On Mon, 2022-11-07 at 21:43 -0800, Isaku Yamahata wrote:

On Tue, Nov 08, 2022 at 01:09:27AM +0000,
"Huang, Kai" [off-list ref] wrote:

quoted

On Mon, 2022-11-07 at 13:46 -0800, Isaku Yamahata wrote:

quoted

quoted

On Fri, Nov 04, 2022, Isaku Yamahata wrote:

quoted

Thanks for the patch series. I the rebased TDX KVM patch series and it
worked.
Since cpu offline needs to be rejected in some cases(To keep at least one
cpu
on a package), arch hook for cpu offline is needed.

I hate to bring this up because I doubt there's a real use case for SUSPEND
with
TDX, but the CPU offline path isn't just for true offlining of CPUs.  When
the
system enters SUSPEND, only the initiating CPU goes through
kvm_suspend()+kvm_resume(),
all responding CPUs go through CPU offline+online.  I.e. disallowing all
CPUs from
going "offline" will prevent suspending the system.

The current TDX KVM implementation disallows CPU package from offline only
when
TDs are running.  If no TD is running, CPU offline is allowed.  So before
SUSPEND, TDs need to be killed via systemd or something.  After killing TDs,
the
system can enter into SUSPEND state.

This seems not correct.  You need one cpu for each to be online in order to
create TD as well, as TDH.MNG.KEY.CONFIG needs to be called on all packages,
correct?

That's correct. In such case, the creation of TD fails.  TD creation checks if
at least one cpu is online on all CPU packages.  If no, error.

I think we can just always refuse to offline the last cpu for each package when
TDX is enabled.  It's simpler I guess.