From: "Huang, Kai" <kai.huang@intel.com>
To: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"nik.borisov@suse.com" <nik.borisov@suse.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Cc: "Huang, Ying" <ying.huang@intel.com>,
"Raj, Ashok" <ashok.raj@intel.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
"david@redhat.com" <david@redhat.com>,
"bagasdotme@gmail.com" <bagasdotme@gmail.com>,
"Luck, Tony" <tony.luck@intel.com>,
"ak@linux.intel.com" <ak@linux.intel.com>,
"Wysocki, Rafael J" <rafael.j.wysocki@intel.com>,
"kirill.shutemov@linux.intel.com"
<kirill.shutemov@linux.intel.com>,
"Chatre, Reinette" <reinette.chatre@intel.com>, "Christopherson,,
Sean" <seanjc@google.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"mingo@redhat.com" <mingo@redhat.com>,
"Yamahata, Isaku" <isaku.yamahata@intel.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"hpa@zytor.com" <hpa@zytor.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"Shahar, Sagi" <sagis@google.com>,
"imammedo@redhat.com" <imammedo@redhat.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"bp@alien8.de" <bp@alien8.de>, "Brown, Len" <len.brown@intel.com>,
"Gao, Chao" <chao.gao@intel.com>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"Williams, Dan J" <dan.j.williams@intel.com>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [PATCH v12 19/22] x86/kexec(): Reset TDX private memory on platforms with TDX erratum
Date: Thu, 29 Jun 2023 09:45:04 +0000 [thread overview]
Message-ID: <e093e75f09e738c3b6e28c0f6cec991ecff15243.camel@intel.com> (raw)
In-Reply-To: <3afbb049ba3a848bb0befd7056ced519c7aa8991.camel@intel.com>
On Thu, 2023-06-29 at 05:38 +0000, Huang, Kai wrote:
> On Thu, 2023-06-29 at 03:19 +0000, Huang, Kai wrote:
> > On Wed, 2023-06-28 at 12:20 +0300, Nikolay Borisov wrote:
> > > > + atomic_inc_return(&tdx_may_has_private_mem);
> > > > +
> > > > /* Config the key of global KeyID on all packages */
> > > > ret = config_global_keyid();
> > > > if (ret)
> > > > @@ -1154,6 +1167,15 @@ static int init_tdx_module(void)
> > > > * as suggested by the TDX spec.
> > > > */
> > > > tdmrs_reset_pamt_all(&tdx_tdmr_list);
> > > > + /*
> > > > + * No more TDX private pages now, and PAMTs/TDMRs are
> > > > + * going to be freed. Make this globally visible so
> > > > + * tdx_reset_memory() can read stable TDMRs/PAMTs.
> > > > + *
> > > > + * Note atomic_dec_return(), which is an atomic RMW with
> > > > + * return value, always enforces the memory barrier.
> > > > + */
> > > > + atomic_dec_return(&tdx_may_has_private_mem);
> > >
> > > Make a comment here which either refers to the comment at the increment
> > > site.
> >
> > I guess I got your point. Will try to make better comments.
> >
> > >
> > > > out_free_pamts:
> > > > tdmrs_free_pamt_all(&tdx_tdmr_list);
> > > > out_free_tdmrs:
> > > > @@ -1229,6 +1251,63 @@ int tdx_enable(void)
> > > > }
> > > > EXPORT_SYMBOL_GPL(tdx_enable);
> > > >
> > > > +/*
> > > > + * Convert TDX private pages back to normal on platforms with
> > > > + * "partial write machine check" erratum.
> > > > + *
> > > > + * Called from machine_kexec() before booting to the new kernel.
> > > > + */
> > > > +void tdx_reset_memory(void)
> > > > +{
> > > > + if (!platform_tdx_enabled())
> > > > + return;
> > > > +
> > > > + /*
> > > > + * Kernel read/write to TDX private memory doesn't
> > > > + * cause machine check on hardware w/o this erratum.
