On Tue, Dec 05, 2023, Tony Luck wrote:
> >> Fine. This doesn't need to change ... until you load TDX. Once you
> >> initialize the TDX module, no more out-of-tree VMMs for you.
> >
> > It's not just out-of-tree hypervisors, which IMO should be little more than an
> > afterthought. The other more important issue is that being post-VMXON blocks INIT,
>
> Does that make CPU offline a one-way process? Linux uses INIT to bring a CPU back
> online again.
No, KVM does VMXOFF on the CPU being offlined, and then VMXON if/when the CPU is
onlined again. This also handles secondary CPUs for suspend/resume (the primary
CPU hooks .suspend() and .resume()).
static int kvm_offline_cpu(unsigned int cpu)
{
mutex_lock(&kvm_lock);
if (kvm_usage_count)
hardware_disable_nolock(NULL);
mutex_unlock(&kvm_lock);
return 0;
}
static int kvm_online_cpu(unsigned int cpu)
{
int ret = 0;
/*
* Abort the CPU online process if hardware virtualization cannot
* be enabled. Otherwise running VMs would encounter unrecoverable
* errors when scheduled to this CPU.
*/
mutex_lock(&kvm_lock);
if (kvm_usage_count)
ret = __hardware_enable_nolock();
mutex_unlock(&kvm_lock);
return ret;
}
