On 4/28/22 17:11, Kai Huang wrote:
> This is true. So I think w/o taking the lock is also fine, as the TDX module
> initialization is a state machine. If any cpu goes offline during logical-cpu
> level initialization and TDH.SYS.LP.INIT isn't done on that cpu, then later the
> TDH.SYS.CONFIG will fail. Similarly, if any cpu going offline causes
> TDH.SYS.KEY.CONFIG is not done for any package, then TDH.SYS.TDMR.INIT will
> fail.
Right. The worst-case scenario is someone is mucking around with CPU
hotplug during TDX initialization is that TDX initialization will fail.
We *can* fix some of this at least and provide coherent error messages
with a pattern like this:
cpus_read_lock();
// check that all MADT-enumerated CPUs are online
tdx_init();
cpus_read_unlock();
That, of course, *does* prevent CPUs from going offline during
tdx_init(). It also provides a nice place for an error message:
pr_warn("You offlined a CPU then want to use TDX? Sod off.\n");
> A problem (I realized it exists in current implementation too) is shutting down
> the TDX module, which requires calling TDH.SYS.LP.SHUTDOWN on all BIOS-enabled
> cpus. Kernel can do this SEAMCALL at most for all present cpus. However when
> any cpu is offline, this SEAMCALL won't be called on it, and it seems we need to
> add new CPU hotplug callback to call this SEAMCALL when the cpu is online again.
Hold on a sec. If you call TDH.SYS.LP.SHUTDOWN on any CPU, then TDX
stops working everywhere, right? But, if someone offlines one CPU, we
don't want TDX to stop working everywhere.
