On Mon, Nov 21, 2022 at 01:26:28PM +1300, Kai Huang wrote:
> Shutting down the TDX module requires calling TDH.SYS.LP.SHUTDOWN on all
> BIOS-enabled CPUs, and the SEMACALL can run concurrently on different
> CPUs. Implement a mechanism to run SEAMCALL concurrently on all online
> CPUs and use it to shut down the module. Later logical-cpu scope module
> initialization will use it too.
Uhh, those requirements ^ are not met by this:
> +static void seamcall_on_each_cpu(struct seamcall_ctx *sc)
> +{
> + on_each_cpu(seamcall_smp_call_function, sc, true);
> +}
Consider:
CPU0 CPU1 CPU2
local_irq_disable()
...
seamcall_on_each_cpu()
send-IPIs to 0 and 2
<IPI>
runs local seamcall
(seamcall done)
waits for 0 and 2
<has an NMI delay things>
runs seamcall
clears CSD_LOCK
</IPI>
... spinning ...
local_irq_enable()
<IPI>
runs seamcall
clears CSD_LOCK
*FINALLY* observes CSD_LOCK cleared on
all CPU and continues
</IPI>
IOW, they all 3 run seamcall at different times.
Either the Changelog is broken or this TDX crud is worse crap than I
thought possible, because the only way to actually meet that requirement
as stated is stop_machine().
