Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1473630pxb; Fri, 1 Apr 2022 14:45:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy2OzqrUsfWyjYiYWvJ8CnsY9wlOqM8XtgKAQV1SWEyyCU5/oyJtXgav6DIzIfaPZWonsXB X-Received: by 2002:a17:902:a98b:b0:156:40cc:ddf6 with SMTP id bh11-20020a170902a98b00b0015640ccddf6mr12478354plb.111.1648849522637; Fri, 01 Apr 2022 14:45:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648849522; cv=none; d=google.com; s=arc-20160816; b=bGX5yatImsA2B3BgwO8ab37G+xV3OfjLNthKGF8II1az+RvL+wsGjB84yyl19Fxq7T oiktVA7b4C95t50i+Wy6cf/F3iFr/AydoqT+g9qUE5AOMSYru6C5K7YX5CxrwYb1fWwW 9ASKvf1yc2OxvfLNi9Pia7aIMLtKg4m6VfwExAR6sRM4n9AIyywHlnNegpvtLlZWcoYa Sw+3Wu9xwkcX4WoSHMHNO0NcgLuJItw46Hvv1iZf8eiNE4gnlv3F/bDMHgfhRpYAarUR pxIKt4HPym34vikl0o3WW6N3nGfLN0zdAC+mJbkeVBjO0PRMIuCmYHYw1ucnqOZML31T FiQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=6TjwPLirVvtK8s34uSN7CHWiKNF87Nh8s5orS/FRtx8=; b=QylCK0ywlhnxGqdgmwt4O/oP8ce9oNX6KXALRPuvNuwgx0LdMvHLsJzO2zz1a0qa29 w7KyCvrE6NwD3qnxXnXhDW4oh8qr4rwq6iDqtjOCs+PuBvVm3g/+j+I4VLhPy4uCWspX w5fL1g5En7Q3Als4C3mbbo3yVPb3kriAmpkaDhkPmK67zy1qpILeC55lrh8nPCu41Bux 7FyVEyr1doJN8FVXRj17rvzYvVFfey/rOUWH9lz/Zq5X7JLlFZG31SLFNGLUF0IhSOix /0mvZWQMP7xVow7F3PEdIW0kePImdLPP8QlaHVm19aiWrrkyzAXHacA4823VNmupnApV uX/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=GOC8fHht; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u21-20020a170902a61500b00156647ce264si2914152plq.315.2022.04.01.14.45.08; Fri, 01 Apr 2022 14:45:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=GOC8fHht; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240746AbiCaTgF (ORCPT + 99 others); Thu, 31 Mar 2022 15:36:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240594AbiCaTgE (ORCPT ); Thu, 31 Mar 2022 15:36:04 -0400 Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D0665FF2D for ; Thu, 31 Mar 2022 12:34:17 -0700 (PDT) Received: by mail-pg1-x52d.google.com with SMTP id bc27so588197pgb.4 for ; Thu, 31 Mar 2022 12:34:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=6TjwPLirVvtK8s34uSN7CHWiKNF87Nh8s5orS/FRtx8=; b=GOC8fHhteIOeaRunNywEvdfMNb1ooFQiSRvnOg2z4CcmESdOkeohBxTryjRk+SUpAj ygNF3WSdBsHOIhmEoKxA/8m4C/0kJ4cAxYi4R8JeYbriN7MpQbkAQT9z4ZNMHZ1ZPci+ yb13s2X8seQjoLHSgTlV5oIo79vIuPhlvFZV34JXWeuQSlVcLG4xKKOkm77ICCRf1z4G WjdQRlY+O/ksqcXUUqJQ0zRf25mI+adyZwG8jIzSu+ESPr5hW32AAPzqYIaPzbO5EG5g a9eDN++W6Czb+iPVI3bIKw4qR+kVLaMdHxb8TBV0h9jFtbTOOjWrQiQJc58rKtkrrA/U cDGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=6TjwPLirVvtK8s34uSN7CHWiKNF87Nh8s5orS/FRtx8=; b=wu7DHGrtXtaIV57QoMUg1Myv6LSKemqfCTr9XD/7EmMM8rCnpUJGggQ2MoIjMbr/pM Djgq5zucbJp3CqxJEHl3m442qKyohMZ6Qq6XqoFWz4cQY9RJ0oqHpHZudk9PcM3Vl5Kg w1LfXdVFP0PKWoT0I7sUBx7Ym5dU5XBKx2p6SbjvnJwaoopc23M1LfBwI+hGXijK5gMl AYDOonv4neJGbIcanN8yYbCfpS8S+RHrC/VxBRz8ggmaPYeAT5V1dE0QeEZ1/yHj7wzx dWVnRZ/WHJZGl4DvH5nFpTzs7Lq8tuhmtFuij98dTI7r2bDO/bIdZ4MaxSK/QKO9M1jh IJqQ== X-Gm-Message-State: AOAM532wqQNos8LaknMQ2aB0gPKRH+6l9FzSLG+7mfmNW6aTRITedtNS KpRTFQlbLacghlkF0OsaAWZFsg== X-Received: by 2002:a05:6a00:996:b0:4fa:7cf8:6cdb with SMTP id u22-20020a056a00099600b004fa7cf86cdbmr7074785pfg.71.1648755256480; Thu, 31 Mar 2022 12:34:16 -0700 (PDT) Received: from google.com (157.214.185.35.bc.googleusercontent.com. [35.185.214.157]) by smtp.gmail.com with ESMTPSA id 3-20020a630003000000b003828fc1455esm134681pga.60.2022.03.31.12.34.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 31 Mar 2022 12:34:15 -0700 (PDT) Date: Thu, 31 Mar 2022 19:34:12 +0000 From: Sean Christopherson To: Isaku Yamahata Cc: Paolo Bonzini , isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jim Mattson , erdemaktas@google.com, Connor Kuehl , Chao Gao Subject: Re: [RFC PATCH v5 008/104] KVM: TDX: Add a function to initialize TDX module Message-ID: References: <05aecc5a-e8d2-b357-3bf1-3d0cb247c28d@redhat.com> <20220314194513.GD1964605@ls.amr.corp.intel.com> <20220331170303.GA2179440@ls.