Re: [PATCH v7 10/20] x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory

From: Huang, Kai
Date: Thu Nov 24 2022 - 04:06:39 EST


On Wed, 2022-11-23 at 17:50 -0800, Dan Williams wrote:
> >  
> > @@ -968,6 +969,15 @@ int arch_add_memory(int nid, u64 start, u64 size,
> >    unsigned long start_pfn = start >> PAGE_SHIFT;
> >    unsigned long nr_pages = size >> PAGE_SHIFT;
> >  
> > + /*
> > + * For now if TDX is enabled, all pages in the page allocator
> > + * must be TDX memory, which is a fixed set of memory regions
> > + * that are passed to the TDX module.  Reject the new region
> > + * if it is not TDX memory to guarantee above is true.
> > + */
> > + if (!tdx_cc_memory_compatible(start_pfn, start_pfn + nr_pages))
> > + return -EINVAL;
>
> arch_add_memory() does not add memory to the page allocator.  For
> example, memremap_pages() uses arch_add_memory() and explicitly does not
> release the memory to the page allocator. 

Indeed. Sorry I missed this.

> This check belongs in
> add_memory_resource() to prevent new memory that violates TDX from being
> onlined. 

This would require adding another 'arch_cc_memory_compatible()' to the common
add_memory_resource() (I actually long time ago had such patch to work with the
memremap_pages() you mentioned above).

How about adding a memory_notifier to the TDX code, and reject online of TDX
incompatible memory (something like below)? The benefit is this is TDX code
self contained and won't pollute the common mm code:

+static int tdx_memory_notifier(struct notifier_block *nb,
+ unsigned long action, void *v)
+{
+ struct memory_notify *mn = v;
+
+ if (action != MEM_GOING_ONLINE)
+ return NOTIFY_OK;
+
+ /*
+ * Not all memory is compatible with TDX. Reject
+ * online of any incompatible memory.
+ */
+ return tdx_cc_memory_compatible(mn->start_pfn,
+ mn->start_pfn + mn->nr_pages) ? NOTIFY_OK : NOTIFY_BAD;
+}
+
+static struct notifier_block tdx_memory_nb = {
+ .notifier_call = tdx_memory_notifier,
+};

> Hopefully there is also an option to disable TDX from the
> kernel boot command line to recover memory-hotplug without needing to
> boot into the BIOS to toggle TDX.

I am fine.

Hi Dave, is it OK to include such command line to this initial TDX submission?