From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2D642C433FE
	for <linux-mm@archiver.kernel.org>; Tue, 22 Nov 2022 19:31:44 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 97AEB8E0001; Tue, 22 Nov 2022 14:31:43 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 92B126B0073; Tue, 22 Nov 2022 14:31:43 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 7F3C08E0001; Tue, 22 Nov 2022 14:31:43 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 715A96B0071
	for <linux-mm@kvack.org>; Tue, 22 Nov 2022 14:31:43 -0500 (EST)
Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id EF8E01A090E
	for <linux-mm@kvack.org>; Tue, 22 Nov 2022 19:31:42 +0000 (UTC)
X-FDA: 80162072844.15.3B30482
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181])
	by imf25.hostedemail.com (Postfix) with ESMTP id 5EC69A0012
	for <linux-mm@kvack.org>; Tue, 22 Nov 2022 19:31:42 +0000 (UTC)
Received: by mail-pg1-f181.google.com with SMTP id s196so14922239pgs.3
        for <linux-mm@kvack.org>; Tue, 22 Nov 2022 11:31:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=siXftGv8ycXrMRraGh3XeU6UKcxAd+GukaGf1635NmA=;
        b=GASSlv0OoBHyhUZ3KS/fwCsfs7Jig2vXCU1qaEKmESBDmEIt1VtkDZ9AAC5dGybsAX
         LQ9Vvf2KkUpnEtoH6/6g320s0QsDrkjOa0pSGCpyy6Qu2qPyVvs45HeBmvPoibRnusaU
         tgyJEA4JkyC6uFROTJ2sSabgEOuSfYRUnn1Ky97/AV+Yo7TEJapcEghis5cmDGiNR/QA
         PR0MHcFFKA/LOJYGNoh72+ZPUzPoL8SzZNi9T1akV11xop1A9LbCrD7S1cvL12K5Aeff
         pOZ/JfyChc1IDiDEy/SVrf2j2zTsXskVuD9Juqhzk+1vYSxO8jg9/ni/A9ASsuX7WAx+
         7TCQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=siXftGv8ycXrMRraGh3XeU6UKcxAd+GukaGf1635NmA=;
        b=VlNAhnHva1WDWiu8b4gvODdrAVkRXoM4jnTA+vh54L7j/m2xVK5M+nuTxI0Z7Vfvc/
         oiZp+pSIYU79S0ureJB6/RfnrLYPfmbXwwA/VFuNbojej21wrLe3hzs6afyyRhfCkBRR
         kUXLn2dspGsZLfOmOiw0PCxKOh9bpVmtASWTlAk2yVgpOqnzpqWJJ57wWUHOySAGLRiv
         mKfTAV74SztY3pELlKt6a4NjlHgolFjeu7CQTSXXFwCnOxAFAbrKF1yjDk4e1nNBnl4U
         LivkApJ3UgkQ1ezP8rsQjDtlQ0MynZPETici9uppL21V0gKEe568sCaagt90gijYrclM
         R6JQ==
X-Gm-Message-State: ANoB5plJaz2++ds7kFUXVV5Ot1yAd8gK4l/wZ8mmIJnB2D0T6fFc3Ftf
	c5qFHeRTeaLLljUSydzJ31SQQw==
X-Google-Smtp-Source: AA0mqf7ksi6xnXTmcjIJCDhYhx70OWpjNJdfDF1pfmrBdIFzUVxRoF/w+K9uQSCTT8eYiFfpB+3BZg==
X-Received: by 2002:aa7:9057:0:b0:573:1d31:2b78 with SMTP id n23-20020aa79057000000b005731d312b78mr7551599pfo.61.1669145500962;
        Tue, 22 Nov 2022 11:31:40 -0800 (PST)
Received: from google.com (7.104.168.34.bc.googleusercontent.com. [34.168.104.7])
        by smtp.gmail.com with ESMTPSA id o14-20020a170902d4ce00b00186acb14c4asm12529380plg.67.2022.11.22.11.31.40
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Nov 2022 11:31:40 -0800 (PST)
Date: Tue, 22 Nov 2022 19:31:36 +0000
From: Sean Christopherson <seanjc@google.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>, Kai Huang <kai.huang@intel.com>,
	linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
	linux-mm@kvack.org, pbonzini@redhat.com, dave.hansen@intel.com,
	dan.j.williams@intel.com, rafael.j.wysocki@intel.com,
	kirill.shutemov@linux.intel.com, ying.huang@intel.com,
	reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com,
	ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com,
	sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com,
	sagis@google.com, imammedo@redhat.com
Subject: Re: [PATCH v7 06/20] x86/virt/tdx: Shut down TDX module in case of
 error
Message-ID: <Y30jmKOOsvtzt6UT@google.com>
References: <cover.1668988357.git.kai.huang@intel.com>
 <48505089b645019a734d85c2c29f3c8ae2dbd6bd.1668988357.git.kai.huang@intel.com>
