Re: [PATCH v3 24/25] KVM: TDX: Guard VM state transitions with "all" the locks

Next message: Rick Edgecombe: "[PATCH] KVM: TDX: Take MMU lock around tdh_vp_init()"
Previous message: Andrew Morton: "Re: [PATCH v4 2/3] mm: handle poisoning of pfn without struct pages"
In reply to: Huang, Kai: "Re: [PATCH v3 24/25] KVM: TDX: Guard VM state transitions with &quot;all&quot; the locks"
Next in thread: Sean Christopherson: "Re: [PATCH v3 24/25] KVM: TDX: Guard VM state transitions with &quot;all&quot; the locks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Huang, Kai

Date: Mon Oct 27 2025 - 20:28:26 EST

On Thu, 2025-10-16 at 17:32 -0700, Sean Christopherson wrote:
> @@ -2781,8 +2827,6 @@ int tdx_vm_ioctl(struct kvm *kvm, void __user *argp)
> if (r)
> return r;
>
> - guard(mutex)(&kvm->lock);
> -
> switch (tdx_cmd.id) {
> case KVM_TDX_CAPABILITIES:
> r = tdx_get_capabilities(&tdx_cmd);

IIRC, this patch removes grabbing the kvm->lock in tdx_vm_ioctl() but only
adds the "big hammer" to tdx_td_init() and tdx_td_finalize(), so the
tdx_get_capabilities() lost holding the kvm->lock.

As replied earlier, I think we can just hold the "big hammer" in
tdx_vm_ioctl()?

One thing is when tdx_vm_ioctl() is called, the TD may not have any vCPU
(e.g., for tdx_td_init()). This means the "big hammer" will hold kvm-
>slots_lock w/o holding any lock of vCPU. But IIUC this should be OK.