Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp158959pxb; Thu, 7 Apr 2022 01:54:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwqDyEwidGIrRf2GRvSWZcgS4WAJyhtlN9b7tHMdrKTwZn5Vy4F96G3b40UwwLKKguOO66q X-Received: by 2002:a17:907:62a2:b0:6e0:e201:b94e with SMTP id nd34-20020a17090762a200b006e0e201b94emr12288494ejc.730.1649321647100; Thu, 07 Apr 2022 01:54:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649321647; cv=none; d=google.com; s=arc-20160816; b=TqQGLSxydG+0xgRvuJP2Dmn/rFuZtEu0Sc3GWAudkoyNDBf0gbXOh24AYQBVLsrZq1 LdhcuGSePGgPAMJUZ2zBEiKPNCj3kmja0WBiGZLdpguLs7htPxQO9Yba8sw/6ad+9EYd oBSAuao3d4zk5LyJsR/j20Zf6wu9yN9gYx26a+3sGMvEE2BSMXUreRXK57Ra8AbxLOeB jV0fxqU8vU2Y5uNfgXPkj3dHVZVxzRQNl93zvUVqOxtkqs+/v/U7e01rzVcKxrwnE2ua 2vZst1xVitEZt41HY4iwRbXIvC+ySnd5W3Uf82arJmhmNZw85qarE0/6A9MHEZpn7kMg uzvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=rXqjtx3WxqTsvntlvcvYxbgGZscGtjX+d3Uh9B96+5M=; b=g4E7kmvz/0ZUk3TgDirq5EXL29I2Gd7WwTxH6i6t2C0dBbmwm8odrEmmeTZh9Z0BDD T+/rXMpeFZduW5uddi5WqtCUirmWJsQqVBfy9L1gEJzwJcIRc2Fx0oRXvSi1Pk8nAzMI ujvLjPmzj+nxy4yyDEU0ZG+h5CpxWirDtUcLOez2oKEf+u3tPcIN2xHr+bZGp5Ur85yw ISylzNpUDk1p+D8oo35+NyzJ7yGTjSLJVJ36P/aoGFWtjZJPghE9c/fEOYU33in+tXQN Z6F6Up5aM4VNMB9H5rIbr0XUmbCJklJCVWip+d0nhPatbhkCTLWbB+NjQkhUlMUA0N05 bWrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=C1RJUatM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ws17-20020a170907705100b006df76385b78si9421096ejb.24.2022.04.07.01.53.41; Thu, 07 Apr 2022 01:54:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=C1RJUatM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233309AbiDGBJx (ORCPT + 99 others); Wed, 6 Apr 2022 21:09:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233147AbiDGBJt (ORCPT ); Wed, 6 Apr 2022 21:09:49 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C5C2417FD13; Wed, 6 Apr 2022 18:07:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1649293671; x=1680829671; h=message-id:subject:from:to:cc:date:in-reply-to: references:mime-version:content-transfer-encoding; bh=hH9j1C11zEDzX1YDHVkD28XC3kD9po5unUNqNLEfqd0=; b=C1RJUatMl69uDGBq7FGEf5vrGYPVhoZMG3Sr2Ph2FH9frSRqrcPH1p2s 0KEiDEb/tgwco7bQWenMu6TObSavxJMPfT11eHkzI8lXB7eBJNcC1UrC6 IKHppaucLWbqrCgRA9aFS9NBLJEwc/WTvE5N63fHNajJBK0rtN4CTZwi3 1ejngg8J4D/hwucFTIZhMbx7WRt05IhXHGS7I1Qbm8zH2Shj3xaUurZom mBNKNRsi+uttjt9GcaJc8kspuCS42NPBqspE8k9hO6WbDtpkm56tseSR+ r3wQu/brYNKz1hue3REgi/r6uDG/+Ys++dLCNaZlBp9K7uEOs80dfeGbK w==; X-IronPort-AV: E=McAfee;i="6200,9189,10309"; a="261375314" X-IronPort-AV: E=Sophos;i="5.90,241,1643702400"; d="scan'208";a="261375314" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Apr 2022 18:07:43 -0700 X-IronPort-AV: E=Sophos;i="5.90,241,1643702400"; d="scan'208";a="588601314" Received: from mgailhax-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.55.23]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Apr 2022 18:07:40 -0700 Message-ID: Subject: Re: [RFC PATCH v5 026/104] KVM: TDX: x86: Add vm ioctl to get TDX systemwide parameters From: Kai Huang To: Xiaoyao Li , Paolo Bonzini , isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@gmail.com, Jim Mattson , erdemaktas@google.com, Connor Kuehl , Sean Christopherson Date: Thu, 07 Apr 2022 13:07:38 +1200 In-Reply-To: <17981a2e-03e3-81df-0654-5ccb29f43546@intel.com> References: <5ff08ce32be458581afe59caa05d813d0e4a1ef0.1646422845.git.isaku.yamahata@intel.com> <586be87a-4f81-ea43-2078-a6004b4aba08@redhat.com> <17981a2e-03e3-81df-0654-5ccb29f43546@intel.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2022-04-06 at 09:54 +0800, Xiaoyao Li wrote: > On 4/5/2022 8:52 PM, Paolo Bonzini wrote: > > On 3/4/22 20:48, isaku.yamahata@intel.com wrote: > > > Implement a VM-scoped subcomment to get system-wide parameters.  Although > > > this is system-wide parameters not per-VM, this subcomand is VM-scoped > > > because > > > - Device model needs TDX system-wide parameters after creating KVM VM. > > > - This subcommands requires to initialize TDX module.  For lazy > > >    initialization of the TDX module, vm-scope ioctl is better. > > > > Since there was agreement to install the TDX module on load, please > > place this ioctl on the /dev/kvm file descriptor. > > > > At least for SEV, there were cases where the system-wide parameters are > > needed outside KVM, so it's better to avoid requiring a VM file descriptor. > > I don't have strong preference on KVM-scope ioctl or VM-scope. > > Initially, we made it KVM-scope and change it to VM-scope in this > version. Yes, it returns the info from TDX module, which doesn't vary > per VM. However, what if we want to return different capabilities > (software controlled capabilities) per VM?  > In this case, you don't return different capabilities, instead, you return the same capabilities but control the capabilities on per-VM basis. > Part of the TDX capabilities > serves like get_supported_cpuid, making it KVM wide lacks the > flexibility to return differentiated capabilities for different TDs. > > > > Thanks, > > > > Paolo > > >