On 2/14/23 04:46, Peter Zijlstra wrote: > On Tue, Feb 14, 2023 at 12:59:11AM +1300, Kai Huang wrote: >> Use a state machine protected by mutex to make sure the initialization >> will only be done once, as tdx_enable() can be called multiple times >> (i.e. KVM module can be reloaded) and be called concurrently by other >> kernel components in the future. > I still object to doing tdx_enable() at kvm module load. > > kvm.ko gets loaded unconditionally on boot, even if I then never use > kvm. > > This stuff needs to be done when an actual VM is created, not before. The actually implementation of this is hidden over in the KVM side of this. But, tdx_enable() and all of this jazz should not be called on kvm.ko load. It'll happen when the KVM tries to start the first TDX VM. I think what Kai was thinking of was *this* sequence: 1. insmod kvm.ko 2. Start a TDX guest, tdx_enable() gets run 3. rmmod kvm 4. insmod kvm.ko (again) 5. Start another TDX guest, run tdx_enable() (again) The rmmod/insmod pair is what triggers the second call of tdx_enable().
