From: "Huang, Kai" <kai.huang@intel.com>
To: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Hansen, Dave" <dave.hansen@intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: "rafael@kernel.org" <rafael@kernel.org>,
"Gao, Chao" <chao.gao@intel.com>,
"Luck, Tony" <tony.luck@intel.com>,
"david@redhat.com" <david@redhat.com>,
"bagasdotme@gmail.com" <bagasdotme@gmail.com>,
"ak@linux.intel.com" <ak@linux.intel.com>,
"kirill.shutemov@linux.intel.com"
<kirill.shutemov@linux.intel.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"seanjc@google.com" <seanjc@google.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"Yamahata, Isaku" <isaku.yamahata@intel.com>,
"nik.borisov@suse.com" <nik.borisov@suse.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"sagis@google.com" <sagis@google.com>,
"imammedo@redhat.com" <imammedo@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"bp@alien8.de" <bp@alien8.de>, "Brown, Len" <len.brown@intel.com>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"Huang, Ying" <ying.huang@intel.com>,
"Williams, Dan J" <dan.j.williams@intel.com>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v15 22/23] x86/mce: Improve error log of kernel space TDX #MC due to erratum
Date: Mon, 4 Dec 2023 23:24:19 +0000 [thread overview]
Message-ID: <c12073937fcca2c2e72f9964675ef4ac5dddb6fb.camel@intel.com> (raw)
In-Reply-To: <9b221937-42df-4381-b79f-05fb41155f7a@intel.com>
On Mon, 2023-12-04 at 14:04 -0800, Hansen, Dave wrote:
> On 12/4/23 13:00, Huang, Kai wrote:
> > > tl;dr: I think even looking a #MC on the PAMT after the kvm module is
> > > removed is a fool's errand.
> > Sorry I wasn't clear enough. KVM actually turns off VMX when it destroys the
> > last VM, so the KVM module doesn't need to be removed to turn off VMX. I used
> > "KVM can be unloaded" as an example to explain the PAMT can be working when VMX
> > is off.
>
> Can't we just fix this by having KVM do an "extra" hardware_enable_all()
> before initializing the TDX module?
>
Yes KVM needs to do hardware_enable_all() anyway before initializing the TDX
module.
I believe you mean we can keep VMX enabled after initializing the TDX module,
i.e., not calling hardware_disable_all() after that, so that kvm_usage_count
will remain non-zero even when last VM is destroyed?
The current behaviour that KVM only enable VMX when there's active VM is because
it (or the kernel) wants to allow to be able to load and run third-party VMX
module (yes the virtual BOX) when KVM module is loaded. Only one of them can
actually use the VMX hardware but they can be both loaded.
In ancient time KVM used to immediately enable VMX when it is loaded, but later
it was changed to only enable VMX when there's active VM because of the above
reason.
See commit 10474ae8945ce ("KVM: Activate Virtualization On Demand").
> It's not wrong to say that TDX is a
> KVM user. If KVm wants 'kvm_usage_count' to go back to 0, it can shut
> down the TDX module. Then there's no PAMT to worry about.
>
> The shutdown would be something like:
>
> 1. TDX module shutdown
> 2. Deallocate/Convert PAMT
> 3. vmxoff
>
> Then, no SEAMCALL failure because of vmxoff can cause a PAMT-induced #MC
> to be missed.
The limitation is once the TDX module is shutdown, it cannot be initialized
again unless it is runtimely updated.
Long-termly, if we go this design then there might be other problems when other
kernel components are using TDX. For example, the VT-d driver will need to be
changed to support TDX-IO, and it will need to enable TDX module much earlier
than KVM to do some initialization. It might need to some TDX work (e.g.,
cleanup) while KVM is unloaded. I am not super familiar with TDX-IO but looks
we might have some problem here if we go with such design.
