Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp32226pxb; Wed, 30 Mar 2022 22:06:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJywRQhgSDFOc3VeZ+YLUym1KNQ8E2/XVWfDb2UKZlokruIYlbYac/SsuejWFsO65QYqds8M X-Received: by 2002:a63:794c:0:b0:398:2f41:4b0f with SMTP id u73-20020a63794c000000b003982f414b0fmr9121000pgc.448.1648703204367; Wed, 30 Mar 2022 22:06:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648703204; cv=none; d=google.com; s=arc-20160816; b=L7US9Xr0JpsSenSjCqZvb3xPAwVK6fnuuTSJrxkNZ0hO9iSU7gvNWvTOCao4xLJ6eH G7uqfCQPFJd7ZbHGeW9dUkOksCNZEBfwsouOFckkMLSqUh5PuA0Rjgcbxp+ieFVFxzmA NgaIK4hQnFqAF4BEKU98JyBaWkr4L9twPJzO9hhIdSMQNE9CZGPslFtRk6KpOoenWR8Z n+jlOVbQTHfvR+g+f2qh0NMZP42Leou6V1RMWADSNOSnSHqjlXvwnTe0JmwPflfptyTo E3rfE3nklzNEvoUX6Hz2rcjGlShcCXn5BR3VmyJUnlxFUPqEwE+vJTRyulo12USzVuXv KLuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=eK3xgJsSbOj4248lrzJGbFEJ5CxyDIG0aIJkQ/5Fx3I=; b=BFs/YLt/XSnzH1PDxaEM4Y10q6arnNBZj0ItWYygR+Cd2treCG6IJSjCwA8cH63qHJ AphctWfP6PRhm1iNdzEjBtluuMY5DiWnHiPAm2gut+lbe5TEBUaQ6hK/QRC/4iOn5387 gz1g7sMLKji2Uzfs712jddVZiLGwRRhi8zS5P+2Jpxak7M5qgnjMIFT3iWmjhkfLCsFK 1LqpzInt4OJiTefOyvgBWLSMabIMQ/qOIXhRWvvi3rCkVAT6VjUsBb+gj/PMYE5vX4yu a8S28sBaSdZx8cxD954kXWZgtR6m0EEjIZkNIuwKvgiCfhVuRayCrpU70aSyLgP/5u14 aqMQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=hjmOY7ws; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id y2-20020a634b02000000b00382050266easi21656774pga.420.2022.03.30.22.06.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Mar 2022 22:06:44 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=hjmOY7ws; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 171B227CE3B; Wed, 30 Mar 2022 20:41:15 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350110AbiCaAFN (ORCPT + 99 others); Wed, 30 Mar 2022 20:05:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34328 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239470AbiCaAFK (ORCPT ); Wed, 30 Mar 2022 20:05:10 -0400 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95793B23 for ; Wed, 30 Mar 2022 17:03:20 -0700 (PDT) Received: by mail-pj1-x1034.google.com with SMTP id h23-20020a17090a051700b001c9c1dd3acbso1880225pjh.3 for ; Wed, 30 Mar 2022 17:03:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=eK3xgJsSbOj4248lrzJGbFEJ5CxyDIG0aIJkQ/5Fx3I=; b=hjmOY7ws3z6W+WChFER7xW75B/O15SGRzs2GdsWRKER/RGDhs2J3uNG0K+gFINWJ0u 9eLaS7137Hc12CYSRt2eD0A+htyallhS2P+eh7M7C8a396pvzpEZYKqD9R6+9cvHNcCj LG1wyJp288R7FfwIJsgdlrVSFKb1yk6ydvElVx+O/e/x4DTV8Q3yg76CG1qYzc95mlA4 YpTONsqY9K4aDKA8aKYIxaJ6cmKiX6qm9GnPQPCwRHya1xvVrxTtCpYtUxZIutHRf9Nc B31bT/0tDe2j1rx7JLP43kUtpg68prkawVNJomrpgChAhndEv7sGJNrcm9KbrBo/ogjn 4CHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=eK3xgJsSbOj4248lrzJGbFEJ5CxyDIG0aIJkQ/5Fx3I=; b=3xLa1z73Qv7NZZDg9hwphaZa7awVyQ3CLKhKefvHLEoMRO4vApXuEAnpC94aEAXxIq Op+pF+VL1/vFU/ExKAuJ2rMBL71loojCkNkn9zNnCZjnMq5C2FqsUf6+d93RtiZ+3HiI KYmb1HwVDM3hnO9yZuglYYPewPXGwGwUpCKiP+dJMj3v7RGDyzhGKzY9GEElmNE3UX7T LVuWiK0sipG1CKa7yUQCY4h1+76ZXDDp1fVKAkvWCmH3EjVfFnblN1B2tMJl/5RCXdTK APS25NdF6GA4p9WXDvaW/YGsLPfm360xuQNKPnA1d/7RWGw0yuPO5KQ4juvvIIPp+8/y KtPw== X-Gm-Message-State: AOAM530P5t8frPXmL1ytS/SPOD3lSYtcJQD+lABkhdkHPrNLMWsqB81i UeL9lyWAxs2i0Ja4+Mqg7eHe5w== X-Received: by 2002:a17:902:d88a:b0:156:1609:1e62 with SMTP id b10-20020a170902d88a00b0015616091e62mr16346514plz.143.1648684999806; Wed, 30 Mar 2022 17:03:19 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id g3-20020a056a001a0300b004fa65cbbf4esm25563516pfv.63.2022.03.30.17.03.