Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp10373857rwl; Wed, 11 Jan 2023 19:19:25 -0800 (PST) X-Google-Smtp-Source: AMrXdXtrvPBq+scmc+lfAH5HOE3iWdmGqgboCx7uDtvu4wHqkkqVpHjHZ4PF3b/8a7mtIlXPMQmd X-Received: by 2002:aa7:d308:0:b0:496:952f:cbd4 with SMTP id p8-20020aa7d308000000b00496952fcbd4mr19016299edq.1.1673493565017; Wed, 11 Jan 2023 19:19:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673493565; cv=none; d=google.com; s=arc-20160816; b=Omx1B9CfycaJAkGHWkEbXWW7XMWDHAzvWu7KW9emXjDpvLQYJIjm14PPfpccGCfOp7 gnXFpJXbO+bloVi/CPeg7/oRxY81BsLnVqALIs3JymmZn0femm+G7OH/Qn121YS7Nbs8 la0UixVIBEhv9oFt9jPNFD9awBxfnJqLnL1z7zVWWVwv837Uu3yqiRYpFyItqV3JgqKq 2RgznikjzmmkNt8EH3CT0fBdbXmhV+CM8u/Zwf2thbZ5ci2hRO5lVEy2ylrWWE1J0Asj KMlzdFQrFgq8EI/Lpya7jJX/e/ImelX0+KOaWQ1YYZwMP8T5DVxDYgGc9y9ajtvD4N6n 0TUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=U02ef6yAy0koIdWRkkMPBlMYkDTBeGRAzbNB5vzZmkI=; b=RgoN80QOTBhIak9huOcdhIKxQ2wo+gLOWy1wLjOjJXhZwjBSV0s4flKFdw3g4uBlcZ DXb8L4Cf/G0MemshPgNHmCcK6BR9SrQ9Kg7ZrvAGZjoo8pioEGhg8tkcWkM6bB3iRAyU pOR5PtqqPtojMZoT72aGC6akux5/UxjBiO+Kg9462zc0A2tdThLOfyKeHpJCQxXmDFO1 OWUIxx5l0gvTBLWOorQGqO5D8obeOyrwl0ilih9DJV8lP1VxauGIg7+ZHD0l9BXJcyFI 4VaTIJ2S3nB1/rszPJQ3SOm5b9Ect0oW1xC8FjJ3YK7dpYCDyTjaNhc7Kf2DicKVLBR9 hQsg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=NTV0eeDn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nc42-20020a1709071c2a00b007c1052c9243si6025922ejc.15.2023.01.11.19.19.13; Wed, 11 Jan 2023 19:19:24 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=NTV0eeDn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236322AbjALDJl (ORCPT + 50 others); Wed, 11 Jan 2023 22:09:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57226 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236019AbjALDI7 (ORCPT ); Wed, 11 Jan 2023 22:08:59 -0500 Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 453F449149; Wed, 11 Jan 2023 19:08:58 -0800 (PST) Received: by mail-pg1-x52b.google.com with SMTP id d10so11863860pgm.13; Wed, 11 Jan 2023 19:08:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=U02ef6yAy0koIdWRkkMPBlMYkDTBeGRAzbNB5vzZmkI=; b=NTV0eeDnv0PZXQX5LWGhgof88h5iO7BIfZGaHj1kaQ1u+kHu20uFFLE3RZtzZTedf/ xjRG1cWmFqt8Hq88EXS+bf/e/oL8G2zM8t120uwsCP16hVxdTaOHq8BtDoKU5vkBKxI8 z60/3P6wObpDIQYDVOPzBM7K24nDuMRJwI8sUA91NQ5JrK5zOeQJ1WUv8eblapKhoGoD qW/a6FBpNY9HzR/LVMubrJ7oF3QzQQ8I4QSpX4dkJgQlVEqtF84SGwFnuElWDuon58xk rkoJzC2F+x50bx4qlxysCHm8HdpFkKKqDt1/Rp+84l0jQog4f0G66I60rGSyRHJPM+Hq iqFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=U02ef6yAy0koIdWRkkMPBlMYkDTBeGRAzbNB5vzZmkI=; b=jIvGK5yCMToW0XSPdkvMLh/1Wmsd6eXQlkpeYpaZ0DkP9xF3oqjMiU3c/HfGPtoPdO KbwB6Krl5POFda3xUU7D+MhytY0TwSQZH4b/xFzrfyzNciayYP79B84yTZPK1P/kSxU2 /Yninap0aERvIaN4akmsxy+sNlCEep8sRekQmdXVEJyfDoXtUzER5WMhY7c/buNbdJzU ClpTBOWcYzcwvFA72Au3NLP4jH8yixDykU7BSqZC+U21EHF85IK5wY3VjVmD72JntKOk IMwsEz7g7fCRHHiRa3C6aznAj8fiJ5Bvx7vs5c7bHiAdjMH1vtk5QQMkYDlN6lWoBM40 d+iA== X-Gm-Message-State: AFqh2krYwlg0IFcIfQZSCF/EhhPB2270kAsaqOnUC0dB2Q4/0sPo5QYu yWOgYFP5Nz10qdxyIro1FvM= X-Received: by 2002:a05:6a00:2a9:b0:588:89bc:7f75 with SMTP id q9-20020a056a0002a900b0058889bc7f75mr12784790pfs.1.1673492937556; Wed, 11 Jan 2023 19:08:57 -0800 (PST) Received: from localhost ([192.55.54.55]) by smtp.gmail.com with ESMTPSA id 194-20020a6214cb000000b005809d382016sm10691600pfu.74.2023.01.11.19.08.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 11 Jan 2023 19:08:57 -0800 (PST) Date: Wed, 11 Jan 2023 19:08:55 -0800 From: Isaku Yamahata To: Erdem Aktas Cc: isaku.yamahata@intel.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , Sean Christopherson , Sagi Shahar , David Matlack Subject: Re: [PATCH v10 005/108] KVM: TDX: Initialize the TDX module when loading the KVM intel kernel module Message-ID: <20230112030855.GA2034518@ls.amr.corp.intel.com> References: <99e5fcf2a7127347816982355fd4141ee1038a54.1667110240.git.isaku.yamahata@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 11, 2023 at 02:02:58PM -0800, Erdem Aktas wrote: > On Sat, Oct 29, 2022 at 11:24 PM wrote: > > > > From: Isaku Yamahata > > > +int __init tdx_hardware_setup(struct kvm_x86_ops *x86_ops) > > +{ > > + int r; > > + > > + if (!enable_ept) { > > + pr_warn("Cannot enable TDX with EPT disabled\n"); > > + return -EINVAL; > > + } > > + > > + /* MOVDIR64B instruction is needed. */ > > + if (!static_cpu_has(X86_FEATURE_MOVDIR64B)) { > > + pr_warn("Cannot enable TDX with MOVDIR64B supported "); > > + return -ENODEV; > > + } > > + > > + /* TDX requires VMX. */ > > + r = vmxon_all(); > > + if (!r) > > + r = tdx_module_setup(); > > + vmxoff_all(); > > if few CPUs have VMX enabled, this will disable VMX in all of them. > Depending on what enabled VMX on those CPUs, would this not cause > kernel crashes/problems? Are you seeing any issues? or is this a question in theory? In theory, you're right. In practice, unless we have other kernel components that uses VMX, we don't have to worry. In fact, only KVM in the kernel tree uses VMX. The flow is as follows, - VMX is off on all CPUs on start up. NOTE: VMX is disabled on kexec or reboot. - On loading kvm_intel.ko (or kernel boot if builtin), this function is called. vmxon/off_all() - VMX is enabled on all online CPUs when creating the first guest. - VMX is disabled on all online CPUs when destroying the last guest. - VMX is disabled on offlining CPU Thanks, -- Isaku Yamahata