Re: [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand
From: Huang, Kai
Date: Fri Jun 30 2023 - 05:55:48 EST
On Fri, 2023-06-30 at 11:26 +0200, Peter Zijlstra wrote:
> On Thu, Jun 29, 2023 at 12:10:00AM +0000, Huang, Kai wrote:
> > On Wed, 2023-06-28 at 15:17 +0200, Peter Zijlstra wrote:
> > > On Tue, Jun 27, 2023 at 02:12:37AM +1200, Kai Huang wrote:
> > > > +EXPORT_SYMBOL_GPL(tdx_cpu_enable);
> > >
> > > I can't find a single caller of this.. why is this exported?
> >
> > It's for KVM TDX patch to use, which isn't in this series.
> >
> > I'll remove the export. KVM TDX series can export it.
>
> Fair enough; where will the KVM TDX series call this? Earlier there was
> talk about doing it at kvm module load time -- but I objected (and still
> do object) to that.
>
> What's the current plan?
>
The direction is still doing it during module load (not my series anyway). But
this can be a separate discussion with KVM maintainers involved.
I understand you have concern that you don't want to have the memory & cpu time
wasted on enabling TDX by default. For that we can have a kernel command line
to disable TDX once for all (we can even make it default). It's just not in
this initial TDX support series but I'll send one once this initial support is
done, as mentioned in the cover letter of the previous version (sadly I removed
this paragraph for the sake of making the cover letter shorter):
"
Also, the patch to add the new kernel comline tdx="force" isn't included
in this initial version, as Dave suggested it isn't mandatory. But I
will add one once this initial version gets merged.
"
Also, KVM will have a module parameter 'enable_tdx'. I am hoping this could
reduce your concern too.