On 4/29/22 11:19, Sean Christopherson wrote: > On Fri, Apr 29, 2022, Dave Hansen wrote: >> On 4/29/22 07:30, Sean Christopherson wrote: >>> On Fri, Apr 29, 2022, Dave Hansen wrote: >> ... >>>> A *good* way (although not foolproof) is to launch a TDX VM early >>>> in boot before memory gets fragmented or consumed. You might even >>>> want to recommend this in the documentation. >>> >>> What about providing a kernel param to tell the kernel to do the >>> allocation during boot? >> >> I think that's where we'll end up eventually. But, I also want to defer >> that discussion until after we have something merged. >> >> Right now, allocating the PAMTs precisely requires running the TDX >> module. Running the TDX module requires VMXON. VMXON is only done by >> KVM. KVM isn't necessarily there during boot. So, it's hard to do >> precisely today without a bunch of mucking with VMX. > > Meh, it's hard only if we ignore the fact that the PAMT entry size isn't going > to change for a given TDX module, and is extremely unlikely to change in general. > > Odds are good the kernel can hardcode a sane default and Just Work. Or provide > the assumed size of a PAMT entry via module param. If the size ends up being > wrong, log an error, free the reserved memory, and move on with TDX setup with > the correct size. Sure. The boot param could be: tdx_reserve_whatever=auto and then it can be overridden if necessary. I just don't want to have kernel binaries that are only good as paperweights if Intel decides it needs another byte of metadata. >> You can arm-wrestle the distro folks who hate adding command-line tweaks >> when the time comes. ;) > > Sure, you just find me the person that's going to run TDX guests with an > off-the-shelf distro kernel :-D Well, everyone gets their kernel from upstream eventually and everyone watches upstream. But, in all seriousness, do you really expect TDX to remain solely in the non-distro-kernel crowd forever? I expect that the fancy cloud providers (with custom kernels) who care the most to deploy TDX fist. But, things will trickle down to the distro crowd over time.