> > > > + */
> > > > + if (!boot_cpu_has_bug(X86_BUG_TDX_PW_MCE))
> > > > + return;
> > > > +
> > > > + /* Called from kexec() when only rebooting cpu is alive */
> > > > + WARN_ON_ONCE(num_online_cpus() != 1);
> > > > +
> > > > + if (!atomic_read(&tdx_may_has_private_mem))
> > > > + return;
> > >
> > > I think a comment is warranted here explicitly calling our the ordering
> > > requirement/guarantees. Actually this is a non-rmw operation so it
> > > doesn't have any bearing on the ordering/implicit mb's achieved at the
> > > "increment" site.
> >
> > We don't need explicit ordering/barrier here, if I am not missing something.
> > The atomic_{inc/dec}_return() already made sure the memory ordering -- which
> > guarantees when @tdx_may_has_private_mem reads true _here_, the TDMRs/PAMTs must
> > be stable.
> >
> > Quoted from Documentation/atomic_t.txt:
> >
> > "
> > - RMW operations that have a return value are fully ordered;
> >
> > ...
> >
> > Fully ordered primitives are ordered against everything prior and everything
> > subsequent. Therefore a fully ordered primitive is like having an smp_mb()
> > before and an smp_mb() after the primitive.
> > "
> >
> >
> > Am I missing anything?
>
> OK I guess I figured out by myself after more thinking. Although the
> atomic_{inc|dec}_return() code path has guaranteed when @tdx_may_has_private_mem
> is true, TDMRs/PAMTs are stable, but here in the reading path, the code below
>
> tdmrs_reset_pamt_all(&tdx_tdmr_list);
>
> may still be executed speculatively before the if () statement completes
>
> if (!atomic_read(&tdx_may_has_private_mem))
> return;
>
> So we need CPU memory barrier instead of compiler barrier.
>
(Sorry for multiple replies)
Hmm.. reading the SDM more carefully, the speculative execution shouldn't
matter. It may cause instruction/data being fetched to the cache, etc, but the
instruction shouldn't take effort unless the above branch predication truly
turns out to be the right result.
What matters is memory reads/writes order. On x86, per SDM on single processor
(which is the case here) basically reads/writes are not reordered:
"
In a single-processor system for memory regions defined as write-back cacheable,
the memory-ordering model respects the following principles ...:
• Reads are not reordered with other reads.
• Writes are not reordered with older reads.
• Writes to memory are not reordered with other writes, with the following
exceptions:
(string operations/non-temporal moves)
...
"
So in practice there should be no problem. But I will just use the correct
atomic_t operations to force a memory barrier here.
next prev parent reply other threads:[~2023-06-29 9:45 UTC|newest]
Thread overview: 159+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-26 14:12 [PATCH v12 00/22] TDX host kernel support Kai Huang
2023-06-26 14:12 ` [PATCH v12 01/22] x86/tdx: Define TDX supported page sizes as macros Kai Huang
2023-06-26 14:12 ` [PATCH v12 02/22] x86/virt/tdx: Detect TDX during kernel boot Kai Huang
2023-06-26 14:12 ` [PATCH v12 03/22] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC Kai Huang
2023-06-26 14:12 ` [PATCH v12 04/22] x86/cpu: Detect TDX partial write machine check erratum Kai Huang
2023-06-29 11:22 ` David Hildenbrand
