On Sun, Mar 13, 2022 at 03:03:40PM +0100,
Paolo Bonzini <pbonzini@xxxxxxxxxx> wrote:
> On 3/4/22 20:48, isaku.yamahata@xxxxxxxxx wrote:
> > +
> > + if (!tdx_module_initialized) {
> > + if (enable_tdx) {
> > + ret = __tdx_module_setup();
> > + if (ret)
> > + enable_tdx = false;
>
> "enable_tdx = false" isn't great to do only when a VM is created. Does it
> make sense to anticipate this to the point when the kvm_intel.ko module is
> loaded?
It's possible. I have the following two reasons to chose to defer TDX module
initialization until creating first TD. Given those reasons, do you still want
the initialization at loading kvm_intel.ko module? If yes, I'll change it.
- memory over head: The initialization of TDX module requires to allocate
physically contiguous memory whose size is about 0.43% of the system memory.
If user don't use TD, it will be wasted.
- VMXON on all pCPUs: The TDX module initialization requires to enable VMX
(VMXON) on all present pCPUs. vmx_hardware_enable() which is called on creating
guest does it. It naturally fits with the TDX module initialization at creating
first TD. I wanted to avoid code to enable VMXON on loading the kvm_intel.ko.
--
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
