Received: by 2002:a05:6500:1b45:b0:1f5:f2ab:c469 with SMTP id cz5csp228056lqb; Tue, 16 Apr 2024 13:58:57 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWWMbNNnO0zpKANdF165BX3GPgEWM07pe5daI1xIrXiVU9WfWemCJJy9hz8tuW+2uZ2sq1hhFI2xyJmDdpjkIJmgEa0oSliaDJi73ohLw== X-Google-Smtp-Source: AGHT+IGyIDV0TXPEOp/62ASEnnZkLGNQUCJik9hFacJLswy1HAU57X1zCDAE47XRGrU+ewSt8zBf X-Received: by 2002:a05:6808:1450:b0:3c5:edb2:ec91 with SMTP id x16-20020a056808145000b003c5edb2ec91mr15539412oiv.43.1713301136771; Tue, 16 Apr 2024 13:58:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1713301136; cv=pass; d=google.com; s=arc-20160816; b=JU88LmVnvWRhYL6kI9CdvSqQSY/RkqyiHu4wIVdSKEIkuJoOcBN2e3NsaVCMAfay7C 1dR8SGcVb7t2NLi8nil02qpXrV06AXS7rhHhEy/YT708bea88BRq6+DxavgnTnYLjVrN iXXcf7zwvd4jjrifRYAUTDnrWU8RtUV13ydKAR0ias2o9E0/D+kBJHKzLJQXw0mAqk3I Desv0j9/8SGkqqkVPoVVTckK+4SkTdKUP8KU6E/BX2ZcabUfAtrTcxthdUtZt+KyBJIJ jE9K++Ecxn+RXrb/v2YJTMkAlukj+w+VVMcoGiow8SDS6YSHzlkvEvrbxzTY3EITz7QE h0lw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:from:subject:message-id:references:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:in-reply-to:date :dkim-signature; bh=IagCFOK7GndGvbu+ZDoWmNTm5/xYC3EkHGls/RBs+eE=; fh=5irSkQ5ybn0Tk3nSIez9DJolF3LVjOTkZwX4r4Lp7pI=; b=C81O5t0KRx82zyvxFLc9t6AB/L+LIA6zAUWiC/ZzxhP4ApDAjAmGWwZSKsGZff45q7 /Pnltt6V07JVhGAs/fznFWSUyc297jYRCgnCJFejNTa3/pBvaNPULmyI3CtX6av+Vme1 NvS6+jxw6waOHp89g5GsPmkBz7helfTn7//FiKx6Pz9aqMTxYrOwXnInprlRF5DOZqLC oKlnGcbAJ/tTgZcQacrWf8Yateeb7AYu8hBoieFouE6ZPBdYXCFJiotS5Q/qDhhldEtE dF5WF6saS3Z8ExSWVyxsXYarKMx/GKrCfTI7b2YFut1aWAHuliIBI1NJa/hJcIjTtjvJ SgxA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=H3On6KNN; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-147543-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-147543-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id z17-20020ac87f91000000b00436a015912esi10802185qtj.482.2024.04.16.13.58.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Apr 2024 13:58:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-147543-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20230601 header.b=H3On6KNN; arc=pass (i=1 spf=pass spfdomain=flex--seanjc.bounces.google.com dkim=pass dkdomain=google.com dmarc=pass fromdomain=google.com); spf=pass (google.com: domain of linux-kernel+bounces-147543-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-147543-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 7B0BD1C21125 for ; Tue, 16 Apr 2024 20:58:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 375305A104; Tue, 16 Apr 2024 20:58:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="H3On6KNN" Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1FA634642B for ; Tue, 16 Apr 2024 20:58:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713301125; cv=none; b=AvZEC+VQXI6nNDyzs0VOPL2X4oesPX8n8c2B78ruujkKLbCyh57fUpnyx1tcDYJ+Lwp0kz2Jzx3tUsejtWHrqw7McR8QUO9smeexDkIGZPgKrAeYls1QPWoeGACFBFnLdokDKvz653c09/vx7PqsJcCxM6tr776hcx3E6bNApc0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1713301125; c=relaxed/simple; bh=bjjR/fURKyfHFmb8z6eyjmRhKvFUd2k2glmj1sFt8TY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=EXSinby4VajmninhuYOR8fAUJQ8c94mmYNP4p/nBusi3JDDKRvZB4JSmrW92pL8x5vbRwbYmblQtX9PkEPEQfjoay61R/FlOeZls6+ZVsy5TVQHlNGOwt52XnRMTHGmHluHsIB1QcCUwtzPk8XSiGS26mIB7rW97SS3Yf5UkLL0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=H3On6KNN; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-1e2bbb6049eso40646085ad.0 for ; Tue, 16 Apr 2024 13:58:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713301123; x=1713905923; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=IagCFOK7GndGvbu+ZDoWmNTm5/xYC3EkHGls/RBs+eE=; b=H3On6KNNg2ioDvTnm28tUZx/2XnVZVpWM+yHDvimb2uNZQ9S/nqSaXiO4uKlKPIpsG lyzvwAWhjHKZciWICEqFyaT70PG75cMalF4C6T0A7NbtA2JDtezStpqoeszEgeerRbT1 