Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp488968lqp; Thu, 21 Mar 2024 07:17:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVO+YR2sQ/evVsCHusP/hPH6I6ZCmjzsMu5CQJlHdSIyg54l4fC5s5YLPt1J8x0yOzavThMPwnLSRHjCW5Ga8vZg9DVMCX9Zfl7ZXpsiw== X-Google-Smtp-Source: AGHT+IGtDFGnFmVREcOpLLoXTFri67/nbcvH/GxyT+D583Ltf/GUmUtYQxfpHSrS5c8E7Z7R9h2Z X-Received: by 2002:a17:902:ce86:b0:1dd:b73a:352c with SMTP id f6-20020a170902ce8600b001ddb73a352cmr2835050plg.53.1711030643279; Thu, 21 Mar 2024 07:17:23 -0700 (PDT) Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id q11-20020a170902c74b00b001dd6bf2d4b2si14325930plq.631.2024.03.21.07.17.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Mar 2024 07:17:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-110135-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b="T5l5yva/"; arc=fail (body hash mismatch); spf=pass (google.com: domain of linux-kernel+bounces-110135-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-110135-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id ED0312829B2 for ; Thu, 21 Mar 2024 14:17:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 63C1B85274; Thu, 21 Mar 2024 14:17:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=intel.com header.i=@intel.com header.b="T5l5yva/" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5DBAD84FCC; Thu, 21 Mar 2024 14:17:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.21 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711030633; cv=none; b=LzUy+RNAqhaj2WbarG1YF8DSq3HIvHgtBuVcI+A5ZnrTr0/nbL2d85aMbMVoA4f2s8nkQxHXSRzW3O4+1on9o7sEy/yKTEk8YYIJTc4pIA31xYqvMeXsF3IhCji0C9X4ar+J81jUk7D82JHOarwi+txRZdKnk8HApnUuA1wRrtQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711030633; c=relaxed/simple; bh=9XQwFo1aUQ9b/EM6QySTpjS4eXrihk6w1KvM2UgC27A=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=c/EL/EaARJ8+rqNn0PByzue+D6N1hRImideJpde31OlfMLBLm8KNIyGO8RttXF/Z/8j1XC2bY+s/K4olfcxIQGdjCXabcemGcY3pdpTsScGpDUpNGHzglqn+BWNFmbvq3svqyJ0AEPGMUsv4Kzkdp1Vy1Dj9e2czNylBBWZW/pI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=T5l5yva/; arc=none smtp.client-ip=198.175.65.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1711030631; x=1742566631; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=9XQwFo1aUQ9b/EM6QySTpjS4eXrihk6w1KvM2UgC27A=; b=T5l5yva/PfSpyDNiX9ACAL8I156wzo9Yp0oij8eqhfMpEr0lEsqCXvMv Y0zQ1FmXm8/sgKM4XqtevcAxuRv/JDcSM3pFgPvqtTuVt8KwTefLyVG/w icKkPdbyX4O1LaQyXqk9gCCcwcQfJhYRYOGL2o58dazJXHMJq29GHcjWJ 0/POkXGxXHyquK4COCoMO/qOcmSBKFjgYy+vxN6YWR5CRuMcCn289sFKp ENQAVLxjD8H/ROC+fv0AbYXdfIWE4XlQlg6fdd1IMmcd8JBshBPlUEH96 VxnGR341I6Jyz4je6/iydyL/dMrOwn0jeaZFV3GDLWY+upV6aF36mvAqk Q==; X-IronPort-AV: E=McAfee;i="6600,9927,11019"; a="5963243" X-IronPort-AV: E=Sophos;i="6.07,143,1708416000"; d="scan'208";a="5963243" Received: from orviesa008.jf.intel.com ([10.64.159.148]) by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2024 07:17:11 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,143,1708416000"; d="scan'208";a="15164123" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orviesa008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Mar 2024 07:17:10 -0700 Date: Thu, 21 Mar 2024 07:17:09 -0700 From: Isaku Yamahata