| Message ID | cover.1699527082.git.kai.huang@intel.com |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b129:0:b0:403:3b70:6f57 with SMTP id q9csp379241vqs;
Thu, 9 Nov 2023 03:56:49 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IEWWKq+ak7BU0Jbbu66L84Amknf7bBkfPDw2YGuOYKCdBj9ePeBOTs7q5+HF90/Wg1SPUii
X-Received: by 2002:a05:6808:1b10:b0:3a7:5557:16c2 with SMTP id
bx16-20020a0568081b1000b003a7555716c2mr1519790oib.0.1699531009313;
Thu, 09 Nov 2023 03:56:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1699531009; cv=none;
d=google.com; s=arc-20160816;
b=aN0ZtX1TUVwrUidr20udUixpZhD6n1LcAqZ0qh5xgUNVqHoRTLJF6L9UhdNX4ppw2r
lw/0YXk2EfcXBMV6yBpVwsTeInIsZOkV/b4D9iX4l88jUQOmFTw20xx0cXqP72Soe3vs
tyhhlu20BV/0Eknm1mj+ddX2RgbD8LMgE2t82WYTWRjNzUOzFXiM/8O0O9WwDrTxLA5w
yln705vCUcWj/mETp7P8gAQ6Pbf7KA6Urw5V3soGXumfPhp1mP76RgfFisTappuGAsk4
p2XV9rnmzQqckBSdT9NT1kTNC3/QB2eEGSxgDaJG2IWT8ZLg1gvz1lcOnDLOUkAYgU2z
maVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=vwwqZSvgTcWyOfQS1H6k7NxuAhylEMit0ra93+YRUxk=;
fh=WBgbLtMencYhgeHuu2sUs5b9THiYLgy17d2w1N+xuf4=;
b=CsE7GDJP+KEQDokUzd0F6mP1dA66S1PJVewGUOW+LSIdUWEQiF/xBV1cK5eKrDweyj
pzdkZQWUzXRGtY+JUijznLLHvmriV7s5PgKzHCerkvcdyglSYNtGn0suBCtLEXthZlvb
zfL0FCKKD/4VBAqGcf9CnA0W9Zs9Y/YnahJgWpvYaN/Z2TOInp51CaYsgjIWCT8tfbn1
x37lh91n8MKHy/PsjKm7BURyh7xSth/KqWXx7MYZWJq/eZnCExWVjVqRjSzRATVB+EwO
knClHVzrC0GN+DvnSTDY3sUnkwOSmCMGaWWEm1O+6x2tUXVnaPHlOWrcvNIWscGLG3WG
LMVw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=h+eVebx9;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3])
by mx.google.com with ESMTPS id
p34-20020a056a0026e200b006c33c1c00d5si14321232pfw.96.2023.11.09.03.56.48
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 09 Nov 2023 03:56:49 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
client-ip=2620:137:e000::3:3;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=h+eVebx9;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::3:3 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by lipwig.vger.email (Postfix) with ESMTP id 21504829D395;
Thu, 9 Nov 2023 03:56:43 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at lipwig.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S233968AbjKIL40 (ORCPT <rfc822;jaysivo@gmail.com> + 32 others);
Thu, 9 Nov 2023 06:56:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43144 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S232093AbjKIL4Z (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 9 Nov 2023 06:56:25 -0500
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6B4C4211F;
Thu, 9 Nov 2023 03:56:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1699530984; x=1731066984;
h=from:to:cc:subject:date:message-id:mime-version:
content-transfer-encoding;
bh=8ZIZgzJ2rRhYRCexD/kh1kIXgtJYrDP82vKbdfntqG8=;
b=h+eVebx9Jd4S47tzRBaLSL5u56dGpH3sAdIUd33VPlZh5/KuFiPggcgE
uSDVHMTyjWAt/oQFAiFEG5hnSnArBP5RS+aDG41Rwp+VrjhispkpBFbCu
ZCUZYw6PAPiKCFE+6Zsfn4pLJwYOWrz91hEn7vvSyxD2d/sE+AF9br8nt
6yOPsM2MmLEAb60NJgVSfw/v9Y5Bzc/Z6EaMuX4pIJ7zmNPNS1RwV+bbA
M9BEneinDGhtbXOcaFfw185t9uEEaLxx1APNkuVq7CKQ7ZAEXyR+LhK85