UpBsSl/R43nueyWZkToJuV9DDPGNA0q3XSFeDMSNNvrGfQRajvsT4lZ1tkmRhKMSXtbx FrY3f9Zjwwpa+jVhbe62MNpd0fMk0F4OsAuIUpuQU8Q/S6znO35g52TPUHtA5hfFt0Z7 bHXVRp/u+IG48+54GaAu1dZGOrHlqBPbOVXHYumLTPQoSzugDSXXIbyCs3RjZHMCXEYM iaFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713301123; x=1713905923; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IagCFOK7GndGvbu+ZDoWmNTm5/xYC3EkHGls/RBs+eE=; b=gAIINOfkEk6aH/3B3piXRZ0ISaBHa40v7hpF6n0yoSdpd21hWFMGnK3qRc4Nfm0yiK TwAgNwIfFkMjia5huGM9hl0jc2W2bU6MIX67X+7sJU0xWxKiTYqGmb3APVsR3uU04sG5 uW/R//BFdO5/KsgZv/gIx6hy/nEV7zgF0D2xTdFLIzfjhs6Z+HVP4WzALnAYTaWDeMOI EmnYa0fJPpZBbJbVwX1bnuNGQMaHqbFzRTFugNxQHMKfa/fJ2Jdl/W2WS8xaEo8f4B6n YTDXvemSmmuNC7o6HJSodF3Rq95UJ2loLKtRXlja0OFPbqjw/wAKe3LNtU4jBZ/2UDM3 M8KQ== X-Forwarded-Encrypted: i=1; AJvYcCXif/FtpaC2s9fOVWuPLrP/sGjmHo+nTZJTRG7wcc2TQ6WEIoLBXxEc++3BLs+DXD7sPLfiZVr0CPP9RQjuzQ0/xb8o0zTpcafxny1o X-Gm-Message-State: AOJu0YxboO6gYH4PV30hj5e37FtYi72rZpcOpMpTfvIdBo4QKjf7waoF 0EauLMdTrU6DgoYRr1+zZt3g7ozX5Mbo9Hzc8bX9u1gwojeXKLqyiMQumycgy1VY+oiC+nsxqJb /fQ== X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a17:902:e88a:b0:1e6:624c:f849 with SMTP id w10-20020a170902e88a00b001e6624cf849mr544995plg.4.1713301123335; Tue, 16 Apr 2024 13:58:43 -0700 (PDT) Date: Tue, 16 Apr 2024 13:58:41 -0700 In-Reply-To: <6cd2a9ce-f46a-44d0-9f76-8e493b940dc4@intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20240322212321.GA1994522@ls.amr.corp.intel.com> <461b78c38ffb3e59229caa806b6ed22e2c847b77.camel@intel.com> <8afbb648-b105-4e04-bf90-0572f589f58c@intel.com> <6cd2a9ce-f46a-44d0-9f76-8e493b940dc4@intel.com> Message-ID: Subject: Re: [PATCH v19 023/130] KVM: TDX: Initialize the TDX module when loading the KVM intel kernel module From: Sean Christopherson To: Kai Huang Cc: Isaku Yamahata , Tina Zhang , Hang Yuan , Bo Chen , "sagis@google.com" , "isaku.yamahata@gmail.com" , "linux-kernel@vger.kernel.org" , Erdem Aktas , "kvm@vger.kernel.org" , "pbonzini@redhat.com" , "isaku.yamahata@linux.intel.com" Content-Type: text/plain; charset="us-ascii" On Fri, Apr 12, 2024, Kai Huang wrote: > On 12/04/2024 2:03 am, Sean Christopherson wrote: > > On Thu, Apr 11, 2024, Kai Huang wrote: > > > I can certainly follow up with this and generate a reviewable patchset if I > > > can confirm with you that this is what you want? > > > > Yes, I think it's the right direction. I still have minor concerns about VMX > > being enabled while kvm.ko is loaded, which means that VMXON will _always_ be > > enabled if KVM is built-in. But after seeing the complexity that is needed to > > safely initialize TDX, and after seeing just how much complexity KVM already > > has because it enables VMX on-demand (I hadn't actually tried removing that code > > before), I think the cost of that complexity far outweighs the risk of "always" > > being post-VMXON. > > Does always leaving VMXON have any actual damage, given we have emergency > virtualization shutdown? Being post-VMXON increases the risk of kexec() into the kdump kernel failing. The tradeoffs that we're trying to balance are: is the risk of kexec() failing due to the complexity of the emergency VMX code higher than the risk of us breaking things in general due to taking on a ton of complexity to juggle VMXON for TDX? After seeing the latest round of TDX code, my opinion is that being post-VMXON is less risky overall, in no small part because we need that to work anyways for hosts that are actively running VMs. > > Within reason, I recommend getting feedback from others before you spend _too_ > > much time on this. It's entirely possible I'm missing/forgetting some other angle. > > Sure. Could you suggest who should we try to get feedback from? > > Perhaps you can just help to Cc them? I didn't have anyone in particular in mind, I just really want *someone* to weigh in as a sanity check.