Re: [PATCH v2 00/21] Runtime TDX Module update support

From: Sean Christopherson
Date: Fri Oct 24 2025 - 16:00:14 EST

Next message: Yosry Ahmed: "Re: [kvm-unit-tests 0/7] More tests for selective CR0 intercept"
Previous message: Lorenzo Stoakes: "Re: [PATCH] mm: shmem/tmpfs hugepage defaults config choice"
In reply to: dan.j.williams: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Next in thread: Dave Hansen: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 24, 2025, dan.j.williams@xxxxxxxxx wrote:
> Dave Hansen wrote:
> > On 10/24/25 00:43, Chao Gao wrote:
> > ...
> > > Beyond "the kvm_tdx object gets torn down during a build," I see two potential
> > > issues:
> > >
> > > 1. TD Build and TDX migration aren't purely kernel processes -- they span multiple
> > > KVM ioctls. Holding a read-write lock throughout the entire process would
> > > require exiting to userspace while the lock is held. I think this is
> > > irregular, but I'm not sure if it's acceptable for read-write semaphores.
> >
> > Sure, I guess it's irregular. But look at it this way: let's say we
> > concocted some scheme to use a TD build refcount and a module update
> > flag, had them both wait_event_interruptible() on each other, and then
> > did wakeups. That would get the same semantics without an rwsem.
>
> This sounds unworkable to me.
>
> First, you cannot return to userspace while holding a lock. Lockdep will
> rightfully scream:
>
> "WARNING: lock held when returning to user space!"
>
> The complexity of ensuring that a multi-stage ABI transaction completes
> from the kernel side is painful. If that process dies in the middle of
> its ABI sequence who cleans up these references?
>
> The operational mechanism to make sure that one process flow does not
> mess up another process flow is for those process to communicate with
> *userspace* file locks, or for those process to check for failures after
> the fact and retry. Unless you can make the build side an atomic ABI,
> this is a documentation + userspace problem, not a kernel problem.

C'mon people (especially the Google folks), this is the ***exact*** same problem
as certificate updates for SNP[1]. Y'all suggested holding a lock across a userspace
exit back then, and Dan's analysis confirms my reaction from back then that
"Holding a lock across an exit to userspace seems wildly unsafe."[2]

In the end, it took more time to understand the problem then to sketch out and
test a solution[3].

Unless this somehow puts the host (kernel) at risk, this is a userspace problem.

[1] https://lore.kernel.org/all/20240426173515.6pio42iqvjj2aeac@xxxxxxx
[2] https://lore.kernel.org/all/Zx_V5SHwzDAl8ZQR@xxxxxxxxxx
[3] https://lore.kernel.org/all/ZixCYlKn5OYUFWEq@xxxxxxxxxx

Next message: Yosry Ahmed: "Re: [kvm-unit-tests 0/7] More tests for selective CR0 intercept"
Previous message: Lorenzo Stoakes: "Re: [PATCH] mm: shmem/tmpfs hugepage defaults config choice"
In reply to: dan.j.williams: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Next in thread: Dave Hansen: "Re: [PATCH v2 00/21] Runtime TDX Module update support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]