2023-06-26 14:12 ` [PATCH v12 05/22] x86/virt/tdx: Add SEAMCALL infrastructure Kai Huang
2023-06-27 9:48 ` kirill.shutemov
2023-06-27 10:28 ` Huang, Kai
2023-06-27 11:36 ` kirill.shutemov
2023-06-28 0:19 ` Isaku Yamahata
2023-06-28 3:09 ` Chao Gao
2023-06-28 3:34 ` Huang, Kai
2023-06-28 11:50 ` kirill.shutemov
2023-06-28 23:31 ` Huang, Kai
2023-06-29 11:25 ` David Hildenbrand
2023-06-28 12:58 ` Peter Zijlstra
2023-06-28 13:54 ` Peter Zijlstra
2023-06-28 23:25 ` Huang, Kai
2023-06-29 10:15 ` kirill.shutemov
2023-06-28 23:21 ` Huang, Kai
2023-06-29 3:40 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 06/22] x86/virt/tdx: Handle SEAMCALL running out of entropy error Kai Huang
2023-06-28 13:02 ` Peter Zijlstra
2023-06-28 23:30 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand Kai Huang
2023-06-26 21:21 ` Sathyanarayanan Kuppuswamy
2023-06-27 10:37 ` Huang, Kai
2023-06-27 9:50 ` kirill.shutemov
2023-06-27 10:34 ` Huang, Kai
2023-06-27 12:18 ` kirill.shutemov
2023-06-27 22:37 ` Huang, Kai
2023-06-28 0:28 ` Huang, Kai
2023-06-28 11:55 ` kirill.shutemov
2023-06-28 13:35 ` Peter Zijlstra
2023-06-29 0:15 ` Huang, Kai
2023-06-30 9:22 ` Peter Zijlstra
2023-06-30 10:09 ` Huang, Kai
2023-06-30 18:42 ` Isaku Yamahata
2023-07-01 8:15 ` Huang, Kai
2023-06-28 0:31 ` Isaku Yamahata
2023-06-28 13:04 ` Peter Zijlstra
2023-06-29 0:00 ` Huang, Kai
2023-06-30 9:25 ` Peter Zijlstra
2023-06-30 9:48 ` Huang, Kai
2023-06-28 13:08 ` Peter Zijlstra
2023-06-29 0:08 ` Huang, Kai
2023-06-28 13:17 ` Peter Zijlstra
2023-06-29 0:10 ` Huang, Kai
2023-06-30 9:26 ` Peter Zijlstra
2023-06-30 9:55 ` Huang, Kai
2023-06-30 18:30 ` Peter Zijlstra
2023-06-30 19:05 ` Isaku Yamahata
2023-06-30 21:24 ` Sean Christopherson
2023-06-30 21:58 ` Dan Williams
2023-06-30 23:13 ` Dave Hansen
2023-07-03 10:38 ` Peter Zijlstra
2023-07-03 10:49 ` Peter Zijlstra
2023-07-03 14:40 ` Dave Hansen
2023-07-03 15:03 ` Peter Zijlstra
2023-07-03 15:26 ` Dave Hansen
2023-07-03 17:55 ` kirill.shutemov
2023-07-03 18:26 ` Dave Hansen
2023-07-05 7:14 ` Peter Zijlstra
2023-07-04 16:58 ` Peter Zijlstra
2023-07-04 21:50 ` Huang, Kai
2023-07-05 7:16 ` Peter Zijlstra
2023-07-05 7:54 ` Huang, Kai
2023-07-05 14:34 ` Dave Hansen
2023-07-05 14:57 ` Peter Zijlstra
2023-07-06 14:49 ` Dave Hansen
2023-07-10 17:58 ` Sean Christopherson
2023-06-29 11:31 ` David Hildenbrand
2023-06-29 22:58 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 08/22] x86/virt/tdx: Get information about TDX module and TDX-capable memory Kai Huang
2023-06-27 9:51 ` kirill.shutemov
2023-06-27 10:45 ` Huang, Kai
2023-06-27 11:37 ` kirill.shutemov
2023-06-27 11:46 ` Huang, Kai
2023-06-28 14:10 ` Peter Zijlstra
2023-06-29 9:15 ` Huang, Kai
2023-06-30 9:34 ` Peter Zijlstra
2023-06-30 9:58 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 09/22] x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory Kai Huang
2023-06-28 14:17 ` Peter Zijlstra
2023-06-29 0:57 ` Huang, Kai
2023-07-11 11:38 ` David Hildenbrand
2023-07-11 12:27 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 10/22] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions Kai Huang
2023-06-26 14:12 ` [PATCH v12 11/22] x86/virt/tdx: Fill out " Kai Huang
2023-07-04 7:28 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 12/22] x86/virt/tdx: Allocate and set up PAMTs for TDMRs Kai Huang