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220331170303.GA2179440@ls.amr.corp.intel.com> X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org +Chao Gao On Thu, Mar 31, 2022, Isaku Yamahata wrote: > On Thu, Mar 31, 2022 at 12:03:15AM +0000, Sean Christopherson wrote: > > On Mon, Mar 14, 2022, Isaku Yamahata wrote: > > > - VMXON on all pCPUs: The TDX module initialization requires to enable VMX > > > (VMXON) on all present pCPUs. vmx_hardware_enable() which is called on creating > > > guest does it. It naturally fits with the TDX module initialization at creating > > > first TD. I wanted to avoid code to enable VMXON on loading the kvm_intel.ko. > > > > That's a solvable problem, though making it work without exporting hardware_enable_all() > > could get messy. > > Could you please explain any reason why it's bad idea to export it? I'd really prefer to keep the hardware enable/disable logic internal to kvm_main.c so that all architectures share a common flow, and so that kvm_main.c is the sole owner. I'm worried that exposing the helper will lead to other arch/vendor usage, and that will end up with what is effectively duplicate flows. Deduplicating arch code into generic KVM is usually very difficult. This might also be a good opportunity to make KVM slightly more robust. Ooh, and we can kill two birds with one stone. There's an in-flight series to add compatibility checks to hotplug[*]. But rather than special case hotplug, what if we instead do hardware enable/disable during module load, and move the compatibility check into the hardware_enable path? That fixes the hotplug issue, gives TDX a window for running post-VMXON code in kvm_init(), and makes the broadcast IPI less wasteful on architectures that don't have compatiblity checks. I'm thinking something like this, maybe as a modificatyion to patch 6 in Chao's series, or more likely as a patch 7 so that the hotplug compat checks still get in even if the early hardware enable doesn't work on all architectures for some reason. diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 69c318fdff61..c6572a056072 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -4838,8 +4838,13 @@ static void hardware_enable_nolock(void *junk) cpumask_set_cpu(cpu, cpus_hardware_enabled); + r = kvm_arch_check_processor_compat(); + if (r) + goto out; + r = kvm_arch_hardware_enable(); +out: if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); atomic_inc(&hardware_enable_failed); @@ -5636,18 +5641,6 @@ void kvm_unregister_perf_callbacks(void) } #endif -struct kvm_cpu_compat_check { - void *opaque; - int *ret; -}; - -static void check_processor_compat(void *data) -{ - struct kvm_cpu_compat_check *c = data; - - *c->ret = kvm_arch_check_processor_compat(c->opaque); -} - int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, struct module *module) { @@ -5679,13 +5672,13 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r < 0) goto out_free_1; - c.ret = &r; - c.opaque = opaque; - for_each_online_cpu(cpu) { - smp_call_function_single(cpu, check_processor_compat, &c, 1); - if (r < 0) - goto out_free_2; - } + r = hardware_enable_all(); + if (r) + goto out_free_2; + + kvm_arch_post_hardware_enable_setup(); + + hardware_disable_all(); r = cpuhp_setup_state_nocalls(CPUHP_AP_KVM_STARTING, "kvm/cpu:starting", kvm_starting_cpu, kvm_dying_cpu); [*] https://lore.kernel.org/all/20211227081515.2088920-7-chao.gao@intel.com