Received: by 2002:a89:413:0:b0:1fd:dba5:e537 with SMTP id m19csp1133663lqs; Fri, 14 Jun 2024 17:05:18 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW4lmlUdXugRrkoodzQeyLb2oGlDrR43P/CwXj9PrEmnCccJ9F7D2XcieaZb7NS7PfH93SOtXHQNy0YiBlURxYbpSMCDi3GXBEx3pnorA== X-Google-Smtp-Source: AGHT+IE/wg6Rx7PTIjsNDZMM/NzbKLKOhtMFxeea8Xui9uGzfMkVRLMHjcWwFvlNJpt4OVicjbEO X-Received: by 2002:a17:902:da84:b0:1f8:6e3f:a09 with SMTP id d9443c01a7336-1f86e3f0c4bmr23324725ad.9.1718409918610; Fri, 14 Jun 2024 17:05:18 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718409918; cv=pass; d=google.com; s=arc-20160816; b=HMzoLJQFlixb/g0IL3QFx2bpZm6uEC0n9ZrCfTvshftUTaeJsGnzS68O7wiIvzRhfx AAzaDnqd0RixldqVU3NSe+ApeoInMkNqYjjD7ISzcw/OhFWiPPpjyE+FjKVWAUXFt8YW tC5cxnk/WAe0J1CTHWsx6vtmZEWSjU3HGElANlzPbxJX/y6fUtj1LchlarHn8wyX/Lho jhn4ffRpiPlUuuS14KQFW7UWmVSiJA+3yfYlIYbygoUG6oFXqE3Fiog0drgg5GQvTs8p oRg5xlEiuyU7FTWJ9052K6B/KchLOOX4sfelfEEBZkIbjaX0t1Q8syHVOnvHgjA2to3o 6psA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=JAbCB4cWM/jBKzkgnqSGqxJw+sHKF8jD1gh3nQqagX0=; fh=p7nPV21vp0JupfZiEllDmObyP7l5Gk3rV42bCfME6Bw=; b=QtzIqZyEfyL0BnjRz6tRBO6JmaECd3FkvIk3ogFE5DEWpuGTjXTK8fzC7fPMOCJskH bIttDhfR/tjqHGVFnjF/Vd2vHIRhWfkP1bzB9Dzs2gsuVX8M9P9SQodzLRbO+D69CmAs aZhnjmGBTEudHs3zu39P5ueNsc5DRODgtdhyFOGXtdNyd/LLGgCDi6DRR1/3gAV/gHiL AFXZ9GJtFA926o7EJCEGrCOGHaKfBrC7a9lnRTm0aX+qmWB7r21Efgiyu4Ygntjb1ehn /VI5ydMu3Z+bIaq2R/LLKFpn05oULC00bGo8c7//Zloc4RJ4ZtA046meH5Kpt3RGyA3m lvPg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Yhdw7Os1; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-215614-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-215614-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d9443c01a7336-1f855eca2e7si43199425ad.321.2024.06.14.17.05.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Jun 2024 17:05:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-215614-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=Yhdw7Os1; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-215614-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-215614-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id C71A3B213A4 for ; Sat, 15 Jun 2024 00:05:13 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 331111870; Sat, 15 Jun 2024 00:05:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Yhdw7Os1" Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E498539B for ; Sat, 15 Jun 2024 00:04:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718409901; cv=none; b=LjpvhgX+lP1h/O4rJkwh+sZDtUvIk+D9P7CTOAQZ1za0WFw6LieGxYdjFEhLTlH4Rb6GYTHERMNS3qJJmVA6pwEOi1IKXwSqUmk9uZEBb0M88YhEAnNlF4BdCjcfb1zv1X0wLbQDIIyX/rE3ETFiy2/2Hvp9StEBgZ8q3lTOw5o= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718409901; c=relaxed/simple; bh=s9EnDXutqel6yc9aWVQjnkieztpURLhI4fNOsupj9V4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=W3cYPLD6YJvlb2LAxJHXr5ZI1M3gR9uKCzEUF1SWnMnGfM623FszropQ857EDBHzpXO/re7E0TlmpvjP230PFahUFxYcQDluRtcTK6pUD7ecplybCQ/MkQ1Va61lYnjElt6kewbgHpIgFzPf9v7XMeXextTQS+K3+9LK4Y7EEFg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Yhdw7Os1; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2c2dfbc48easo2511681a91.2 