[PATCH v3 24/25] KVM: TDX: Guard VM state transitions with "all" the locks
Huang, Kai
kai.huang at intel.com
Tue Oct 28 11:28:21 AEDT 2025
On Thu, 2025-10-16 at 17:32 -0700, Sean Christopherson wrote:
> @@ -2781,8 +2827,6 @@ int tdx_vm_ioctl(struct kvm *kvm, void __user *argp)
> if (r)
> return r;
>
> - guard(mutex)(&kvm->lock);
> -
> switch (tdx_cmd.id) {
> case KVM_TDX_CAPABILITIES:
> r = tdx_get_capabilities(&tdx_cmd);
IIRC, this patch removes grabbing the kvm->lock in tdx_vm_ioctl() but only
adds the "big hammer" to tdx_td_init() and tdx_td_finalize(), so the
tdx_get_capabilities() lost holding the kvm->lock.
As replied earlier, I think we can just hold the "big hammer" in
tdx_vm_ioctl()?
One thing is when tdx_vm_ioctl() is called, the TD may not have any vCPU
(e.g., for tdx_td_init()). This means the "big hammer" will hold kvm-
>slots_lock w/o holding any lock of vCPU. But IIUC this should be OK.
More information about the Linuxppc-dev
mailing list