From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D73832701B6 for ; Tue, 16 Sep 2025 17:54:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758045290; cv=none; b=VFpDW3E+0kn8qvsg/XQLxoMG8zX6za94BbAAfsLWa87lk1KoLQH5M943zQ93+KF+XjGxE+cWL+g5sapvboXeb45cSutKV1jBgBsdtRpIApXHCQ//H/eQVLpn3ytaiOJdZYgJrkdsNT5JDfpBFow+//d3LR0wQCAPl5QieRSTD+Q= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1758045290; c=relaxed/simple; bh=5pc1vYWv8Mh+GZOqkyZtqcd5AHyJPIFY0nw20gvCFXw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=S4uYHrxhpX/q9WwZZGOEoOx/WtXDAgTyuJ8uF8VD/hsj1ePluxxjkUXhsgblUYGwNExB1z2pAGIDJ0NCYHUVQPrqo2xRs8sTU0uDyC5O+D0yNi7XVfnCrwX7J11OU38hhYmcQ8rjXPpECLcsyENrAMBcwwdDXkSkE6CmIaGs/KM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4mveTCoV; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4mveTCoV" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-32e5652d4b4so98413a91.1 for ; Tue, 16 Sep 2025 10:54:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1758045288; x=1758650088; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=9rYwd9Yt4KSJMAiHCxDd/fBe/YrUr9zrmO6WYo46ZM0=; b=4mveTCoVKwFDxR8KT0T0AIU/9GrdxO1I4bd2QmoBtfCnYnyPTSdUeW8W8/I+U92CkR 9VAqEriu4ZmVLOzLg6bOpylGPOclPfae0c34kZF51rvicJDt+GWZ+dDBtiZLGYMgVtTK cY+ffat7PZrKhboLGq3exicFYteryLQSv/OlXbjLPL7Df2pxWxcetclND3O4JEzJibUp BwoWHuD8ktP1eudrgx3OMYZcvmA61rr7kswGtnhOrt891L9+xDpZy91OZl4m8/YEyjGX IeTbRzO0H+m3rvBjmPlcUleaEqBmCCI9Zhpnq/giUAZBLAYCzdkHtPh5exGbrp35LNgP NZeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758045288; x=1758650088; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9rYwd9Yt4KSJMAiHCxDd/fBe/YrUr9zrmO6WYo46ZM0=; b=oVAuUqCK+mrf2rrHEJsLzGWzqXrVFDVlnoFDsiZsw/UDYlwI9cgz9vvAdiPDu08V09 JhkbI1/RkEeq8LJiHcy7bmWTMPOKW01NezxsJav0XkIYcN9emZ3kluGYswvupltCdnlg YQABpDFpCF/YOJsQGUGL7B4O2BI5Dm4M++54QMMVZmRaIOikzNMViZFGxm9NHNiDHtS9 VgRUd1yX3N/Eu46AFFSpqqOw+Qu9eYsh6mxDfP3KzH4MYFNhyaYRLGOSZmBm5fn1IVp0 wLNfwVVa1ipW1neJEUFA2K3Y6NRJxZo4wgT+l7DSv5Q1AyWqvpe8KmOL6Sontg1YkUjU sYQw== X-Forwarded-Encrypted: i=1; AJvYcCX5a/FI4RT7NS5Cq+g/pZFagjt5JuOJq9tZ6bARt8XQ89PU4ITXbNywGbzhNnhmFdw2E47QJfrzkQ==@vger.kernel.org X-Gm-Message-State: AOJu0YwgURFfOY2SDWxWvEMn2jMViI2stzPkeWN2WNtVacjd37WwaPTP ohIv3x+VmMFqUkWltTMw0wM2h9jL1YfqpSCSvN1u0f9DXW0VNb8WW2qGWerQLnzYj06axHYZNob /bCfqNw== X-Google-Smtp-Source: AGHT+IHxYRALXe/6aqTfS3mOIcKC9WdzJl0+HjYjtsgS8nKde2B3kRmWxItE8RmZHp3qoFvozkM2g48OqEw= X-Received: from pjbnb15.prod.google.com ([2002:a17:90b:35cf:b0:328:116e:273]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90a:da87:b0:32e:7478:f743 with SMTP id 98e67ed59e1d1-32ea60efe78mr3955493a91.11.1758045287913; Tue, 16 Sep 2025 10:54:47 -0700 (PDT) Date: Tue, 16 Sep 2025 10:54:46 -0700 In-Reply-To: <0387b08a-a8b0-4632-abfc-6b8189ded6b4@linux.intel.com> Precedence: bulk X-Mailing-List: linux-pm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250909182828.1542362-1-xin@zytor.com> <0387b08a-a8b0-4632-abfc-6b8189ded6b4@linux.intel.com> Message-ID: Subject: Re: [RFC PATCH v1 0/5] x86/boot, KVM: Move VMXON/VMXOFF handling from KVM to CPU lifecycle From: Sean Christopherson To: Arjan van de Ven Cc: "Xin Li (Intel)" , linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-pm@vger.kernel.org, pbonzini@redhat.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, hpa@zytor.com, rafael@kernel.org, pavel@kernel.org, brgerst@gmail.com, david.kaplan@amd.com, peterz@infradead.org, andrew.cooper3@citrix.com, kprateek.nayak@amd.com, chao.gao@intel.com, rick.p.edgecombe@intel.com, dan.j.williams@intel.com Content-Type: text/plain; charset="us-ascii" On Thu, Sep 11, 2025, Arjan van de Ven wrote: > Hi, > > I also want to keep the code as a module, both to avoid doing VMXON unconditionally, > > can you expand on what the problem is with having VMXON unconditionally enabled? Unlike say EFER.SVME, VMXON fundamentally changes CPU behavior. E.g. blocks INIT, activates VMCS caches (which aren't cleared by VMXOFF on pre-SPR CPUs, and AFAIK Intel hasn't even publicly committed to that behavior for SPR+), restricts allowed CR0 and CR4 values, raises questions about ucode patch updates, triggers unique flows in SMI/RSM, prevents Intel PT from tracing on certain CPUs, and probably a few other things I'm forgetting. > A lot of things are much simpler if it's on at cpu up, and turned off only at the > down path (be it offline of kexec).. no refcounting, no locking, etc... For Intel. Unless _all_ vendors and architectures follow suit, KVM will need the refcounting and locking. And while it's not anyone's fault, the *vast* majority of complexity around enabling virtualization in KVM is due to VMX. I.e. KVM added a bunch of code to deal with the aformentioned side effects of VMXON, and as a result, all other vendors/architectures have had to deal with that complexity. > so would be good to understand what the problem would be with having it always on Doing VMXON unconditionally is a minor objection. My primary objection is that this series does what's easiest for TDX, and leaves behind all of the VMX-induced technical debt in KVM.