On 6/7/23 19:10, Huang, Kai wrote:
> On Wed, 2023-06-07 at 08:22 -0700, Dave Hansen wrote:
>> On 6/4/23 07:27, Kai Huang wrote:
>> ...
>>> +static int try_init_module_global(void)
>>> +{
>>> + unsigned long flags;
>>> + int ret;
>>> +
>>> + /*
>>> + * The TDX module global initialization only needs to be done
>>> + * once on any cpu.
>>> + */
>>> + raw_spin_lock_irqsave(&tdx_global_init_lock, flags);
>>
>> Why is this "raw_"?
>>
>> There's zero mention of it anywhere.
>
> Isaku pointed out the normal spinlock_t is converted to sleeping lock for
> PREEMPT_RT kernel. KVM calls this with IRQ disabled, thus requires a non-
> sleeping lock.
>
> How about adding below comment here?
>
> /*
> * Normal spinlock_t is converted to sleeping lock in PREEMPT_RT
> * kernel. Use raw_spinlock_t instead so this function can be called
> * even when IRQ is disabled in any kernel configuration.
> */
Go look at *EVERY* *OTHER* raw_spinlock_t in the kernel. Do any of them
say this?
Comment the function, say that it's always called with interrupts and
preempt disabled. Leaves it at that. *Maybe* add on that it needs raw
spinlocks because of it. But don't (try to) explain the background of
the lock type.
>>> +int tdx_cpu_enable(void)
>>> +{
>>> + unsigned int lp_status;
>>> + int ret;
>>> +
>>> + if (!platform_tdx_enabled())
>>> + return -EINVAL;
>>> +
>>> + lp_status = __this_cpu_read(tdx_lp_init_status);
>>> +
>>> + /* Already done */
>>> + if (lp_status & TDX_LP_INIT_DONE)
>>> + return lp_status & TDX_LP_INIT_FAILED ? -EINVAL : 0;
>>> +
>>> + /*
>>> + * The TDX module global initialization is the very first step
>>> + * to enable TDX. Need to do it first (if hasn't been done)
>>> + * before doing the per-cpu initialization.
>>> + */
>>> + ret = try_init_module_global();
>>> +
>>> + /*
>>> + * If the module global initialization failed, there's no point
>>> + * to do the per-cpu initialization. Just mark it as done but
>>> + * failed.
>>> + */
>>> + if (ret)
>>> + goto update_status;
>>> +
>>> + /* All '0's are just unused parameters */
>>> + ret = seamcall(TDH_SYS_LP_INIT, 0, 0, 0, 0, NULL, NULL);
>>> +
>>> +update_status:
>>> + lp_status = TDX_LP_INIT_DONE;
>>> + if (ret)
>>> + lp_status |= TDX_LP_INIT_FAILED;
>>> +
>>> + this_cpu_write(tdx_lp_init_status, lp_status);
>>> +
>>> + return ret;
>>> +}
>>> +EXPORT_SYMBOL_GPL(tdx_cpu_enable);
>>
>> You danced around it in the changelog, but the reason for the exports is
>> not clear.
>
> I'll add one sentence to the changelog to explain:
>
> Export both tdx_cpu_enable() and tdx_enable() as KVM will be the kernel
> component to use TDX.
Intel doesn't pay me by the word. Do you get paid that way? If not,
please just say:
Export both tdx_cpu_enable() and tdx_enable() for KVM use.