To: Chao Gao Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, Sean Christopherson , isaku.yamahata@linux.intel.com Subject: Re: [PATCH v19 038/130] KVM: TDX: create/destroy VM structure Message-ID: <20240321141709.GK1994522@ls.amr.corp.intel.com> References: <7a508f88e8c8b5199da85b7a9959882ddf390796.1708933498.git.isaku.yamahata@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: On Wed, Mar 20, 2024 at 01:12:01PM +0800, Chao Gao wrote: > > config KVM_SW_PROTECTED_VM > > bool "Enable support for KVM software-protected VMs" > >- depends on EXPERT > > depends on KVM && X86_64 > > select KVM_GENERIC_PRIVATE_MEM > > help > >@@ -89,6 +88,8 @@ config KVM_SW_PROTECTED_VM > > config KVM_INTEL > > tristate "KVM for Intel (and compatible) processors support" > > depends on KVM && IA32_FEAT_CTL > >+ select KVM_SW_PROTECTED_VM if INTEL_TDX_HOST > > why does INTEL_TDX_HOST select KVM_SW_PROTECTED_VM? I wanted KVM_GENERIC_PRIVATE_MEM. Ah, we should do select KKVM_GENERIC_PRIVATE_MEM if INTEL_TDX_HOST > >+ select KVM_GENERIC_MEMORY_ATTRIBUTES if INTEL_TDX_HOST > > help > > .vcpu_precreate = vmx_vcpu_precreate, > > .vcpu_create = vmx_vcpu_create, > > >--- a/arch/x86/kvm/vmx/tdx.c > >+++ b/arch/x86/kvm/vmx/tdx.c > >@@ -5,10 +5,11 @@ > > > > #include "capabilities.h" > > #include "x86_ops.h" > >-#include "x86.h" > > #include "mmu.h" > > #include "tdx_arch.h" > > #include "tdx.h" > >+#include "tdx_ops.h" > >+#include "x86.h" > > any reason to reorder x86.h? No, I think it's accidental during rebase. Will fix. > >+static void tdx_do_tdh_phymem_cache_wb(void *unused) > >+{ > >+ u64 err = 0; > >+ > >+ do { > >+ err = tdh_phymem_cache_wb(!!err); > >+ } while (err == TDX_INTERRUPTED_RESUMABLE); > >+ > >+ /* Other thread may have done for us. */ > >+ if (err == TDX_NO_HKID_READY_TO_WBCACHE) > >+ err = TDX_SUCCESS; > >+ if (WARN_ON_ONCE(err)) > >+ pr_tdx_error(TDH_PHYMEM_CACHE_WB, err, NULL); > >+} > >+ > >+void tdx_mmu_release_hkid(struct kvm *kvm) > >+{ > >+ bool packages_allocated, targets_allocated; > >+ struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm); > >+ cpumask_var_t packages, targets; > >+ u64 err; > >+ int i; > >+ > >+ if (!is_hkid_assigned(kvm_tdx)) > >+ return; > >+ > >+ if (!is_td_created(kvm_tdx)) { > >+ tdx_hkid_free(kvm_tdx); > >+ return; > >+ } > >+ > >+ packages_allocated = zalloc_cpumask_var(&packages, GFP_KERNEL); > >+ targets_allocated = zalloc_cpumask_var(&targets, GFP_KERNEL); > >+ cpus_read_lock(); > >+ > >+ /* > >+ * We can destroy multiple guest TDs simultaneously. Prevent > >+ * tdh_phymem_cache_wb from returning TDX_BUSY by serialization. > >+ */ > >+ mutex_lock(&tdx_lock); > >+ > >+ /* > >+ * Go through multiple TDX HKID state transitions with three SEAMCALLs > >+ * to make TDH.PHYMEM.PAGE.RECLAIM() usable. Make the transition atomic > >+ * to other functions to operate private pages and Secure-EPT pages. > >+ * > >+ * Avoid race for kvm_gmem_release() to call kvm_mmu_unmap_gfn_range(). > >+ * This function is called via mmu notifier, mmu_release(). > >+ * kvm_gmem_release() is called via fput() on process exit. > >+ */ > >+ write_lock(&kvm->mmu_lock); > >+ > >+ for_each_online_cpu(i) { > >+ if (packages_allocated && > >+ cpumask_test_and_set_cpu(topology_physical_package_id(i), > >+ packages)) > >+ continue; > >+ if (targets_allocated) > >+ cpumask_set_cpu(i, targets); > >+ } > >+ if (targets_allocated) > >+ on_each_cpu_mask(targets, tdx_do_tdh_phymem_cache_wb, NULL, true); > >+ else > >+ on_each_cpu(tdx_do_tdh_phymem_cache_wb, NULL, true); > > This tries flush cache on all CPUs when we run out of memory. I am not sure if > it is the best solution. A simple solution is just use two global bitmaps. > > And current logic isn't optimal. e.g., if packages_allocated is true while > targets_allocated is false, then we will fill in the packages bitmap but don't > use it at all. > > That said, I prefer to optimize the rare case in a separate patch. We can just use > two global bitmaps or let the flush fail here just as you are doing below on > seamcall failure. Makes sense. We can allocate cpumasks on hardware_setup/unsetup() and update them on hardware_enable/disable(). .. > >+static int __tdx_td_init(struct kvm *kvm) > >+{ > >+ struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm); > >+ cpumask_var_t packages; > >+ unsigned long *tdcs_pa = NULL; > >+ unsigned long tdr_pa = 0; > >+ unsigned long va; > >+ int ret, i; > >+ u64 err; > >+ > >+ ret = tdx_guest_keyid_alloc(); > >+ if (ret < 0) > >+ return ret; > >+ kvm_tdx->hkid = ret; > >+ > >+ va = __get_free_page(GFP_KERNEL_ACCOUNT); > >+ if (!va) > >+ goto free_hkid; > >+ tdr_pa = __pa(va); > >+ > >+ tdcs_pa = kcalloc(tdx_info->nr_tdcs_pages, sizeof(*kvm_tdx->tdcs_pa), > >+ GFP_KERNEL_ACCOUNT | __GFP_ZERO); > >+ if (!tdcs_pa) > >+ goto free_tdr; > >+ for (i = 0; i < tdx_info->nr_tdcs_pages; i++) { > >+ va = __get_free_page(GFP_KERNEL_ACCOUNT); > >+ if (!va) > >+ goto free_tdcs; > >+ tdcs_pa[i] = __pa(va); > >+ } > >+ > >+ if (!zalloc_cpumask_var(&packages, GFP_KERNEL)) { > >+ ret = -ENOMEM; > >+ goto free_tdcs; > >+ } > >+ cpus_read_lock(); > >+ /* > >+ * Need at least one CPU of the package to be online in order to > >+ * program all packages for host key id. Check it. > >+ */ > >+ for_each_present_cpu(i) > >+ cpumask_set_cpu(topology_physical_package_id(i), packages); > >+ for_each_online_cpu(i) > >+ cpumask_clear_cpu(topology_physical_package_id(i), packages); > >+ if (!cpumask_empty(packages)) { > >+ ret = -EIO; > >+ /* > >+ * Because it's hard for human operator to figure out the > >+ * reason, warn it. > >+ */ > >+#define MSG_ALLPKG "All packages need to have online CPU to create TD. Online CPU and retry.\n" > >+ pr_warn_ratelimited(MSG_ALLPKG); > >+ goto free_packages; > >+ } > >+ > >+ /* > >+ * Acquire global lock to avoid TDX_OPERAND_BUSY: > >+ * TDH.MNG.CREATE and other APIs try to lock the global Key Owner > >+ * Table (KOT) to track the assigned TDX private HKID. It doesn't spin > >+ * to acquire the lock, returns TDX_OPERAND_BUSY instead, and let the > >+ * caller to handle the contention. This is because of time limitation > >+ * usable inside the TDX module and OS/VMM knows better about process > >+ * scheduling. > >+ * > >+ * APIs to acquire the lock of KOT: > >+ * TDH.MNG.CREATE, TDH.MNG.KEY.FREEID, TDH.MNG.VPFLUSHDONE, and > >+ * TDH.PHYMEM.CACHE.WB. > >+ */ > >+ mutex_lock(&tdx_lock); > >+ err = tdh_mng_create(tdr_pa, kvm_tdx->hkid); > >+ mutex_unlock(&tdx_lock); > >+ if (err == TDX_RND_NO_ENTROPY) { > >+ ret = -EAGAIN; > >+ goto free_packages; > >+ } > >+ if (WARN_ON_ONCE(err)) { > >+ pr_tdx_error(TDH_MNG_CREATE, err, NULL); > >+ ret = -EIO; > >+ goto free_packages; > >+ } > >+ kvm_tdx->tdr_pa = tdr_pa; > >+ > >+ for_each_online_cpu(i) { > >+ int pkg = topology_physical_package_id(i); > >+ > >+ if (cpumask_test_and_set_cpu(pkg, packages)) > >+ continue; > >+ > >+ /* > >+ * Program the memory controller in the package with an > >+ * encryption key associated to a TDX private host key id > >+ * assigned to this TDR. Concurrent operations on same memory > >+ * controller results in TDX_OPERAND_BUSY. Avoid this race by > >+ * mutex. > >+ */ > >+ mutex_lock(&tdx_mng_key_config_lock[pkg]); > > the lock is superfluous to me. with cpu lock held, even if multiple CPUs try to > create TDs, the same set of CPUs (the first online CPU of each package) will be > selected to configure the key because of the cpumask_test_and_set_cpu() above. > it means, we never have two CPUs in the same socket trying to program the key, > i.e., no concurrent calls. Makes sense. Will drop the lock. > >+ ret = smp_call_on_cpu(i, tdx_do_tdh_mng_key_config, > >+ &kvm_tdx->tdr_pa, true); > >+ mutex_unlock(&tdx_mng_key_config_lock[pkg]); > >+ if (ret) > >+ break; > >+ } > >+ cpus_read_unlock(); > >+ free_cpumask_var(packages); > >+ if (ret) { > >+ i = 0; > >+ goto teardown; > >+ } > >+ > >+ kvm_tdx->tdcs_pa = tdcs_pa; > >+ for (i = 0; i < tdx_info->nr_tdcs_pages; i++) { > >+ err = tdh_mng_addcx(kvm_tdx->tdr_pa, tdcs_pa[i]); > >+ if (err == TDX_RND_NO_ENTROPY) { > >+ /* Here it's hard to allow userspace to retry. */ > >+ ret = -EBUSY; > >+ goto teardown; > >+ } > >+ if (WARN_ON_ONCE(err)) { > >+ pr_tdx_error(TDH_MNG_ADDCX, err, NULL); > >+ ret = -EIO; > >+ goto teardown; > >+ } > >+ } > >+ > >+ /* > >+ * Note, TDH_MNG_INIT cannot be invoked here. TDH_MNG_INIT requires a dedicated > >+ * ioctl() to define the configure CPUID values for the TD. > >+ */ > >+ return 0; > >+ > >+ /* > >+ * The sequence for freeing resources from a partially initialized TD > >+ * varies based on where in the initialization flow failure occurred. > >+ * Simply use the full teardown and destroy, which naturally play nice > >+ * with partial initialization. > >+ */ > >+teardown: > >+ for (; i < tdx_info->nr_tdcs_pages; i++) { > >+ if (tdcs_pa[i]) { > >+ free_page((unsigned long)__va(tdcs_pa[i])); > >+ tdcs_pa[i] = 0; > >+ } > >+ } > >+ if (!kvm_tdx->tdcs_pa) > >+ kfree(tdcs_pa); > >+ tdx_mmu_release_hkid(kvm); > >+ tdx_vm_free(kvm); > >+ return ret; > >+ > >+free_packages: > >+ cpus_read_unlock(); > >+ free_cpumask_var(packages); > >+free_tdcs: > >+ for (i = 0; i < tdx_info->nr_tdcs_pages; i++) { > >+ if (tdcs_pa[i]) > >+ free_page((unsigned long)__va(tdcs_pa[i])); > >+ } > >+ kfree(tdcs_pa); > >+ kvm_tdx->tdcs_pa = NULL; > >+ > >+free_tdr: > >+ if (tdr_pa) > >+ free_page((unsigned long)__va(tdr_pa)); > >+ kvm_tdx->tdr_pa = 0; > >+free_hkid: > >+ if (is_hkid_assigned(kvm_tdx)) > > IIUC, this is always true because you just return if keyid > allocation fails. You're right. Will fix -- Isaku Yamahata