Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp23004245rwd; Fri, 30 Jun 2023 16:19:33 -0700 (PDT) X-Google-Smtp-Source: APBJJlGwlHz5NXKucZGkese+heKjv+/VqvUdFo3ZgOs2AxNLcyAGMA2a0PpK6auZLPt4tWudDD5W X-Received: by 2002:a17:903:1205:b0:1b3:e90b:93e1 with SMTP id l5-20020a170903120500b001b3e90b93e1mr5105650plh.36.1688167173584; Fri, 30 Jun 2023 16:19:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688167173; cv=none; d=google.com; s=arc-20160816; b=rI9FHfqY8Cf0YgDKVSC7A8G9V86SZwnpK61rTbFdMoH1P1DEw3MM4t3Z4jaxmoWZXR pv3yH1R2LBg4Xnb491Z8Lhv8aTACEVmzo4zCejeeqgJ5XT1/B4K06FFlNBh6nYd4TrDX bU11Sl/mqYRM2qYw8n8VG+iNYvC+W6zwrhsYG3YVMt9ZYoC97odvBGmU6TOpCQQ8c4tj Nl/H5qM7UsvseXrZ22DIrKHCGibBnfqxSU4Xf46k2vZkO56TCIGE7PtVd0EesZiBg3FH mzVYD+43ofEEfWszV7krFuUBPx3MkgKosa/9tym1zY+aMAE1vTVAyzIPEpUiE9OqSP6y Z9UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=bhMZdyDSGPjEP24Zl1cySCTbCxh+tuhTGT1bMgabZd8=; fh=RoAyIHmCBQdFV5Jn0TE1ireb/+1C9YqvpNP11TEa+H8=; b=Oesm5foZn6SXV6CpWEhYzDAhr46qFk32UAQmYBCcTkWYd/rPSQRES4b0VzWgi9F3pf RtyyWuyCA+qdtxJ2QePYqJUVPjEGF3y6VgVS7k7I7MrGb1GIfhZ70Vwf50WguT9nF8qT ERA2Yiemfqnixn1K0tm7GSyahlWp4Eg+ZUaCCwCf8WxK6eAlXjRkDgnjnn6DOb07IZa1 GFMSIynYqgI5UIXDFep8rcEsIKTBqpH63IP4eouqFDRkJD2IA3jPQYjEEkN2W/TeOM0u eLpxSzxBd3Ts8TnrVjXQZ3Idkf3Akl7iBLqhxCCbirL3LV/7/w8lAN52Iziwfxy7HV58 +lnw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JDsL4Ozn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b21-20020a170902b61500b001b53cb22fb3si12794216pls.277.2023.06.30.16.19.18; Fri, 30 Jun 2023 16:19:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=JDsL4Ozn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231857AbjF3XNp (ORCPT + 99 others); Fri, 30 Jun 2023 19:13:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34740 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229484AbjF3XNn (ORCPT ); Fri, 30 Jun 2023 19:13:43 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C60353AB9; Fri, 30 Jun 2023 16:13:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1688166822; x=1719702822; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=SrteLpfpxpFm4YLNpW3foRZtyRqgWwWsAEa8LqWi7Vg=; b=JDsL4OznBzaIG6376E7k3L7zetQF2foRZq2HeMRpyGYhlMJZz5n8MIkj Ig+yLYeFMGE9O4ChVngpdc2hQy4WbXqoK75v0sb27BtflXdV5jCcH1bYk s2FoXlAyJ3dwjZroK22macwDv0vo4Jm+nvM+yrPtqIt5u/ywa9XabuLoI f4WDWD2hzu82MY1cqwQ6HAMKNY4T/W+AFlHHpcmhHa1Ola70b54lCN6er Ez+IzkNmoEPP8ZAuGXazQB1YFMZTWYeVf7D+twneIvgzSTJf2GPZReEGd WvRnRdz3iDMCGH/hWgI/tGk9s72GCr/EqT1y6Lmj1WcSBCVcKUuPb1CVW Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10757"; a="365092686" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="365092686" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2023 16:13:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10757"; a="891911122" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="891911122" Received: from amuruge1-mobl.amr.corp.intel.com (HELO [10.252.133.96]) ([10.252.133.96]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2023 16:13:40 -0700 Message-ID: Date: Fri, 30 Jun 2023 16:13:39 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand Content-Language: en-US To: Sean Christopherson , Isaku Yamahata Cc: Peter Zijlstra , Kai Huang , "kvm@vger.kernel.org" , Ashok Raj , Tony Luck , "david@redhat.com" , "bagasdotme@gmail.com" , "ak@linux.intel.com" , Rafael J Wysocki , "kirill.shutemov@linux.intel.com" , Reinette Chatre , "pbonzini@redhat.com" , "mingo@redhat.com" , "tglx@linutronix.de" , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , Isaku Yamahata , "nik.borisov@suse.com" , "hpa@zytor.com" , Sagi Shahar , "imammedo@redhat.com" , "bp@alien8.de" , Chao Gao , Len Brown , "sathyanarayanan.kuppuswamy@linux.intel.com" , Ying Huang , Dan J Williams , "x86@kernel.org" References: <104d324cd68b12e14722ee5d85a660cccccd8892.1687784645.git.kai.huang@intel.com> <20230628131717.GE2438817@hirez.programming.kicks-ass.net> <0c9639db604a0670eeae5343d456e43d06b35d39.camel@intel.com> <20230630092615.GD2533791@hirez.programming.kicks-ass.net> <2659d6eef84f008635ba300f4712501ac88cef2c.camel@intel.com> <20230630183020.GA4253@hirez.programming.kicks-ass.net> <20230630190514.GH3436214@ls.amr.corp.intel.com> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/30/23 14:24, Sean Christopherson wrote: > That said, if this is a sticking point, let's just make enable_tdx off by default, > i.e. force userspace to opt-in. Deployments that *know* they may want to schedule > TDX VMs on the host can simply force the module param. And for everyone else, > since KVM is typically configured as a module by distros, KVM can be unloaded and > reload if the user realizes they want TDX well after the system is up and running. Let's just default it to off for now. If we default it to on, we risk inflicting TDX on existing KVM users that don't want it (by surprise). If it turns out to _that_ big of an inconvenience, we'd have to reverse course and change the default from on=>off. *That* would break existing TDX users when we do it. Gnashing of teeth all around would ensue. On the other hand, if we force TDX users to turn it on from day one, we don't surprise _anyone_ that wasn't asking for it. The only teeth gnashing is for the TDX folks. We could change _that_ down the line if the TDX users get too rowdy. But I'd much rather err on the side of inconveniencing the guys that know they want the snazzy new hardware than those who just want to run plain old VMs. I honestly don't care all that much either way. There's an escape hatch at runtime (reload kvm_intel.ko) no matter what we do.