next prev parent reply other threads:[~2023-12-04 23:24 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-09 11:55 [PATCH v15 00/23] TDX host kernel support Kai Huang
2023-11-09 11:55 ` [PATCH v15 01/23] x86/virt/tdx: Detect TDX during kernel boot Kai Huang
2023-11-09 11:55 ` [PATCH v15 02/23] x86/tdx: Define TDX supported page sizes as macros Kai Huang
2023-11-09 11:55 ` [PATCH v15 03/23] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC Kai Huang
2023-11-09 11:55 ` [PATCH v15 04/23] x86/cpu: Detect TDX partial write machine check erratum Kai Huang
2023-11-09 11:55 ` [PATCH v15 05/23] x86/virt/tdx: Handle SEAMCALL no entropy error in common code Kai Huang
2023-11-09 16:38 ` Dave Hansen
2023-11-14 19:24 ` Isaku Yamahata
2023-11-15 10:41 ` Huang, Kai
2023-11-15 19:26 ` Isaku Yamahata
2023-11-09 11:55 ` [PATCH v15 06/23] x86/virt/tdx: Add SEAMCALL error printing for module initialization Kai Huang
2023-11-09 11:55 ` [PATCH v15 07/23] x86/virt/tdx: Add skeleton to enable TDX on demand Kai Huang
2023-11-09 11:55 ` [PATCH v15 08/23] x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory Kai Huang
2024-12-05 7:57 ` Mike Rapoport
2024-12-05 9:06 ` Nikolay Borisov
2024-12-05 12:25 ` Huang, Kai
2024-12-05 16:30 ` Mike Rapoport
2023-11-09 11:55 ` [PATCH v15 09/23] x86/virt/tdx: Get module global metadata for module initialization Kai Huang
2023-11-09 23:29 ` Dave Hansen
2023-11-10 2:23 ` Huang, Kai
2023-11-15 19:35 ` Isaku Yamahata
2023-11-16 3:19 ` Huang, Kai
2023-11-09 11:55 ` [PATCH v15 10/23] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions Kai Huang
2023-11-09 11:55 ` [PATCH v15 11/23] x86/virt/tdx: Fill out " Kai Huang
2023-11-09 11:55 ` [PATCH v15 12/23] x86/virt/tdx: Allocate and set up PAMTs for TDMRs Kai Huang
2023-11-09 11:55 ` [PATCH v15 13/23] x86/virt/tdx: Designate reserved areas for all TDMRs Kai Huang
2023-11-09 11:55 ` [PATCH v15 14/23] x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID Kai Huang
2023-11-09 11:55 ` [PATCH v15 15/23] x86/virt/tdx: Configure global KeyID on all packages Kai Huang
2023-11-09 11:55 ` [PATCH v15 16/23] x86/virt/tdx: Initialize all TDMRs Kai Huang
2023-11-09 11:55 ` [PATCH v15 17/23] x86/kexec: Flush cache of TDX private memory Kai Huang
2023-11-27 18:13 ` Dave Hansen
2023-11-27 19:33 ` Huang, Kai
2023-11-27 20:02 ` Huang, Kai
2023-11-27 20:05 ` Dave Hansen
2023-11-27 20:52 ` Huang, Kai
2023-11-27 21:06 ` Dave Hansen
2023-11-27 22:09 ` Huang, Kai
2023-11-09 11:55 ` [PATCH v15 18/23] x86/virt/tdx: Keep TDMRs when module initialization is successful Kai Huang
2023-11-09 11:55 ` [PATCH v15 19/23] x86/virt/tdx: Improve readability of module initialization error handling Kai Huang
2023-11-09 11:55 ` [PATCH v15 20/23] x86/kexec(): Reset TDX private memory on platforms with TDX erratum Kai Huang
2023-11-09 11:55 ` [PATCH v15 21/23] x86/virt/tdx: Handle TDX interaction with ACPI S3 and deeper states Kai Huang
2023-11-30 17:20 ` Dave Hansen
2023-11-09 11:55 ` [PATCH v15 22/23] x86/mce: Improve error log of kernel space TDX #MC due to erratum Kai Huang
2023-11-30 18:01 ` Tony Luck
2023-12-01 20:35 ` Dave Hansen
2023-12-03 11:44 ` Huang, Kai
2023-12-04 17:07 ` Dave Hansen
2023-12-04 21:00 ` Huang, Kai
2023-12-04 22:04 ` Dave Hansen
2023-12-04 23:24 ` Huang, Kai [this message]
2023-12-04 23:39 ` Dave Hansen
2023-12-04 23:56 ` Huang, Kai
2023-12-05 2:04 ` Sean Christopherson
2023-12-05 16:36 ` Dave Hansen
2023-12-05 16:53 ` Sean Christopherson
2023-12-05 16:36 ` Luck, Tony
2023-12-05 16:57 ` Sean Christopherson
2023-12-04 23:41 ` Huang, Kai
2023-12-05 14:25 ` Borislav Petkov
2023-12-05 19:41 ` Huang, Kai
2023-12-05 19:56 ` Borislav Petkov
2023-12-05 20:08 ` Huang, Kai
2023-12-05 20:29 ` Borislav Petkov
2023-12-05 20:33 ` Huang, Kai
2023-12-05 20:41 ` Borislav Petkov
2023-12-05 20:49 ` Dave Hansen
2023-12-05 20:58 ` Huang, Kai
2023-11-09 11:56 ` [PATCH v15 23/23] Documentation/x86: Add documentation for TDX host support Kai Huang
2023-11-13 8:40 ` [PATCH v15 00/23] TDX host kernel support Nikolay Borisov
2023-11-13 9:11 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c12073937fcca2c2e72f9964675ef4ac5dddb6fb.camel@intel.com \
--to=kai.huang@intel.com \
--cc=ak@linux.intel.com \
--cc=bagasdotme@gmail.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael@kernel.org \
--cc=sagis@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox