Message ID | cover.1699527082.git.kai.huang@intel.com |
---|---|
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b129:0:b0:403:3b70:6f57 with SMTP id q9csp379241vqs; Thu, 9 Nov 2023 03:56:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IEWWKq+ak7BU0Jbbu66L84Amknf7bBkfPDw2YGuOYKCdBj9ePeBOTs7q5+HF90/Wg1SPUii X-Received: by 2002:a05:6808:1b10:b0:3a7:5557:16c2 with SMTP id bx16-20020a0568081b1000b003a7555716c2mr1519790oib.0.1699531009313; Thu, 09 Nov 2023 03:56:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699531009; cv=none; d=google.com; s=arc-20160816; b=aN0ZtX1TUVwrUidr20udUixpZhD6n1LcAqZ0qh5xgUNVqHoRTLJF6L9UhdNX4ppw2r lw/0YXk2EfcXBMV6yBpVwsTeInIsZOkV/b4D9iX4l88jUQOmFTw20xx0cXqP72Soe3vs tyhhlu20BV/0Eknm1mj+ddX2RgbD8LMgE2t82WYTWRjNzUOzFXiM/8O0O9WwDrTxLA5w yln705vCUcWj/mETp7P8gAQ6Pbf7KA6Urw5V3soGXumfPhp1mP76RgfFisTappuGAsk4 p2XV9rnmzQqckBSdT9NT1kTNC3/QB2eEGSxgDaJG2IWT8ZLg1gvz1lcOnDLOUkAYgU2z maVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=vwwqZSvgTcWyOfQS1H6k7NxuAhylEMit0ra93+YRUxk=; fh=WBgbLtMencYhgeHuu2sUs5b9THiYLgy17d2w1N+xuf4=; b=CsE7GDJP+KEQDokUzd0F6mP1dA66S1PJVewGUOW+LSIdUWEQiF/xBV1cK5eKrDweyj pzdkZQWUzXRGtY+JUijznLLHvmriV7s5PgKzHCerkvcdyglSYNtGn0suBCtLEXthZlvb zfL0FCKKD/4VBAqGcf9CnA0W9Zs9Y/YnahJgWpvYaN/Z2TOInp51CaYsgjIWCT8tfbn1 x37lh91n8MKHy/PsjKm7BURyh7xSth/KqWXx7MYZWJq/eZnCExWVjVqRjSzRATVB+EwO knClHVzrC0GN+DvnSTDY3sUnkwOSmCMGaWWEm1O+6x2tUXVnaPHlOWrcvNIWscGLG3WG LMVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=h+eVebx9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id p34-20020a056a0026e200b006c33c1c00d5si14321232pfw.96.2023.11.09.03.56.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Nov 2023 03:56:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=h+eVebx9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 21504829D395; Thu, 9 Nov 2023 03:56:43 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233968AbjKIL40 (ORCPT <rfc822;jaysivo@gmail.com> + 32 others); Thu, 9 Nov 2023 06:56:26 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232093AbjKIL4Z (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Thu, 9 Nov 2023 06:56:25 -0500 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B4C4211F; Thu, 9 Nov 2023 03:56:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1699530984; x=1731066984; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=8ZIZgzJ2rRhYRCexD/kh1kIXgtJYrDP82vKbdfntqG8=; b=h+eVebx9Jd4S47tzRBaLSL5u56dGpH3sAdIUd33VPlZh5/KuFiPggcgE uSDVHMTyjWAt/oQFAiFEG5hnSnArBP5RS+aDG41Rwp+VrjhispkpBFbCu ZCUZYw6PAPiKCFE+6Zsfn4pLJwYOWrz91hEn7vvSyxD2d/sE+AF9br8nt 6yOPsM2MmLEAb60NJgVSfw/v9Y5Bzc/Z6EaMuX4pIJ7zmNPNS1RwV+bbA M9BEneinDGhtbXOcaFfw185t9uEEaLxx1APNkuVq7CKQ7ZAEXyR+LhK85 ii+ZxLhrvGiOITFlIgGZkqMvtDSfP0GpDdxnJJG7PP6C1hEIvUqi1qLiv w==; X-IronPort-AV: E=McAfee;i="6600,9927,10888"; a="2936218" X-IronPort-AV: E=Sophos;i="6.03,289,1694761200"; d="scan'208";a="2936218" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2023 03:56:16 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10888"; a="766976558" X-IronPort-AV: E=Sophos;i="6.03,289,1694761200"; d="scan'208";a="766976558" Received: from shadphix-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.209.83.35]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Nov 2023 03:56:09 -0800 From: Kai Huang <kai.huang@intel.com> To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: x86@kernel.org, dave.hansen@intel.com, kirill.shutemov@linux.intel.com, peterz@infradead.org, tony.luck@intel.com, tglx@linutronix.de, bp@alien8.de, mingo@redhat.com, hpa@zytor.com, seanjc@google.com, pbonzini@redhat.com, rafael@kernel.org, david@redhat.com, dan.j.williams@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, ying.huang@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, nik.borisov@suse.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v15 00/23] TDX host kernel support Date: Fri, 10 Nov 2023 00:55:37 +1300 Message-ID: <cover.1699527082.git.kai.huang@intel.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Thu, 09 Nov 2023 03:56:43 -0800 (PST) X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782087427360584298 X-GMAIL-MSGID: 1782087427360584298 |
Series |
TDX host kernel support
|
|
Message
Kai Huang
Nov. 9, 2023, 11:55 a.m. UTC
Hi all, (Again I didn't include the full cover letter here to save people's time. The full coverletter can be found in the v13 [1]). This version mainly addressed one issue that we (Intel people) discussed internally: to only initialize TDX module 1.5 and later versions. The reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and later version (for detailed information please see [2]). There's no value to support TDX 1.0 when the TDX 1.5 are already out. Hi Kirill, Dave (and all), Could you help to review the new patch mentioned in the detailed changes below (and other minor changes due to rebase to it)? Appreciate a lot! The detailed changes: (please refer to individual patch for specific changes to them.) - v14 -> v15: - Rebased to latest (today) master branch of Linus's tree. - Removed the patch which uses