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 30 Mar 2022 17:03:19 -0700 (PDT) Date: Thu, 31 Mar 2022 00:03:15 +0000 From: Sean Christopherson To: Isaku Yamahata Cc: Paolo Bonzini , isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , erdemaktas@google.com, Connor Kuehl Subject: Re: [RFC PATCH v5 008/104] KVM: TDX: Add a function to initialize TDX module Message-ID: References: <05aecc5a-e8d2-b357-3bf1-3d0cb247c28d@redhat.com> <20220314194513.GD1964605@ls.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220314194513.GD1964605@ls.amr.corp.intel.com> X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 14, 2022, Isaku Yamahata wrote: > On Sun, Mar 13, 2022 at 03:03:40PM +0100, > Paolo Bonzini wrote: > > > On 3/4/22 20:48, isaku.yamahata@intel.com wrote: > > > + > > > + if (!tdx_module_initialized) { > > > + if (enable_tdx) { > > > + ret = __tdx_module_setup(); > > > + if (ret) > > > + enable_tdx = false; > > > > "enable_tdx = false" isn't great to do only when a VM is created. Does it > > make sense to anticipate this to the point when the kvm_intel.ko module is > > loaded? > > It's possible. I have the following two reasons to chose to defer TDX module > initialization until creating first TD. Given those reasons, do you still want > the initialization at loading kvm_intel.ko module? If yes, I'll change it. Yes, TDX module setup needs to be done at load time. The loss of memory is unfortunate, e.g. if the host is part of a pool that _might_ run TDX guests, but the alternatives are worse. If TDX fails to initialize, e.g. due to low mem, then the host will be unable to run TDX guests despite saying "I support TDX". Or this gem :-) /* * TDH.SYS.KEY.CONFIG may fail with entropy error (which is * a recoverable error). Assume this is exceedingly rare and * just return error if encountered instead of retrying. */ The CPU overhead of initializing the TDX module is also non-trivial, and it doesn't affect just this CPU, e.g. all CPUs need to do certain SEAMCALLs and at least one WBINVD. The can cause noisy neighbor problems. > - memory over head: The initialization of TDX module requires to allocate > physically contiguous memory whose size is about 0.43% of the system memory. > If user don't use TD, it will be wasted. > > - VMXON on all pCPUs: The TDX module initialization requires to enable VMX > (VMXON) on all present pCPUs. vmx_hardware_enable() which is called on creating > guest does it. It naturally fits with the TDX module initialization at creating > first TD. I wanted to avoid code to enable VMXON on loading the kvm_intel.ko. That's a solvable problem, though making it work without exporting hardware_enable_all() could get messy.