From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "seanjc@google.com" <seanjc@google.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>
Cc: "borntraeger@linux.ibm.com" <borntraeger@linux.ibm.com>,
"kvm-riscv@lists.infradead.org" <kvm-riscv@lists.infradead.org>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"linux-mips@vger.kernel.org" <linux-mips@vger.kernel.org>,
"linux-riscv@lists.infradead.org"
<linux-riscv@lists.infradead.org>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>,
"michael.roth@amd.com" <michael.roth@amd.com>,
"kvmarm@lists.linux.dev" <kvmarm@lists.linux.dev>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"oliver.upton@linux.dev" <oliver.upton@linux.dev>,
"palmer@dabbelt.com" <palmer@dabbelt.com>,
"x86@kernel.org" <x86@kernel.org>,
"chenhuacai@kernel.org" <chenhuacai@kernel.org>,
"aou@eecs.berkeley.edu" <aou@eecs.berkeley.edu>,
"Annapurve, Vishal" <vannapurve@google.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"maddy@linux.ibm.com" <maddy@linux.ibm.com>,
"maobibo@loongson.cn" <maobibo@loongson.cn>,
"maz@kernel.org" <maz@kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"anup@brainfault.org" <anup@brainfault.org>,
"Huang, Kai" <kai.huang@intel.com>,
"frankja@linux.ibm.com" <frankja@linux.ibm.com>,
"pjw@kernel.org" <pjw@kernel.org>,
"zhaotianrui@loongson.cn" <zhaotianrui@loongson.cn>,
"ackerleytng@google.com" <ackerleytng@google.com>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"Weiny, Ira" <ira.weiny@intel.com>,
"loongarch@lists.linux.dev" <loongarch@lists.linux.dev>,
"imbrenda@linux.ibm.com" <imbrenda@linux.ibm.com>,
"kas@kernel.org" <kas@kernel.org>
Subject: Re: [PATCH v3 24/25] KVM: TDX: Guard VM state transitions with "all" the locks
Date: Mon, 27 Oct 2025 17:46:03 +0000 [thread overview]
Message-ID: <77d8a0d9541ce3fc2b2c76b58add50d152b52e39.camel@intel.com> (raw)
In-Reply-To: <aP86sdBZxXm5I17f@yzhao56-desk.sh.intel.com>
On Mon, 2025-10-27 at 17:26 +0800, Yan Zhao wrote:
> > Ugh, I'd rather not? Refresh me, what's the story with "v1"? Are we now on
> > v2?
> No... We are now on v1.
> As in [1], I found that TDX module changed SEAMCALL TDH_VP_INIT behavior to
> require exclusive lock on resource TDR when leaf_opcode.version > 0.
>
> Therefore, we moved KVM_TDX_INIT_VCPU to tdx_vcpu_unlocked_ioctl() in patch
> 22.
>
> [1] https://lore.kernel.org/all/aLa34QCJCXGLk%2Ffl@yzhao56-desk.sh.intel.com/
Looking at the PDF docs, TDR exclusive locking in version == 1 is called out at
least back to the oldest ABI docs I have (March 2024). Not sure about the
assertion that the behavior changed, but if indeed this was documented, it's a
little bit our bad. We might consider being flexible around calling it a TDX ABI
break?
Sean, can you elaborate why taking mmu_lock is objectionable here, though?
Note, myself (and I think Yan?) determined the locking by examining TDX module
source. For myself, it's possible I misread the locking originally.
Also, I'm not sure about switching gears at this point, but it makes me wonder
about the previously discussed option of trying to just duplicate the TDX locks
on the kernel side. Or perhaps make some kind of debug time lockdep type thing
to document/check the assumptions in the kernel. Something along the lines of
this patch, but to map the TDX locks to KVM locks or something. As we add more
things (DPAMT, etc), it doesn't seem like the TDX locking is getting tamer...