TDH.SYS.INFO to get TDSYSINFO_STRUCT. - Added a new patch to use TDH.SYS.RD (which is the new SEAMCALL to read TDX module metadata in TDX 1.5) to read essential metadata for module initialization and stop initializing TDX 1.0. - Put the new patch after the patch to build the TDX-usable memory list becaues CMRs are not readed from TDX module anymore. - Very minor rebase changes in other couple of patches due to the new TDH.SYS.RD patch. - Addressed all comments (few) received in v14 (Rafael/Nikolay). - Added people's tags -- thanks! (Sathy, Nickolay). v14: https://lore.kernel.org/lkml/cover.1697532085.git.kai.huang@intel.com/T/ [1] v13: https://lore.kernel.org/lkml/cover.1692962263.git.kai.huang@intel.com/T/ [2] "TDX module ABI incompatibilities" spec: https://cdrdv2.intel.com/v1/dl/getContent/773041 Kai Huang (23): x86/virt/tdx: Detect TDX during kernel boot x86/tdx: Define TDX supported page sizes as macros x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC x86/cpu: Detect TDX partial write machine check erratum x86/virt/tdx: Handle SEAMCALL no entropy error in common code x86/virt/tdx: Add SEAMCALL error printing for module initialization x86/virt/tdx: Add skeleton to enable TDX on demand x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory x86/virt/tdx: Get module global metadata for module initialization x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions x86/virt/tdx: Fill out TDMRs to cover all TDX memory regions x86/virt/tdx: Allocate and set up PAMTs for TDMRs x86/virt/tdx: Designate reserved areas for all TDMRs x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID x86/virt/tdx: Configure global KeyID on all packages x86/virt/tdx: Initialize all TDMRs x86/kexec: Flush cache of TDX private memory x86/virt/tdx: Keep TDMRs when module initialization is successful x86/virt/tdx: Improve readability of module initialization error handling x86/kexec(): Reset TDX private memory on platforms with TDX erratum x86/virt/tdx: Handle TDX interaction with ACPI S3 and deeper states x86/mce: Improve error log of kernel space TDX #MC due to erratum Documentation/x86: Add documentation for TDX host support Documentation/arch/x86/tdx.rst | 222 +++- arch/x86/Kconfig | 3 + arch/x86/coco/tdx/tdx-shared.c | 6 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/msr-index.h | 3 + arch/x86/include/asm/shared/tdx.h | 6 + arch/x86/include/asm/tdx.h | 39 + arch/x86/kernel/cpu/intel.c | 17 + arch/x86/kernel/cpu/mce/core.c | 33 + arch/x86/kernel/machine_kexec_64.c | 16 + arch/x86/kernel/process.c | 8 +- arch/x86/kernel/reboot.c | 15 + arch/x86/kernel/setup.c | 2 + arch/x86/virt/vmx/tdx/Makefile | 2 +- arch/x86/virt/vmx/tdx/tdx.c | 1555 ++++++++++++++++++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 121 +++ 16 files changed, 2033 insertions(+), 16 deletions(-) create mode 100644 arch/x86/virt/vmx/tdx/tdx.c create mode 100644 arch/x86/virt/vmx/tdx/tdx.h base-commit: 6bc986ab839c844e78a2333a02e55f02c9e57935
Comments
On 9.11.23 г. 13:55 ч., Kai Huang wrote: > Hi all, > > (Again I didn't include the full cover letter here to save people's time. > The full coverletter can be found in the v13 [1]). > > This version mainly addressed one issue that we (Intel people) discussed > internally: to only initialize TDX module 1.5 and later versions. The > reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and > later version (for detailed information please see [2]). There's no > value to support TDX 1.0 when the TDX 1.5 are already out. > > Hi Kirill, Dave (and all), > > Could you help to review the new patch mentioned in the detailed > changes below (and other minor changes due to rebase to it)? > > Appreciate a lot! > It looks good as a foundation to build on apart from Dave's comment about the read out of metadata fields are there any outstanding issues impending the merge of this series - Dave? FWIW: Reviewed-by: Nikolay Borisov <nborisov@suse.com>
On Mon, 2023-11-13 at 10:40 +0200, Nikolay Borisov wrote: > > On 9.11.23 г. 13:55 ч., Kai Huang wrote: > > Hi all, > > > > (Again I didn't include the full cover letter here to save people's time. > > The full coverletter can be found in the v13 [1]). > > > > This version mainly addressed one issue that we (Intel people) discussed > > internally: to only initialize TDX module 1.5 and later versions. The > > reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and > > later version (for detailed information please see [2]). There's no > > value to support TDX 1.0 when the TDX 1.5 are already out. > > > > Hi Kirill, Dave (and all), > > > > Could you help to review the new patch mentioned in the detailed > > changes below (and other minor changes due to rebase to it)? > > > > Appreciate a lot! > > > > It looks good as a foundation to build on apart from Dave's comment > about the read out of metadata fields are there any outstanding issues > impending the merge of this series - Dave? I believe many people are attending Linux plumber this week. :-) > > > FWIW: > > Reviewed-by: Nikolay Borisov <nborisov@suse.com> Thanks!