On 8/13/2024 6:48 AM, Rick Edgecombe wrote:
From: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
Destroying TDX guest requires there's at least one cpu online for each
package, because reclaiming the TDX KeyID of the guest (as part of the
teardown process) requires to call some SEAMCALL (on any cpu) on all
packages.
Do not offline the last cpu of one package when there's any TDX guest
running, otherwise KVM may not be able to teardown TDX guest resulting
in leaking of TDX KeyID and other resources like TDX guest control
structure pages.
Add a tdx_arch_offline_cpu() and call it in kvm_offline_cpu() to provide
a placeholder for TDX specific check. The default __weak version simply
returns 0 (allow to offline) so other ARCHs are not impacted. Implement
the x86 version, which calls a new 'kvm_x86_ops::offline_cpu()' callback.
Implement the TDX version 'offline_cpu()' to prevent the cpu from going
offline if it is the last cpu on the package.
This part is stale.
Now, it's using TDX's own hotplug state callbacks instead of hooking
into KVM's.
[...]
+
static void __do_tdx_cleanup(void)
{
/*
@@ -946,7 +982,7 @@ static int __init __do_tdx_bringup(void)
*/
r = cpuhp_setup_state_cpuslocked(CPUHP_AP_ONLINE_DYN,
"kvm/cpu/tdx:online",
- tdx_online_cpu, NULL);
+ tdx_online_cpu, tdx_offline_cpu);
if (r < 0)
return r;
