EA61C23750 for ; Tue, 19 Dec 2023 08:11:18 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B4A3B11729; Tue, 19 Dec 2023 08:11:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="DN89CoEI" X-Original-To: linux-kernel@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D625611183; Tue, 19 Dec 2023 08:11:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702973465; x=1734509465; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=/vM+TxgIZhFtMB+YlewMDn0pCXeJtEqxz2OnfY03r1k=; b=DN89CoEI4UnfMi1epQPcSCRRNIU6BxM2oZ3DuYi54XCx/j6hQNRKpsye JoUIQY/NIVWfv9pVSJcGS/ORRsTSxhN/NSWqA9lWXcG6h7WSkrqXFI9nC mKaGnG4xXFWW4I8UEbzjTLUSYpnyynck7c52TsJxp5vDuMdoAcoeKsydN hRbxAMZ6Y5q1eCMPodS07apNOVLrAqUy/VI5pcx6oqU9p/AIPMRxmrQs9 KHBvZTlCV51EiNrpRDndvqLjJWp5XYtKOQXU6eDRlyG4NQFBqH+e+nKiS Nt3AK5l5lXNnCgmfS1XB8X07qXkOwdUgVJ7pVl5SFKA4Bav4TZhlqK43R Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10928"; a="2448962" X-IronPort-AV: E=Sophos;i="6.04,287,1695711600"; d="scan'208";a="2448962" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmvoesa105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Dec 2023 00:11:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10928"; a="725652967" X-IronPort-AV: E=Sophos;i="6.04,287,1695711600"; d="scan'208";a="725652967" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Dec 2023 00:11:04 -0800 Date: Tue, 19 Dec 2023 00:11:04 -0800 From: Isaku Yamahata To: Jim Mattson Cc: Isaku Yamahata , Sean Christopherson , Maxim Levitsky , isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Vishal Annapurve Subject: Re: [PATCH v2 1/3] KVM: x86: Make the hardcoded APIC bus frequency vm variable Message-ID: <20231219081104.GB2639779@ls.amr.corp.intel.com> References: <1c12f378af7de16d7895f8badb18c3b1715e9271.1699936040.git.isaku.yamahata@intel.com> <938efd3cfcb25d828deab0cc0ba797177cc69602.camel@redhat.com> <20231219014045.GA2639779@ls.amr.corp.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Mon, Dec 18, 2023 at 07:53:45PM -0800, Jim Mattson wrote: > On Mon, Dec 18, 2023 at 5:40 PM Isaku Yamahata > wrote: > > > > On Thu, Dec 14, 2023 at 08:41:43AM -0800, > > Sean Christopherson wrote: > > > > > On Thu, Dec 14, 2023, Maxim Levitsky wrote: > > > > On Wed, 2023-12-13 at 15:10 -0800, Sean Christopherson wrote: > > > > > Upstream KVM's non-TDX behavior is fine, because KVM doesn't advertise support > > > > > for CPUID 0x15, i.e. doesn't announce to host userspace that it's safe to expose > > > > > CPUID 0x15 to the guest. Because TDX makes exposing CPUID 0x15 mandatory, KVM > > > > > needs to be taught to correctly emulate the guest's APIC bus frequency, a.k.a. > > > > > the TDX guest core crystal frequency of 25Mhz. > > > > > > > > I assume that TDX doesn't allow to change the CPUID 0x15 leaf. > > > > > > Correct. I meant to call that out below, but left my sentence half-finished. It > > > was supposed to say: > > > > > > I halfheartedly floated the idea of "fixing" the TDX module/architecture to either > > > use 1Ghz as the base frequency or to allow configuring the base frequency > > > advertised to the guest. > > > > > > > > I halfheartedly floated the idea of "fixing" the TDX module/architecture to either > > > > > use 1Ghz as the base frequency (off list), but it definitely isn't a hill worth > > > > > dying on since the KVM changes are relatively simple. > > > > > > > > > > https://lore.kernel.org/all/ZSnIKQ4bUavAtBz6@google.com > > > > > > > > > > > > > Best regards, > > > > Maxim Levitsky > > > > The followings are the updated version of the commit message. > > > > > > KVM: x86: Make the hardcoded APIC bus frequency VM variable > > > > The TDX architecture hard-codes the APIC bus frequency to 25MHz in the > > CPUID leaf 0x15. The > > TDX mandates it to be exposed and doesn't allow the VMM to override > > its value. The KVM APIC timer emulation hard-codes the frequency to > > 1GHz. It doesn't unconditionally enumerate it to the guest unless the > > user space VMM sets the CPUID leaf 0x15 by KVM_SET_CPUID. > > > > If the CPUID leaf 0x15 is enumerated, the guest kernel uses it as the > > APIC bus frequency. If not, the guest kernel measures the frequency > > based on other known timers like the ACPI timer or the legacy PIT. > > The TDX guest kernel gets timer interrupt more times by 1GHz / 25MHz. > > > > To ensure that the guest doesn't have a conflicting view of the APIC > > bus frequency, allow the userspace to tell KVM to use the same > > frequency that TDX mandates instead of the default 1Ghz. > > > > There are several options to address this. > > 1. Make the KVM able to configure APIC bus frequency (This patch). > > Pros: It resembles the existing hardware. The recent Intel CPUs > > adapts 25MHz. > > Cons: Require the VMM to emulate the APIC timer at 25MHz. > > 2. Make the TDX architecture enumerate CPUID 0x15 to configurable > > frequency or not enumerate it. > > Pros: Any APIC bus frequency is allowed. > > Cons: Deviation from the real hardware. > > 3. Make the TDX guest kernel use 1GHz when it's running on KVM. > > Cons: The kernel ignores CPUID leaf 0x15. > > 4. Change CPUID.15H under TDX to report the crystal clock frequency as 1 GHz. > Pro: This has been the virtual APIC frequency for KVM guests for 13 years. > Pro: This requires changing only one hard-coded constant in TDX. > > I see no compelling reason to complicate KVM with support for > configurable APIC frequencies, and I see no advantages to doing so. Because TDX isn't specific to KVM, it should work with other VMM technologies. If we'd like to go for this route, the frequency would be configurable. What frequency should be acceptable securely is obscure. 25MHz has long history with the real hardware. -- Isaku Yamahata