 <Y3yUdcJjrY2LhUWJ@hirez.programming.kicks-ass.net>
 <87bkozgham.ffs@tglx>
 <Y30dujuXC8wlLwoQ@hirez.programming.kicks-ass.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Y30dujuXC8wlLwoQ@hirez.programming.kicks-ass.net>
ARC-Authentication-Results: i=1;
	imf25.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=GASSlv0O;
	spf=pass (imf25.hostedemail.com: domain of seanjc@google.com designates 209.85.215.181 as permitted sender) smtp.mailfrom=seanjc@google.com;
	dmarc=pass (policy=reject) header.from=google.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1669145502; a=rsa-sha256;
	cv=none;
	b=mscke2GEuEU/tIZKP4cRw49xium8JwSNWCY8VsQR1C9yzJ3ubGatzG7XoUNxwwS950nxuX
	7Na6Vwd5k47nMdZMdz9WGGv9lJHtrm0sC8z52Xl5lQ/rZI/jR6wZu2SfM/4hGSaNN7c00h
	emzgIfZZleQ8bLoXNjeipTivdyz/JKk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1669145502;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=siXftGv8ycXrMRraGh3XeU6UKcxAd+GukaGf1635NmA=;
	b=6s6ZIyAlIDiJsAO5SY3y7XGgMYZVv4rIUdymrT/TlqGaokr5feq+ZXlRW/CsAmC874MlpL
	tZlCCvkkspYuaORCOuAdD1hl/jf4CBOhxG63HC2ibgyv7ydAnzyf8FqE73niLQecIsDa7y
	01dRxJHS7xAzwIIMVrfOYx+BC9a/EyU=
X-Rspam-User: 
Authentication-Results: imf25.hostedemail.com;
	dkim=pass header.d=google.com header.s=20210112 header.b=GASSlv0O;
	spf=pass (imf25.hostedemail.com: domain of seanjc@google.com designates 209.85.215.181 as permitted sender) smtp.mailfrom=seanjc@google.com;
	dmarc=pass (policy=reject) header.from=google.com
X-Stat-Signature: r87cgyumdz695x9estkcg43ibi7eg5kc
X-Rspamd-Queue-Id: 5EC69A0012
X-Rspamd-Server: rspam09
X-HE-Tag: 1669145502-847166
X-Bogosity: Ham, tests=bogofilter, spamicity=0.103528, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, Nov 22, 2022, Peter Zijlstra wrote:
> On Tue, Nov 22, 2022 at 04:06:25PM +0100, Thomas Gleixner wrote:
> > On Tue, Nov 22 2022 at 10:20, Peter Zijlstra wrote:
> > 
> > > On Mon, Nov 21, 2022 at 01:26:28PM +1300, Kai Huang wrote:
> > >
> > >> Shutting down the TDX module requires calling TDH.SYS.LP.SHUTDOWN on all
> > >> BIOS-enabled CPUs, and the SEMACALL can run concurrently on different
> > >> CPUs.  Implement a mechanism to run SEAMCALL concurrently on all online
> > >> CPUs and use it to shut down the module.  Later logical-cpu scope module
> > >> initialization will use it too.
> > >
> > > Uhh, those requirements ^ are not met by this:
> > 
> >   Can run concurrently != Must run concurrently
> >  
> > The documentation clearly says "can run concurrently" as quoted above.
> 
> The next sentense says: "Implement a mechanism to run SEAMCALL
> concurrently" -- it does not.
> 
> Anyway, since we're all in agreement there is no such requirement at
> all, a schedule_on_each_cpu() might be more appropriate, there is no
> reason to use IPIs and spin-waiting for any of this.

Backing up a bit, what's the reason for _any_ of this?  The changelog says

  It's pointless to leave the TDX module in some middle state.

but IMO it's just as pointless to do a shutdown unless the kernel benefits in
some meaningful way.  And IIUC, TDH.SYS.LP.SHUTDOWN does nothing more than change
the SEAM VMCS.HOST_RIP to point to an error trampoline.  E.g. it's not like doing
a shutdown lets the kernel reclaim memory that was gifted to the TDX module.

In other words, this is just a really expensive way of changing a function pointer,
and the only way it would ever benefit the kernel is if there is a kernel bug that
leads to trying to use TDX after a fatal error.  And even then, the only difference
seems to be that subsequent bogus SEAMCALLs would get a more unique error message.