2023-06-27 9:51 ` kirill.shutemov
2023-07-04 7:40 ` Yuan Yao
2023-07-04 8:59 ` Huang, Kai
2023-07-11 11:42 ` David Hildenbrand
2023-07-11 11:49 ` Huang, Kai
2023-07-11 11:55 ` David Hildenbrand
2023-06-26 14:12 ` [PATCH v12 13/22] x86/virt/tdx: Designate reserved areas for all TDMRs Kai Huang
2023-07-05 5:29 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 14/22] x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID Kai Huang
2023-07-05 6:49 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 15/22] x86/virt/tdx: Configure global KeyID on all packages Kai Huang
2023-07-05 8:13 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 16/22] x86/virt/tdx: Initialize all TDMRs Kai Huang
2023-07-06 5:31 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 17/22] x86/kexec: Flush cache of TDX private memory Kai Huang
2023-06-26 14:12 ` [PATCH v12 18/22] x86/virt/tdx: Keep TDMRs when module initialization is successful Kai Huang
2023-06-28 9:04 ` Nikolay Borisov
2023-06-29 1:03 ` Huang, Kai
2023-06-28 12:23 ` kirill.shutemov
2023-06-28 12:48 ` Nikolay Borisov
2023-06-29 0:24 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 19/22] x86/kexec(): Reset TDX private memory on platforms with TDX erratum Kai Huang
2023-06-28 9:20 ` Nikolay Borisov
2023-06-29 0:32 ` Dave Hansen
2023-06-29 0:58 ` Huang, Kai
2023-06-29 3:19 ` Huang, Kai
2023-06-29 5:38 ` Huang, Kai
2023-06-29 9:45 ` Huang, Kai [this message]
2023-06-29 9:48 ` Nikolay Borisov
2023-06-28 12:29 ` kirill.shutemov
2023-06-29 0:27 ` Huang, Kai
2023-07-07 4:01 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 20/22] x86/virt/tdx: Allow SEAMCALL to handle #UD and #GP Kai Huang
2023-06-28 12:32 ` kirill.shutemov
2023-06-28 15:29 ` Peter Zijlstra
2023-06-28 20:38 ` Peter Zijlstra
2023-06-28 21:11 ` Peter Zijlstra
2023-06-28 21:16 ` Peter Zijlstra
2023-06-30 9:03 ` kirill.shutemov
2023-06-30 10:02 ` Huang, Kai
2023-06-30 10:22 ` kirill.shutemov
2023-06-30 11:06 ` Huang, Kai
2023-06-29 10:33 ` Huang, Kai
2023-06-30 10:06 ` Peter Zijlstra
2023-06-30 10:18 ` Huang, Kai
2023-06-30 15:16 ` Dave Hansen
2023-07-01 8:16 ` Huang, Kai
2023-06-30 10:21 ` Peter Zijlstra
2023-06-30 11:05 ` Huang, Kai
2023-06-30 12:06 ` Peter Zijlstra
2023-06-30 15:14 ` Peter Zijlstra
2023-07-03 12:15 ` Huang, Kai
2023-07-05 10:21 ` Peter Zijlstra
2023-07-05 11:34 ` Huang, Kai
2023-07-05 12:19 ` Peter Zijlstra
2023-07-05 12:53 ` Huang, Kai
2023-07-05 20:56 ` Isaku Yamahata
2023-07-05 12:21 ` Peter Zijlstra
2023-06-29 11:16 ` kirill.shutemov
2023-06-29 10:00 ` Huang, Kai
2023-06-26 14:12 ` [PATCH v12 21/22] x86/mce: Improve error log of kernel space TDX #MC due to erratum Kai Huang
2023-06-28 12:38 ` kirill.shutemov
2023-07-07 7:26 ` Yuan Yao
2023-06-26 14:12 ` [PATCH v12 22/22] Documentation/x86: Add documentation for TDX host support Kai Huang
2023-06-28 7:04 ` [PATCH v12 00/22] TDX host kernel support Yuan Yao
2023-06-28 8:12 ` Huang, Kai
2023-06-29 1:01 ` Yuan Yao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e093e75f09e738c3b6e28c0f6cec991ecff15243.camel@intel.com \
--to=kai.huang@intel.com \
--cc=ak@linux.intel.com \
--cc=ashok.raj@intel.com \
--cc=bagasdotme@gmail.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=reinette.chatre@intel.com \
--cc=sagis@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).