From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C583EB64DD for ; Fri, 30 Jun 2023 23:13:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5A49C8E005B; Fri, 30 Jun 2023 19:13:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 553568E0059; Fri, 30 Jun 2023 19:13:47 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4199E8E005B; Fri, 30 Jun 2023 19:13:47 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2E62A8E0059 for ; Fri, 30 Jun 2023 19:13:47 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id F1ED3C0504 for ; Fri, 30 Jun 2023 23:13:46 +0000 (UTC) X-FDA: 80960968452.08.698979C Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by imf10.hostedemail.com (Postfix) with ESMTP id 56028C0013 for ; Fri, 30 Jun 2023 23:13:44 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=fkQdCAJ2; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf10.hostedemail.com: domain of dave.hansen@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=dave.hansen@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688166825; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=bhMZdyDSGPjEP24Zl1cySCTbCxh+tuhTGT1bMgabZd8=; b=KschYIFiL1rhbpzA/6lUEWCsVMK2eeFMEFgf+coTScBfWt4VpxVujy2iA2E/izwv20ZYlq jHmKwA3Yf7kmQDd1ERJ1Rw8mFDx+BPVi5xTcf85lmV/vcrqR0ovO5/S9uN2dg/qLl1LawM ztBBuiNXrHHQPB2qdbT3cMU21xNyP78= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=fkQdCAJ2; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf10.hostedemail.com: domain of dave.hansen@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=dave.hansen@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688166825; a=rsa-sha256; cv=none; b=B1fPF1U1N1sCpTKEhTdAx66g8bWD3XRgj2qX7OMHj3htdP5jT/8A4YKhv/dMDH0eaVIDdS AxjRCrcWwmk++6S4ZJGCHjabXzW5+GAM2SsHtslLxutdVkeb+WjFjQ5pq3V9H45zBpTvSY RJHu84QVKJEYuyq3sDsc0yY0QwC7W/8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1688166824; x=1719702824; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=SrteLpfpxpFm4YLNpW3foRZtyRqgWwWsAEa8LqWi7Vg=; b=fkQdCAJ2gtRtl8PVdJBIQyQ+gXd5YXU6ASpCpTSjJX4mqSm1XZSkhyXy 34RtAKNXc/AhVMmDHbQVS14LeR0b/FsjrAm+e3qBvLYU++PsW65sBTD71 9Cqvfq9PCXM33tyyp30BDl7+r8YCSUnZFX0G6YsAUBz/zsRu1hRBMQCxL bCRkZqJRWKTW+NZpHQAx2FIarogGlLCAnqUxU9Wp/4R7ZY/276+Sw9HQN Z+TP0ymuEmfhCmRCvrYaQmPl+Y2wEuiyVLB5Tizz7HA3eDEJ6U5uv5fSt 7XV5hM2YoVXFRZyB+XJOCZuqZkawweqqsEWn1jAl3AkSry4Aqgulsd17t Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10757"; a="365092688" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="365092688" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2023 16:13:42 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10757"; a="891911122" X-IronPort-AV: E=Sophos;i="6.01,172,1684825200"; d="scan'208";a="891911122" Received: from amuruge1-mobl.amr.corp.intel.com (HELO [10.252.133.96]) ([10.252.133.96]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jun 2023 16:13:40 -0700 Message-ID: Date: Fri, 30 Jun 2023 16:13:39 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v12 07/22] x86/virt/tdx: Add skeleton to enable TDX on demand Content-Language: en-US To: Sean Christopherson , Isaku Yamahata Cc: Peter Zijlstra , Kai Huang , "kvm@vger.kernel.org" , Ashok Raj , Tony Luck , "david@redhat.com" , "bagasdotme@gmail.com" , "ak@linux.intel.com" , Rafael J Wysocki , "kirill.shutemov@linux.intel.com" , Reinette Chatre , "pbonzini@redhat.com" , "mingo@redhat.com" , "tglx@linutronix.de" , "linux-kernel@vger.kernel.org" , "linux-mm@kvack.org" , Isaku Yamahata , "nik.borisov@suse.com" , "hpa@zytor.com" , Sagi Shahar , "imammedo@redhat.com" , "bp@alien8.de" , Chao Gao , Len Brown , "sathyanarayanan.kuppuswamy@linux.intel.com" , Ying Huang , Dan J Williams , "x86@kernel.org" References: <104d324cd68b12e14722ee5d85a660cccccd8892.1687784645.git.kai.huang@intel.com> <20230628131717.GE2438817@hirez.programming.kicks-ass.net> <0c9639db604a0670eeae5343d456e43d06b35d39.camel@intel.com> <20230630092615.GD2533791@hirez.programming.kicks-ass.net> <2659d6eef84f008635ba300f4712501ac88cef2c.camel@intel.com> <20230630183020.GA4253@hirez.programming.kicks-ass.net> <20230630190514.GH3436214@ls.amr.corp.intel.com> From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspam-User: X-Stat-Signature: 8teb8535thip841mryw3w1gy99ue9jtc X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 56028C0013 X-HE-Tag: 1688166824-857422 X-HE-Meta: U2FsdGVkX1+lK+rYLKlTPLzsVWyAIHxb7hvM9NrO19vYZgbF2lR8mMK9TavAs3wBFwLY4wjLfz/AcCf/sKTxvvx6wjHP0lVul36sTmotfXy3jD5M7nmj2FEIxvhsagwKSK1L6dWI22XO9WRoiPTeG3nFTbSQwJtmsN4WjGeULb94NsWE0liKKvLbKPRKNDATO11MRNFumLobn7yEMiNcsqJEDHbAHJ9gpvYRvxAgwHp85VrJHvCW1KPcOowXrEDdWdGfhsAxhwr3dDstRdwWp400r6Vl5dfSf5NVhDbICur4mvjhiLRzsj/Y4CJZFC78UA/zVnGJzWJXC2NND49s1MamiA0UBiCyU9BW0O86UlHOBiy5x0tFQrbPvS4/Jif65dB8Z4Bxz8981oxJ0Pz/61fwGIlROcCzGEC/dLZfs3N+3vOIk8lL139/BoBGA5UveoNjAcZTOPTEEG0cmOiyCLJsyMB5HB/bm1Fdyf0lQQsVdNrMzkNEu+K6hiax5gmqdy4hKv2ddDBuRvp57gWkZh9QH6Ev/BjMHbIAWkV7jSFdd/ZR/iBL0m4t3bXFFRi/HrIO26SqV228Ogls3PNHnCy/6844X/uPD/a5UQ0tDXXgI86N+1A2QBiNK7JxaDm0/Ai+vbH2SfLZomzBbW22VJqR/TMAnYGsVMOdkq6PBo0UIIfx34169RZcArBBK2NNXc5SkCBT8jAH0l2k5XRuJQUIkIqiHIeCJhuA9GvlKQqbAVJZD6abBXMzhgLOWcrhQ04OnQPkSRjFDbd0qBhETH7Mp7I8BjKZrHBgN+Ae5HAWgn+jI3Kc54Tnhn3yAuWfGaazVPjQK5UNXggY6jhVXzqOHESn/kfhgPOz8oVUTWD6YmsrvjMVqEPhTaBTRohdyN/YfuXedlUnNlauKYE9nngTA6/VRrCy77FrRyxy+uAAlsMVHDB51u1eHEI3NzsJdaoeG0u59ko9eWXXzSD OH1DNQ9i bv+6WbNVazP4mck1c+ZpnMO20Y5l1yIAbA0X/sWsoynmFSTrT1BAE683lGeyWlnAF7mCRtvssDEzxzLfzFhePtj7v9ejFaMjP3oHjHvM5uyHdT42tXZR+mqMaDq0IBcY6VbMqjo2xua3NiSkGYN4RMK4ZTPL3AXOP1yHIFJ47p/cI8RA8P5PjWICUmrtAgRO5xMe45FvvbR6zgbL/CLc5lyLf9gSyCTJ+ppV9IF7Dj+vvECG5ACV71TAll22LVY+94fGh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000650, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 6/30/23 14:24, Sean Christopherson wrote: > That said, if this is a sticking point, let's just make enable_tdx off by default, > i.e. force userspace to opt-in. Deployments that *know* they may want to schedule > TDX VMs on the host can simply force the module param. And for everyone else, > since KVM is typically configured as a module by distros, KVM can be unloaded and > reload if the user realizes they want TDX well after the system is up and running. Let's just default it to off for now. If we default it to on, we risk inflicting TDX on existing KVM users that don't want it (by surprise). If it turns out to _that_ big of an inconvenience, we'd have to reverse course and change the default from on=>off. *That* would break existing TDX users when we do it. Gnashing of teeth all around would ensue. On the other hand, if we force TDX users to turn it on from day one, we don't surprise _anyone_ that wasn't asking for it. The only teeth gnashing is for the TDX folks. We could change _that_ down the line if the TDX users get too rowdy. But I'd much rather err on the side of inconveniencing the guys that know they want the snazzy new hardware than those who just want to run plain old VMs. I honestly don't care all that much either way. There's an escape hatch at runtime (reload kvm_intel.ko) no matter what we do.