next prev parent reply other threads:[~2025-10-27 17:46 UTC|newest]
Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-17 0:32 [PATCH v3 00/25] KVM: x86/mmu: TDX post-populate cleanups Sean Christopherson
2025-10-17 0:32 ` [PATCH v3 01/25] KVM: Make support for kvm_arch_vcpu_async_ioctl() mandatory Sean Christopherson
2025-10-17 9:12 ` Claudio Imbrenda
2025-10-17 0:32 ` [PATCH v3 02/25] KVM: Rename kvm_arch_vcpu_async_ioctl() to kvm_arch_vcpu_unlocked_ioctl() Sean Christopherson
2025-10-17 9:13 ` Claudio Imbrenda
2025-10-17 0:32 ` [PATCH v3 03/25] KVM: TDX: Drop PROVE_MMU=y sanity check on to-be-populated mappings Sean Christopherson
2025-10-22 3:15 ` Binbin Wu
2025-10-17 0:32 ` [PATCH v3 04/25] KVM: x86/mmu: Add dedicated API to map guest_memfd pfn into TDP MMU Sean Christopherson
2025-10-21 0:10 ` Edgecombe, Rick P
2025-10-21 4:06 ` Yan Zhao
2025-10-21 16:36 ` Sean Christopherson
2025-10-22 8:05 ` Yan Zhao
2025-10-22 18:12 ` Sean Christopherson
2025-10-23 6:48 ` Yan Zhao
2025-10-22 4:53 ` Yan Zhao
2025-10-30 8:34 ` Yan Zhao
2025-11-04 17:57 ` Sean Christopherson
2025-11-05 7:32 ` Yan Zhao
2025-11-05 7:47 ` Yan Zhao
2025-11-05 15:26 ` Sean Christopherson
2025-10-23 10:28 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 05/25] Revert "KVM: x86/tdp_mmu: Add a helper function to walk down the TDP MMU" Sean Christopherson
2025-10-22 5:56 ` Binbin Wu
2025-10-23 10:30 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 06/25] KVM: x86/mmu: Rename kvm_tdp_map_page() to kvm_tdp_page_prefault() Sean Christopherson
2025-10-22 5:57 ` Binbin Wu
2025-10-23 10:38 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 07/25] KVM: TDX: Drop superfluous page pinning in S-EPT management Sean Christopherson
2025-10-21 0:10 ` Edgecombe, Rick P
2025-10-17 0:32 ` [PATCH v3 08/25] KVM: TDX: Return -EIO, not -EINVAL, on a KVM_BUG_ON() condition Sean Christopherson
2025-10-17 0:32 ` [PATCH v3 09/25] KVM: TDX: Fold tdx_sept_drop_private_spte() into tdx_sept_remove_private_spte() Sean Christopherson
2025-10-23 10:53 ` Huang, Kai
2025-10-23 14:59 ` Sean Christopherson
2025-10-23 22:20 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 10/25] KVM: x86/mmu: Drop the return code from kvm_x86_ops.remove_external_spte() Sean Christopherson
2025-10-22 8:46 ` Yan Zhao
2025-10-22 19:08 ` Sean Christopherson
2025-10-17 0:32 ` [PATCH v3 11/25] KVM: TDX: Avoid a double-KVM_BUG_ON() in tdx_sept_zap_private_spte() Sean Christopherson
2025-10-23 22:21 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 12/25] KVM: TDX: Use atomic64_dec_return() instead of a poor equivalent Sean Christopherson
2025-10-17 0:32 ` [PATCH v3 13/25] KVM: TDX: Fold tdx_mem_page_record_premap_cnt() into its sole caller Sean Christopherson
2025-10-23 22:32 ` Huang, Kai
2025-10-24 7:21 ` Huang, Kai
2025-10-24 7:38 ` Binbin Wu
2025-10-24 16:33 ` Sean Christopherson
2025-10-27 9:01 ` Binbin Wu
2025-10-28 0:29 ` Sean Christopherson
2025-10-17 0:32 ` [PATCH v3 14/25] KVM: TDX: Bug the VM if extended the initial measurement fails Sean Christopherson
2025-10-21 0:10 ` Edgecombe, Rick P
2025-10-23 17:27 ` Sean Christopherson
2025-10-23 22:48 ` Huang, Kai
2025-10-24 16:35 ` Sean Christopherson
2025-10-27 9:31 ` Yan Zhao
2025-10-17 0:32 ` [PATCH v3 15/25] KVM: TDX: ADD pages to the TD image while populating mirror EPT entries Sean Christopherson