ii+ZxLhrvGiOITFlIgGZkqMvtDSfP0GpDdxnJJG7PP6C1hEIvUqi1qLiv
w==;
X-IronPort-AV: E=McAfee;i="6600,9927,10888"; a="2936218"
X-IronPort-AV: E=Sophos;i="6.03,289,1694761200";
d="scan'208";a="2936218"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
09 Nov 2023 03:56:16 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10888"; a="766976558"
X-IronPort-AV: E=Sophos;i="6.03,289,1694761200";
d="scan'208";a="766976558"
Received: from shadphix-mobl.amr.corp.intel.com (HELO
khuang2-desk.gar.corp.intel.com) ([10.209.83.35])
by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
09 Nov 2023 03:56:09 -0800
From: Kai Huang <kai.huang@intel.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: x86@kernel.org, dave.hansen@intel.com,
kirill.shutemov@linux.intel.com, peterz@infradead.org,
tony.luck@intel.com, tglx@linutronix.de, bp@alien8.de,
mingo@redhat.com, hpa@zytor.com, seanjc@google.com,
pbonzini@redhat.com, rafael@kernel.org, david@redhat.com,
dan.j.williams@intel.com, len.brown@intel.com, ak@linux.intel.com,
isaku.yamahata@intel.com, ying.huang@intel.com, chao.gao@intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com, nik.borisov@suse.com,
bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com,
kai.huang@intel.com
Subject: [PATCH v15 00/23] TDX host kernel support
Date: Fri, 10 Nov 2023 00:55:37 +1300
Message-ID: <cover.1699527082.git.kai.huang@intel.com>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]);
Thu, 09 Nov 2023 03:56:43 -0800 (PST)
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1782087427360584298
X-GMAIL-MSGID: 1782087427360584298
|
| Series |
TDX host kernel support
|
|
Message
Kai Huang
Nov. 9, 2023, 11:55 a.m. UTC
Hi all,
(Again I didn't include the full cover letter here to save people's time.
The full coverletter can be found in the v13 [1]).
This version mainly addressed one issue that we (Intel people) discussed
internally: to only initialize TDX module 1.5 and later versions. The
reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and
later version (for detailed information please see [2]). There's no
value to support TDX 1.0 when the TDX 1.5 are already out.
Hi Kirill, Dave (and all),
Could you help to review the new patch mentioned in the detailed
changes below (and other minor changes due to rebase to it)?
Appreciate a lot!
The detailed changes:
(please refer to individual patch for specific changes to them.)
- v14 -> v15:
- Rebased to latest (today) master branch of Linus's tree.
- Removed the patch which uses TDH.SYS.INFO to get TDSYSINFO_STRUCT.
- Added a new patch to use TDH.SYS.RD (which is the new SEAMCALL to read
TDX module metadata in TDX 1.5) to read essential metadata for module
initialization and stop initializing TDX 1.0.
- Put the new patch after the patch to build the TDX-usable memory
list becaues CMRs are not readed from TDX module anymore.
- Very minor rebase changes in other couple of patches due to the new
TDH.SYS.RD patch.
- Addressed all comments (few) received in v14 (Rafael/Nikolay).
- Added people's tags -- thanks! (Sathy, Nickolay).
