From: Sean Christopherson <seanjc@google.com>
To: Kai Huang <kai.huang@intel.com>
Cc: pbonzini@redhat.com, kvm@vger.kernel.org,
rick.p.edgecombe@intel.com, isaku.yamahata@intel.com,
reinette.chatre@intel.com, binbin.wu@linux.intel.com,
xiaoyao.li@intel.com, yan.y.zhao@intel.com,
adrian.hunter@intel.com, tony.lindgren@intel.com,
kristen@linux.intel.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 3/3] KVM: VMX: Initialize TDX during KVM module load
Date: Wed, 30 Oct 2024 08:19:36 -0700 [thread overview]
Message-ID: <ZyJOiPQnBz31qLZ7@google.com> (raw)
In-Reply-To: <f7394b88a22e52774f23854950d45c1bfeafe42c.1730120881.git.kai.huang@intel.com>
On Tue, Oct 29, 2024, Kai Huang wrote:
> diff --git a/arch/x86/kvm/Makefile b/arch/x86/kvm/Makefile
> index f9dddb8cb466..fec803aff7ad 100644
> --- a/arch/x86/kvm/Makefile
> +++ b/arch/x86/kvm/Makefile
> @@ -20,6 +20,7 @@ kvm-intel-y += vmx/vmx.o vmx/vmenter.o vmx/pmu_intel.o vmx/vmcs12.o \
>
> kvm-intel-$(CONFIG_X86_SGX_KVM) += vmx/sgx.o
> kvm-intel-$(CONFIG_KVM_HYPERV) += vmx/hyperv.o vmx/hyperv_evmcs.o
> +kvm-intel-$(CONFIG_INTEL_TDX_HOST) += vmx/tdx.o
IMO, INTEL_TDX_HOST should be a KVM Kconfig, e.g. KVM_INTEL_TDX. Forcing the user
to bounce between KVM's menu and the generic menu to enable KVM support for TDX is
kludgy. Having INTEL_TDX_HOST exist before KVM support came along made sense, as
it allowed compile-testing a bunch of code, but I don't think it should be the end
state.
If others disagree, then we should adjust KVM_AMD_SEV in the opposite direction,
because doing different things for SEV vs. TDX is confusing and messy.
> kvm-amd-y += svm/svm.o svm/vmenter.o svm/pmu.o svm/nested.o svm/avic.o
>
> diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
> index 433ecbd90905..053294939eb1 100644
> --- a/arch/x86/kvm/vmx/main.c
> +++ b/arch/x86/kvm/vmx/main.c
> @@ -6,6 +6,7 @@
> #include "nested.h"
> #include "pmu.h"
> #include "posted_intr.h"
> +#include "tdx.h"
>
> #define VMX_REQUIRED_APICV_INHIBITS \
> (BIT(APICV_INHIBIT_REASON_DISABLED) | \
> @@ -170,6 +171,7 @@ struct kvm_x86_init_ops vt_init_ops __initdata = {
> static void vt_exit(void)
> {
> kvm_exit();
> + tdx_cleanup();
> vmx_exit();
> }
> module_exit(vt_exit);
> @@ -182,6 +184,9 @@ static int __init vt_init(void)
> if (r)
> return r;
>
> + /* tdx_init() has been taken */
> + tdx_bringup();
tdx_module_init()? And honestly, even though Linux doesn't currently support
unloading the TDX module, I think tdx_module_exit() is a perfectly fine name,
because not being able to unload the TDX module and reclaim all of that memory
is a flaw that should be addressed at some point.
> +static enum cpuhp_state tdx_cpuhp_state;
> +
> +static int tdx_online_cpu(unsigned int cpu)
> +{
> + unsigned long flags;
> + int r;
> +
> + /* Sanity check CPU is already in post-VMXON */
> + WARN_ON_ONCE(!(cr4_read_shadow() & X86_CR4_VMXE));
> +
> + /* tdx_cpu_enable() must be called with IRQ disabled */
I don't find this comment helpfu. If it explained _why_ tdx_cpu_enable() requires
IRQs to be disabled, then I'd feel differently, but as is, IMO it doesn't add value.
> + local_irq_save(flags);
> + r = tdx_cpu_enable();
> + local_irq_restore(flags);
> +
> + return r;
> +}
> +
...