2025-10-24 7:18 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 16/25] KVM: TDX: Fold tdx_sept_zap_private_spte() into tdx_sept_remove_private_spte() Sean Christopherson
2025-10-24 9:53 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 17/25] KVM: TDX: Combine KVM_BUG_ON + pr_tdx_error() into TDX_BUG_ON() Sean Christopherson
2025-10-17 0:32 ` [PATCH v3 18/25] KVM: TDX: Derive error argument names from the local variable names Sean Christopherson
2025-10-17 0:32 ` [PATCH v3 19/25] KVM: TDX: Assert that mmu_lock is held for write when removing S-EPT entries Sean Christopherson
2025-10-23 7:37 ` Yan Zhao
2025-10-23 15:14 ` Sean Christopherson
2025-10-24 10:05 ` Yan Zhao
2025-10-17 0:32 ` [PATCH v3 20/25] KVM: TDX: Add macro to retry SEAMCALLs when forcing vCPUs out of guest Sean Christopherson
2025-10-24 10:09 ` Huang, Kai
2025-10-27 19:20 ` Sean Christopherson
2025-10-27 22:00 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 21/25] KVM: TDX: Add tdx_get_cmd() helper to get and validate sub-ioctl command Sean Christopherson
2025-10-21 0:12 ` Edgecombe, Rick P
2025-10-24 10:11 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 22/25] KVM: TDX: Convert INIT_MEM_REGION and INIT_VCPU to "unlocked" vCPU ioctl Sean Christopherson
2025-10-24 10:36 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 23/25] KVM: TDX: Use guard() to acquire kvm->lock in tdx_vm_ioctl() Sean Christopherson
2025-10-21 0:10 ` Edgecombe, Rick P
2025-10-21 16:56 ` Sean Christopherson
2025-10-21 19:03 ` Edgecombe, Rick P
2025-10-24 10:36 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 24/25] KVM: TDX: Guard VM state transitions with "all" the locks Sean Christopherson
2025-10-24 10:02 ` Yan Zhao
2025-10-24 16:57 ` Sean Christopherson
2025-10-27 9:26 ` Yan Zhao
2025-10-27 17:46 ` Edgecombe, Rick P [this message]
2025-10-27 18:10 ` Sean Christopherson
2025-10-28 0:28 ` [PATCH] KVM: TDX: Take MMU lock around tdh_vp_init() Rick Edgecombe
2025-10-28 5:37 ` Yan Zhao
2025-10-29 6:37 ` Binbin Wu
2025-10-28 1:37 ` [PATCH v3 24/25] KVM: TDX: Guard VM state transitions with "all" the locks Yan Zhao
2025-10-28 17:40 ` Edgecombe, Rick P
2025-10-24 10:53 ` Huang, Kai
2025-10-28 0:28 ` Huang, Kai
2025-10-28 0:37 ` Sean Christopherson
2025-10-28 1:01 ` Huang, Kai
2025-10-17 0:32 ` [PATCH v3 25/25] KVM: TDX: Fix list_add corruption during vcpu_load() Sean Christopherson
2025-10-20 8:50 ` Yan Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=77d8a0d9541ce3fc2b2c76b58add50d152b52e39.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=ackerleytng@google.com \
--cc=anup@brainfault.org \
--cc=aou@eecs.berkeley.edu \
--cc=binbin.wu@linux.intel.com \
--cc=borntraeger@linux.ibm.com \
--cc=chenhuacai@kernel.org \
--cc=frankja@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm-riscv@lists.infradead.org \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=loongarch@lists.linux.dev \
--cc=maddy@linux.ibm.com \
--cc=maobibo@loongson.cn \
--cc=maz@kernel.org \
--cc=michael.roth@amd.com \
--cc=oliver.upton@linux.dev \
--cc=palmer@dabbelt.com \
--cc=pbonzini@redhat.com \
--cc=pjw@kernel.org \
--cc=seanjc@google.com \
--cc=vannapurve@google.com \
--cc=x86@kernel.org \
--cc=yan.y.zhao@intel.com \
--cc=zhaotianrui@loongson.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).