v14: https://lore.kernel.org/lkml/cover.1697532085.git.kai.huang@intel.com/T/
[1] v13: https://lore.kernel.org/lkml/cover.1692962263.git.kai.huang@intel.com/T/
[2] "TDX module ABI incompatibilities" spec:
https://cdrdv2.intel.com/v1/dl/getContent/773041
Kai Huang (23):
x86/virt/tdx: Detect TDX during kernel boot
x86/tdx: Define TDX supported page sizes as macros
x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC
x86/cpu: Detect TDX partial write machine check erratum
x86/virt/tdx: Handle SEAMCALL no entropy error in common code
x86/virt/tdx: Add SEAMCALL error printing for module initialization
x86/virt/tdx: Add skeleton to enable TDX on demand
x86/virt/tdx: Use all system memory when initializing TDX module as
TDX memory
x86/virt/tdx: Get module global metadata for module initialization
x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX
memory regions
x86/virt/tdx: Fill out TDMRs to cover all TDX memory regions
x86/virt/tdx: Allocate and set up PAMTs for TDMRs
x86/virt/tdx: Designate reserved areas for all TDMRs
x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID
x86/virt/tdx: Configure global KeyID on all packages
x86/virt/tdx: Initialize all TDMRs
x86/kexec: Flush cache of TDX private memory
x86/virt/tdx: Keep TDMRs when module initialization is successful
x86/virt/tdx: Improve readability of module initialization error
handling
x86/kexec(): Reset TDX private memory on platforms with TDX erratum
x86/virt/tdx: Handle TDX interaction with ACPI S3 and deeper states
x86/mce: Improve error log of kernel space TDX #MC due to erratum
Documentation/x86: Add documentation for TDX host support
Documentation/arch/x86/tdx.rst | 222 +++-
arch/x86/Kconfig | 3 +
arch/x86/coco/tdx/tdx-shared.c | 6 +-
arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/msr-index.h | 3 +
arch/x86/include/asm/shared/tdx.h | 6 +
arch/x86/include/asm/tdx.h | 39 +
arch/x86/kernel/cpu/intel.c | 17 +
arch/x86/kernel/cpu/mce/core.c | 33 +
arch/x86/kernel/machine_kexec_64.c | 16 +
arch/x86/kernel/process.c | 8 +-
arch/x86/kernel/reboot.c | 15 +
arch/x86/kernel/setup.c | 2 +
arch/x86/virt/vmx/tdx/Makefile | 2 +-
arch/x86/virt/vmx/tdx/tdx.c | 1555 ++++++++++++++++++++++++++++
arch/x86/virt/vmx/tdx/tdx.h | 121 +++
16 files changed, 2033 insertions(+), 16 deletions(-)
create mode 100644 arch/x86/virt/vmx/tdx/tdx.c
create mode 100644 arch/x86/virt/vmx/tdx/tdx.h
base-commit: 6bc986ab839c844e78a2333a02e55f02c9e57935
Comments
On 9.11.23 г. 13:55 ч., Kai Huang wrote: > Hi all, > > (Again I didn't include the full cover letter here to save people's time. > The full coverletter can be found in the v13 [1]). > > This version mainly addressed one issue that we (Intel people) discussed > internally: to only initialize TDX module 1.5 and later versions. The > reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and > later version (for detailed information please see [2]). There's no > value to support TDX 1.0 when the TDX 1.5 are already out. > > Hi Kirill, Dave (and all), > > Could you help to review the new patch mentioned in the detailed > changes below (and other minor changes due to rebase to it)? > > Appreciate a lot! > It looks good as a foundation to build on apart from Dave's comment about the read out of metadata fields are there any outstanding issues impending the merge of this series - Dave? FWIW: Reviewed-by: Nikolay Borisov <nborisov@suse.com>
On Mon, 2023-11-13 at 10:40 +0200, Nikolay Borisov wrote: > > On 9.11.23 г. 13:55 ч., Kai Huang wrote: > > Hi all, > > > > (Again I didn't include the full cover letter here to save people's time. > > The full coverletter can be found in the v13 [1]). > > > > This version mainly addressed one issue that we (Intel people) discussed > > internally: to only initialize TDX module 1.5 and later versions. The > > reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and > > later version (for detailed information please see [2]). There's no > > value to support TDX 1.0 when the TDX 1.5 are already out. > > > > Hi Kirill, Dave (and all), > > > > Could you help to review the new patch mentioned in the detailed > > changes below (and other minor changes due to rebase to it)? > > > > Appreciate a lot! > > > > It looks good as a foundation to build on apart from Dave's comment > about the read out of metadata fields are there any outstanding issues > impending the merge of this series - Dave? I believe many people are attending Linux plumber this week. :-) > > > FWIW: > > Reviewed-by: Nikolay Borisov <nborisov@suse.com> Thanks!