Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp6428838iog; Thu, 23 Jun 2022 19:54:00 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uELDcsIPl4M12XfEgNQOFZQp7/rTaPPkxzDWdxCYsOfBiRAbk6GScnDFrV3JKtflhh28b3 X-Received: by 2002:a17:90b:1c82:b0:1dd:1b46:5aa9 with SMTP id oo2-20020a17090b1c8200b001dd1b465aa9mr1306059pjb.158.1656039240361; Thu, 23 Jun 2022 19:54:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1656039240; cv=none; d=google.com; s=arc-20160816; b=or2sNTy/PUcyYk+QteVhrC0bOdi7QlPJ3OmYwLiimafj0xsnw7WJ0O6natArMQIyxw h8fm0qJbaw/3pBvkdquo35KpApDXePQZTYwVVLAjaMsGKfnVUINiXp34S1mM7/A6umJI rdlm7o7hQ7m/FQznCFDHGLJMHhHGHYGjMGj7awwvZiefsTb+d7Ovdx7c4agxfGmRci4w i3yHMiyosWu09svetghWQRZk1u2p4fW79FEo3Jw9YGlqHkCEyogREoWuo8UVlyKgcd7v 8w7tMLTwaagPnEW65RsXxMZvpbZLge2HoctG48U0egEF1KSd+E/CBhhQGhovg8TIvzCQ kU4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=MYzS+TteFy/4IVkJTfqvN2UhZzkrFKbjU+HfMZndW+0=; b=LTKTMeee8xLWydZDXOpKKqqgaMuXcC2+eGWhIxz8ESw/jdpn34euONq3gnJpjvlpp6 0piW/c9th10cItQydnmM9Hk6DdQpOm78DF543DrEZjDiAm/x19bTceDRhBpaxOPWGB41 Bjq9EF3xfnvBOwwu4ksC+lfWDDe45UkmHAqxZzTBPecdCLH6o0HqxfS7aKa5PUjZ0GW5 YSYw/lJd+NpVYY3gv1uh7SC9v10l6UnFQdwuGpkFCgd5AX63nZz+C4XZexdiXMk1QgYC pfVnRTnzAnAm7XPKCxHwTvXtGR8DHcF2CQ+4hiETQIda1bF9+uNL46zLX0tczMimvR7m mVcA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="JYG3y3/1"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a134-20020a621a8c000000b00524d0d3d51dsi1108220pfa.22.2022.06.23.19.53.48; Thu, 23 Jun 2022 19:54:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="JYG3y3/1"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230421AbiFXCjl (ORCPT + 99 others); Thu, 23 Jun 2022 22:39:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229499AbiFXCjk (ORCPT ); Thu, 23 Jun 2022 22:39:40 -0400 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D595563AE; Thu, 23 Jun 2022 19:39:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1656038379; x=1687574379; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=tTlaQaW7c0kd3/JZPP+CUTPrmaNJ7s23LxQHSlHLTuU=; b=JYG3y3/1nDCqCd2mF8MSUAkLNd8AiTLzOLtOPxE3aTPuV2BIJ8Sq2AN5 f/Tq1AP9JUF4w5Y4breDrKsTyiAWn7nDayblLoCxt6MFO2Eu9utb3/z6b GSHz+U8r1A79BY0KoiSaZBkV3pXflwKz0QYNzheOiaYiExC+sLKsPk6zL EIRHAMpZFSPGNNLNFMsR7tuQR/uLkowXvIs2n0dYf9e1hMDPZF9R8fJa3 8KJwj6pgBAigoCAMshdnhKOAJQkO+gtmCdBhWaKmP9sWrHX1btXkzYBQu GQn/bw2eCZIKe/R18FStPUaUY89zlyFDupp3xWOJdNOUlO/iFLn/k1kAt Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10387"; a="306368966" X-IronPort-AV: E=Sophos;i="5.92,217,1650956400"; d="scan'208";a="306368966" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2022 19:39:39 -0700 X-IronPort-AV: E=Sophos;i="5.92,217,1650956400"; d="scan'208";a="593012859" Received: from gao-cwp.sh.intel.com (HELO gao-cwp) ([10.239.159.23]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2022 19:39:35 -0700 Date: Fri, 24 Jun 2022 10:39:21 +0800 From: Chao Gao To: Kai Huang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, len.brown@intel.com, tony.luck@intel.com, rafael.j.wysocki@intel.com, reinette.chatre@intel.com, dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, isaku.yamahata@intel.com Subject: Re: [PATCH v5 06/22] x86/virt/tdx: Add skeleton to initialize TDX on demand Message-ID: <20220624023916.GC15566@gao-cwp> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 22, 2022 at 11:16:29PM +1200, Kai Huang wrote: >Before the TDX module can be used to create and run TD guests, it must >be loaded into the isolated region pointed by the SEAMRR and properly >initialized. The TDX module is expected to be loaded by BIOS before >booting to the kernel, and the kernel is expected to detect and >initialize it. > >The TDX module can be initialized only once in its lifetime. Instead >of always initializing it at boot time, this implementation chooses an >on-demand approach to initialize TDX until there is a real need (e.g >when requested by KVM). This avoids consuming the memory that must be >allocated by kernel and given to the TDX module as metadata (~1/256th of >the TDX-usable memory), and also saves the time of initializing the TDX >module (and the metadata) when TDX is not used at all. Initializing the >TDX module at runtime on-demand also is more flexible to support TDX >module runtime updating in the future (after updating the TDX module, it >needs to be initialized again). > >Add a placeholder tdx_init() to detect and initialize the TDX module on >demand, with a state machine protected by mutex to support concurrent >calls from multiple callers. > >The TDX module will be initialized in multi-steps defined by the TDX >architecture: > > 1) Global initialization; > 2) Logical-CPU scope initialization; > 3) Enumerate the TDX module capabilities and platform configuration; > 4) Configure the TDX module about usable memory ranges and global > KeyID information; > 5) Package-scope configuration for the global KeyID; > 6) Initialize usable memory ranges based on 4). > >The TDX module can also be shut down at any time during its lifetime. >In case of any error during the initialization process, shut down the >module. It's pointless to leave the module in any intermediate state >during the initialization. > >Signed-off-by: Kai Huang Reviewed-by: Chao Gao One nit below: >+static int __tdx_init(void) >+{ >+ int ret; >+ >+ /* >+ * Initializing the TDX module requires running some code on >+ * all MADT-enabled CPUs. If not all MADT-enabled CPUs are >+ * online, it's not possible to initialize the TDX module. >+ * >+ * For simplicity temporarily disable CPU hotplug to prevent >+ * any CPU from going offline during the initialization. >+ */ >+ cpus_read_lock(); >+ >+ /* >+ * Check whether all MADT-enabled CPUs are online and return >+ * early with an explicit message so the user can be aware. >+ * >+ * Note ACPI CPU hotplug is prevented when TDX is enabled, so >+ * num_processors always reflects all present MADT-enabled >+ * CPUs during boot when disabled_cpus is 0. >+ */ >+ if (disabled_cpus || num_online_cpus() != num_processors) { >+ pr_err("Unable to initialize the TDX module when there's offline CPU(s).\n"); >+ ret = -EINVAL; >+ goto out; >+ } >+ >+ ret = init_tdx_module(); >+ if (ret == -ENODEV) { >+ pr_info("TDX module is not loaded.\n"); tdx_module_status should be set to TDX_MODULE_NONE here. >+ goto out; >+ }