[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH v4 11/36] i386/tdx: Initialize TDX before creating TD vcp
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [RFC PATCH v4 11/36] i386/tdx: Initialize TDX before creating TD vcpus |
|
Date: |
Tue, 7 Jun 2022 13:16:51 +0200 |
Hi,
> > I guess it could be helpful for the discussion when you can outine the
> > 'big picture' for tdx initialization. How does kvm accel setup look
> > like without TDX, and what additional actions are needed for TDX? What
> > ordering requirements and other constrains exist?
>
> To boot a TDX VM, it requires several changes/additional steps in the flow:
>
> 1. specify the vm type KVM_X86_TDX_VM when creating VM with
> IOCTL(KVM_CREATE_VM);
> - When initializing KVM accel
>
> 2. initialize VM scope configuration before creating any VCPU;
>
> 3. initialize VCPU scope configuration;
> - done inside machine_init_done_notifier;
>
> 4. initialize virtual firmware in guest private memory before vcpu running;
> - done inside machine_init_done_notifier;
>
> 5. finalize the TD's measurement;
> - done inside machine init_done_notifier;
>
>
> And we are discussing where to do step 2).
>
> We can find from the code of tdx_pre_create_vcpu(), that it needs
> cpuid entries[] and attributes as input to KVM.
>
> cpuid entries[] is set up by kvm_x86_arch_cpuid() mainly based on
> 'CPUX86State *env'
>
> attributes.pks is retrieved from env->features[]
> and attributes.pmu is retrieved from x86cpu->enable_pmu
>
> to make VM-socpe data is consistent with VCPU data, we do choose the point
> late enough to ensure all the info/configurations from VCPU are settle down,
> that just before calling KVM API to do VCPU-scope configuration.
So essentially tdx defines (some) vcpu properties at vm scope? Given
that all vcpus typically identical (and maybe tdx even enforces this)
this makes sense.
A comment in the source code explaining this would be good.
thanks,
Gerd