for ; Fri, 14 Jun 2024 17:04:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1718409899; x=1719014699; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=JAbCB4cWM/jBKzkgnqSGqxJw+sHKF8jD1gh3nQqagX0=; b=Yhdw7Os1412zFNyQoOZNJ3CYQjH4Q4SdXO1f+hYJHRsWdkGzGP4n9ARi35M9K6YFru 2/OvF9ew4s/19za1q3hPzjkGbkP0sUc3nc1IoIidqP31JHB2AmSpA5CX9ngUuSfq59P7 sPPzb0uv6xdtSXzsGwNgTtZCIWW+z3l6sdV/ri/xzVVOTCsqjKUEGXTBAzHbSPUEv4X0 kcsYHXvJVoO0CeTLOjR8DSLIvEqFA8ZXzjO4jDbLxTUeXjZRINgoiTl1bDSPCgbnNy6T ySsgdfDrVXOyl/CjZMVkNzVO9MvsrnNqkxPtGCyxpYmzj6VUtGcLdc68E6YyjiBdOHKQ eX2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718409899; x=1719014699; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JAbCB4cWM/jBKzkgnqSGqxJw+sHKF8jD1gh3nQqagX0=; b=tPDXhadkDpTT7KeagohrK5G+NtjCuHlAr9s6Y07JZLZgWsXU/aPIwCMCznitubHjb7 UJPT9gS7lLw1hDE3gbZwJWjc2iu3cI839YsE+pqk0LqcGStK36zVnArox72LGx1DE1NN bdCOwr67V7LpVIaHtkQPRpqHH47cslO5/7VO/tCFbWjMywbuMQfbNrqG8dwMUl0BkWK+ 5vlRb9oImQx9ZOdxbDX4IeX+A3dl1Xru19+aprJ63uXbudmObR1GWNmOMVPZG7whlX98 g1lRlDLXT9az2ogslovzasNTEgktJz896sa903DjOYYlVSItJvi7WiUDUWWL0DOJegpc zEDQ== X-Forwarded-Encrypted: i=1; AJvYcCX8p6MXLPOy1S3tnl1PSUp3RUu3zJcWKLfoFk3Q+wMAQq4G4GoTy43HmXzQHEJwq63d3s8fawIHXt/x6q3IPvluGExzpX1XAHedUWIe X-Gm-Message-State: AOJu0YxYYwlJjj+RGNxFhuwqcnrZPvn1lkWIEhBkd9ih/5DrgXt/GTBo Sqt+CpZyeT2DcPFOSJVGrv7jLbXt2YB33lepfDk53ebH3IA4XyWiWPde/muxMGeLmTh97LZuMMo Z6A== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:90a:4889:b0:2c2:4109:6a5f with SMTP id 98e67ed59e1d1-2c4dbd31ec4mr134262a91.6.1718409899098; Fri, 14 Jun 2024 17:04:59 -0700 (PDT) Date: Fri, 14 Jun 2024 17:04:57 -0700 In-Reply-To: <405dd8997aaaf33419be6b0fc37974370d63fd8c.camel@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <49b7402c-8895-4d53-ad00-07ce7863894d@intel.com> <20240509235522.GA480079@ls.amr.corp.intel.com> <50e09676-4dfc-473f-8b34-7f7a98ab5228@intel.com> <38210be0e7cc267a459d97d70f3aff07855b7efd.camel@intel.com> <405dd8997aaaf33419be6b0fc37974370d63fd8c.camel@intel.com> Message-ID: Subject: Re: [PATCH v19 037/130] KVM: TDX: Make KVM_CAP_MAX_VCPUS backend specific From: Sean Christopherson To: Kai Huang Cc: Tina Zhang , Hang Yuan , "pbonzini@redhat.com" , Bo2 Chen , "sagis@google.com" , "isaku.yamahata@linux.intel.com" , Erdem Aktas , "isaku.yamahata@gmail.com" , "kvm@vger.kernel.org" , Isaku Yamahata , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="us-ascii" On Fri, Jun 14, 2024, Kai Huang wrote: > On Tue, 2024-06-04 at 10:48 +0000, Huang, Kai wrote: > > On Thu, 2024-05-30 at 16:12 -0700, Sean Christopherson wrote: > > > On Thu, May 30, 2024, Kai Huang wrote: > > > > On Wed, 2024-05-29 at 16:15 -0700, Sean Christopherson wrote: > > > > > In the unlikely event there is a legitimate reason for max_vcpus_per_td being > > > > > less than KVM's minimum, then we can update KVM's minimum as needed. But AFAICT, > > > > > that's purely theoretical at this point, i.e. this