> +static int __init __do_tdx_bringup(void)
> +{
> + int r;
> +
> + /*
> + * TDX-specific cpuhp callback to call tdx_cpu_enable() on all
> + * online CPUs before calling tdx_enable(), and on any new
> + * going-online CPU to make sure it is ready for TDX guest.
> + */
> + r = cpuhp_setup_state_cpuslocked(CPUHP_AP_ONLINE_DYN,
> + "kvm/cpu/tdx:online",
> + tdx_online_cpu, NULL);
> + if (r < 0)
> + return r;
> +
> + tdx_cpuhp_state = r;
> +
> + /* tdx_enable() must be called with cpus_read_lock() */
This comment is even less valuable, IMO.
> + r = tdx_enable();
> + if (r)
> + __do_tdx_cleanup();
> +
> + return r;
> +}
> +
> +static int __init __tdx_bringup(void)
> +{
> + int r;
> +
> + if (!enable_ept) {
> + pr_err("Cannot enable TDX with EPT disabled.\n");
Why wait until now to check for EPT? Force enable_tdx to false if enable_ept is
false, don't fail the module load.
> + return -EINVAL;
> + }
> +
> + /*
> + * Enabling TDX requires enabling hardware virtualization first,
> + * as making SEAMCALLs requires CPU being in post-VMXON state.
> + */
> + r = kvm_enable_virtualization();
> + if (r)
> + return r;
> +
> + cpus_read_lock();
> + r = __do_tdx_bringup();
> + cpus_read_unlock();
> +
> + if (r)
> + goto tdx_bringup_err;
> +
> + /*
> + * Leave hardware virtualization enabled after TDX is enabled
> + * successfully. TDX CPU hotplug depends on this.
> + */
> + return 0;
> +tdx_bringup_err:
> + kvm_disable_virtualization();
> + return r;
> +}
> +
> +void tdx_cleanup(void)
> +{
> + if (enable_tdx) {
> + __do_tdx_cleanup();
> + kvm_disable_virtualization();
> + }
> +}
> +
> +void __init tdx_bringup(void)
> +{
> + enable_tdx = enable_tdx && !__tdx_bringup();
Ah. I don't love this approach because it mixes "failure" due to an unsupported
configuration, with failure due to unexpected issues. E.g. if enabling virtualization
fails, loading KVM-the-module absolutely should fail too, not simply disable TDX.
next prev parent reply other threads:[~2024-10-30 15:19 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-28 13:20 [PATCH 0/3] KVM: VMX: Initialize TDX when loading KVM module Kai Huang
2024-10-28 13:20 ` [PATCH 1/3] KVM: VMX: Refactor VMX module init/exit functions Kai Huang
2024-10-28 13:20 ` [PATCH 2/3] KVM: Export hardware virtualization enabling/disabling functions Kai Huang
2024-10-28 13:20 ` [PATCH 3/3] KVM: VMX: Initialize TDX during KVM module load Kai Huang
2024-10-30 15:19 ` Sean Christopherson [this message]
2024-10-31 11:17 ` Huang, Kai
2024-10-31 20:22 ` Sean Christopherson
2024-10-31 21:21 ` Huang, Kai
2024-10-31 21:29 ` Edgecombe, Rick P
2024-11-06 14:19 ` Edgecombe, Rick P
2024-11-06 10:49 ` Huang, Kai
2024-11-06 15:01 ` Sean Christopherson
2024-11-06 20:06 ` Huang, Kai
2024-11-07 22:04 ` Sean Christopherson
2024-11-07 23:25 ` Huang, Kai
2024-10-31 21:52 ` Dan Williams
2024-10-31 22:37 ` Huang, Kai
2024-10-31 22:56 ` Dan Williams
2024-10-28 17:41 ` [PATCH 0/3] KVM: VMX: Initialize TDX when loading KVM module Paolo Bonzini
-- strict thread matches above, loose matches on Subject: below --
2024-11-27 20:10 [PATCH v3 0/3] KVM: VMX: Initialize TDX during KVM module load Paolo Bonzini
2024-11-27 20:10 ` [PATCH 3/3] " Paolo Bonzini
2024-11-28 3:00 ` Chao Gao
2024-11-28 3:04 ` Huang, Kai
2024-11-28 3:34 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZyJOiPQnBz31qLZ7@google.com \
--to=seanjc@google.com \
--cc=adrian.hunter@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kristen@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=tony.lindgren@intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox