Re: [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand
From: Huang, Kai
Date: Wed Jun 28 2023 - 20:01:35 EST
On Wed, 2023-06-28 at 15:04 +0200, Peter Zijlstra wrote:
> On Tue, Jun 27, 2023 at 02:12:37AM +1200, Kai Huang wrote:
>
> > +static int try_init_module_global(void)
> > +{
> > + unsigned long flags;
> > + int ret;
> > +
> > + /*
> > + * The TDX module global initialization only needs to be done
> > + * once on any cpu.
> > + */
> > + raw_spin_lock_irqsave(&tdx_global_init_lock, flags);
> > +
> > + if (tdx_global_initialized) {
> > + ret = 0;
> > + goto out;
> > + }
> > +
> > + /* All '0's are just unused parameters. */
> > + ret = seamcall(TDH_SYS_INIT, 0, 0, 0, 0, NULL, NULL);
> > + if (!ret)
> > + tdx_global_initialized = true;
> > +out:
> > + raw_spin_unlock_irqrestore(&tdx_global_init_lock, flags);
> > +
> > + return ret;
> > +}
>
> How long does that TDX_SYS_INIT take and why is a raw_spinlock with IRQs
> disabled the right way to serialize this?
The spec says it doesn't have a latency requirement, so theoretically it could
be long. SEAMCALL is a VMEXIT so it would at least cost thousands of cycles.
If raw_spinlock isn't desired, I think I can introduce another function to do
this and let the caller to call it before calling tdx_cpu_enable(). E.g., we
can have below functions:
1) tdx_global_init() -> TDH_SYS_INIT
2) tdx_cpu_init() -> TDH_SYS_LP_INIT
3) tdx_enable() -> actual module initialization
How does this sound?