On Tue, 2023-02-14 at 09:23 -0800, Dave Hansen wrote: > On 2/14/23 04:46, Peter Zijlstra wrote: > > On Tue, Feb 14, 2023 at 12:59:11AM +1300, Kai Huang wrote: > > > Use a state machine protected by mutex to make sure the initialization > > > will only be done once, as tdx_enable() can be called multiple times > > > (i.e. KVM module can be reloaded) and be called concurrently by other > > > kernel components in the future. > > I still object to doing tdx_enable() at kvm module load. > > > > kvm.ko gets loaded unconditionally on boot, even if I then never use > > kvm. > > > > This stuff needs to be done when an actual VM is created, not before. > > The actually implementation of this is hidden over in the KVM side of > this. But, tdx_enable() and all of this jazz should not be called on > kvm.ko load. It'll happen when the KVM tries to start the first TDX VM. > > I think what Kai was thinking of was *this* sequence: > > 1. insmod kvm.ko > 2. Start a TDX guest, tdx_enable() gets run > 3. rmmod kvm > 4. insmod kvm.ko (again) > 5. Start another TDX guest, run tdx_enable() (again) > > The rmmod/insmod pair is what triggers the second call of tdx_enable(). Yes. The point is tdx_enable() can get called multi times. We can discuss more when to enable TDX at KVM side, and I don't want to speak for KVM maintainers, but this is actually not that relevant to this series. In the changelog, I just said: "...initialize TDX until there is a real need (e.g when requested by KVM)". I didn't say exactly when KVM will call this.