is all much ado about nothing. > > > > > > > > I am afraid we already have a legitimate case: TD partitioning. Isaku > > > > told me the 'max_vcpus_per_td' is lowed to 512 for the modules with TD > > > > partitioning supported. And again this is static, i.e., doesn't require > > > > TD partitioning to be opt-in to low to 512. > > > > > > So what's Intel's plan for use cases that creates TDs with >512 vCPUs? > > > > I checked with TDX module guys. Turns out the 'max_vcpus_per_td' wasn't > > introduced because of TD partitioning, and they are not actually related. > > > > They introduced this to support "topology virtualization", which requires > > a table to record the X2APIC IDs for all vcpus for each TD. In practice, > > given a TDX module, the 'max_vcpus_per_td', a.k.a, the X2APIC ID table > > size reflects the physical logical cpus that *ALL* platforms that the > > module supports can possibly have. > > > > The reason of this design is TDX guys don't believe there's sense in > > supporting the case where the 'max_vcpus' for one single TD needs to > > exceed the physical logical cpus. > > > > So in short: > > > > - The "max_vcpus_per_td" can be different depending on module versions. In > > practice it reflects the maximum physical logical cpus that all the > > platforms (that the module supports) can possibly have. > > > > - Before CSPs deploy/migrate TD on a TDX machine, they must be aware of > > the "max_vcpus_per_td" the module supports, and only deploy/migrate TD to > > it when it can support. > > > > - For TDX 1.5.xx modules, the value is 576 (the previous number 512 isn't > > correct); For TDX 2.0.xx modules, the value is larger (>1000). For future > > module versions, it could have a smaller number, depending on what > > platforms that module needs to support. Also, if TDX ever gets supported > > on client platforms, we can image the number could be much smaller due to > > the "vcpus per td no need to exceed physical logical cpus". > > > > We may ask them to support the case where 'max_vcpus' for single TD > > exceeds the physical logical cpus, or at least not to low down the value > > any further for future modules (> 2.0.xx modules). We may also ask them > > to give promise to not low the number to below some certain value for any > > future modules. But I am not sure there's any concrete reason to do so? > > > > What's your thinking? It's a reasonable restriction, e.g. KVM_CAP_NR_VCPUS is already capped at number of online CPUs, although userspace is obviously allowed to create oversubscribed VMs. I think the sane thing to do is document that TDX VMs are restricted to the number of logical CPUs in the system, have KVM_CAP_MAX_VCPUS enumerate exactly that, and then sanity check that max_vcpus_per_td is greater than or equal to what KVM reports for KVM_CAP_MAX_VCPUS. Stating that the maximum number of vCPUs depends on the whims TDX module doesn't provide a predictable ABI for KVM, i.e. I don't want to simply forward TDX's max_vcpus_per_td to userspace.