From: Sean Christopherson <seanjc@google.com>
To: Kai Huang <kai.huang@intel.com>
Cc: Dan J Williams <dan.j.williams@intel.com>,
Dave Hansen <dave.hansen@intel.com>,
Tony Lindgren <tony.lindgren@intel.com>,
Rick P Edgecombe <rick.p.edgecombe@intel.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
Reinette Chatre <reinette.chatre@intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Yan Y Zhao <yan.y.zhao@intel.com>,
Adrian Hunter <adrian.hunter@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"kristen@linux.intel.com" <kristen@linux.intel.com>
Subject: Re: [PATCH 3/3] KVM: VMX: Initialize TDX during KVM module load
Date: Thu, 31 Oct 2024 13:22:35 -0700 [thread overview]
Message-ID: <ZyPnC3K9hjjKAWCM@google.com> (raw)
In-Reply-To: <46ea74bcd8eebe241a143e9280c65ca33cb8dcce.camel@intel.com>
On Thu, Oct 31, 2024, Kai Huang wrote:
> On Wed, 2024-10-30 at 08:19 -0700, Sean Christopherson wrote:
> > > +void __init tdx_bringup(void)
> > > +{
> > > + enable_tdx = enable_tdx && !__tdx_bringup();
> >
> > Ah. I don't love this approach because it mixes "failure" due to an unsupported
> > configuration, with failure due to unexpected issues. E.g. if enabling virtualization
> > fails, loading KVM-the-module absolutely should fail too, not simply disable TDX.
>
> Thanks for the comments.
>
> I see your point. However for "enabling virtualization failure" kvm_init() will
> also try to do (default behaviour), so if it fails it will result in module
> loading failure eventually. So while I guess it would be slightly better to
> make module loading fail if "enabling virtualization fails" in TDX, it is a nit
> issue to me.
>
> I think "enabling virtualization failure" is the only "unexpected issue" that
> should result in module loading failure. For any other TDX-specific
> initialization failure (e.g., any memory allocation in future patches) it's
> better to only disable TDX.
I disagree. The platform owner wants TDX to be enabled, KVM shouldn't silently
disable TDX because of a transient, unrelated failure.
If TDX _can't_ be supported, e.g. because EPT or MMIO SPTE caching was explicitly
disable, then that's different. And that's the general pattern throughout KVM.
If a requested feature isn't supported, then KVM continues on updates the module
param accordingly. But if something outright fails during setup, KVM aborts the
entire sequence.
> So I can change to "make loading KVM-the-module fail if enabling virtualization
> fails in TDX", but I want to confirm this is what you want?
I would prefer the logic to be: reject loading kvm-intel.ko if an operation that
would normally succeed, fails.
next prev parent reply other threads:[~2024-10-31 20:22 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-28 13:20 [PATCH 0/3] KVM: VMX: Initialize TDX when loading KVM module Kai Huang
2024-10-28 13:20 ` [PATCH 1/3] KVM: VMX: Refactor VMX module init/exit functions Kai Huang
2024-10-28 13:20 ` [PATCH 2/3] KVM: Export hardware virtualization enabling/disabling functions Kai Huang
2024-10-28 13:20 ` [PATCH 3/3] KVM: VMX: Initialize TDX during KVM module load Kai Huang
2024-10-30 15:19 ` Sean Christopherson
2024-10-31 11:17 ` Huang, Kai
2024-10-31 20:22 ` Sean Christopherson [this message]
2024-10-31 21:21 ` Huang, Kai
2024-10-31 21:29 ` Edgecombe, Rick P
2024-11-06 14:19 ` Edgecombe, Rick P
2024-11-06 10:49 ` Huang, Kai
2024-11-06 15:01 ` Sean Christopherson
2024-11-06 20:06 ` Huang, Kai
2024-11-07 22:04 ` Sean Christopherson
2024-11-07 23:25 ` Huang, Kai
2024-10-31 21:52 ` Dan Williams
2024-10-31 22:37 ` Huang, Kai
2024-10-31 22:56 ` Dan Williams
2024-10-28 17:41 ` [PATCH 0/3] KVM: VMX: Initialize TDX when loading KVM module Paolo Bonzini
-- strict thread matches above, loose matches on Subject: below --
2024-11-27 20:10 [PATCH v3 0/3] KVM: VMX: Initialize TDX during KVM module load Paolo Bonzini
2024-11-27 20:10 ` [PATCH 3/3] " Paolo Bonzini
2024-11-28 3:00 ` Chao Gao
2024-11-28 3:04 ` Huang, Kai
2024-11-28 3:34 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZyPnC3K9hjjKAWCM@google.com \
--to=seanjc@google.com \
--cc=adrian.hunter@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kristen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=tony.lindgren@intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.