mbox series

[v15,00/23] TDX host kernel support

Message ID cover.1699527082.git.kai.huang@intel.com (mailing list archive)
Headers show
Series TDX host kernel support | expand

Message

Huang, Kai Nov. 9, 2023, 11:55 a.m. UTC
Hi all,

(Again I didn't include the full cover letter here to save people's time.
 The full coverletter can be found in the v13 [1]).

This version mainly addressed one issue that we (Intel people) discussed
internally: to only initialize TDX module 1.5 and later versions.  The
reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and
later version (for detailed information please see [2]).  There's no
value to support TDX 1.0 when the TDX 1.5 are already out.

Hi Kirill, Dave (and all),

Could you help to review the new patch mentioned in the detailed
changes below (and other minor changes due to rebase to it)?

Appreciate a lot!

The detailed changes:

(please refer to individual patch for specific changes to them.)

 - v14 -> v15:
  - Rebased to latest (today) master branch of Linus's tree.
  - Removed the patch which uses TDH.SYS.INFO to get TDSYSINFO_STRUCT.
  - Added a new patch to use TDH.SYS.RD (which is the new SEAMCALL to read
    TDX module metadata in TDX 1.5) to read essential metadata for module
    initialization and stop initializing TDX 1.0.
  - Put the new patch after the patch to build the TDX-usable memory
    list becaues CMRs are not readed from TDX module anymore.
  - Very minor rebase changes in other couple of patches due to the new
    TDH.SYS.RD patch.
  - Addressed all comments (few) received in v14 (Rafael/Nikolay).
  - Added people's tags -- thanks! (Sathy, Nickolay).

v14: https://lore.kernel.org/lkml/cover.1697532085.git.kai.huang@intel.com/T/

[1] v13: https://lore.kernel.org/lkml/cover.1692962263.git.kai.huang@intel.com/T/
[2] "TDX module ABI incompatibilities" spec:
    https://cdrdv2.intel.com/v1/dl/getContent/773041



Kai Huang (23):
  x86/virt/tdx: Detect TDX during kernel boot
  x86/tdx: Define TDX supported page sizes as macros
  x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC
  x86/cpu: Detect TDX partial write machine check erratum
  x86/virt/tdx: Handle SEAMCALL no entropy error in common code
  x86/virt/tdx: Add SEAMCALL error printing for module initialization
  x86/virt/tdx: Add skeleton to enable TDX on demand
  x86/virt/tdx: Use all system memory when initializing TDX module as
    TDX memory
  x86/virt/tdx: Get module global metadata for module initialization
  x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX
    memory regions
  x86/virt/tdx: Fill out TDMRs to cover all TDX memory regions
  x86/virt/tdx: Allocate and set up PAMTs for TDMRs
  x86/virt/tdx: Designate reserved areas for all TDMRs
  x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID
  x86/virt/tdx: Configure global KeyID on all packages
  x86/virt/tdx: Initialize all TDMRs
  x86/kexec: Flush cache of TDX private memory
  x86/virt/tdx: Keep TDMRs when module initialization is successful
  x86/virt/tdx: Improve readability of module initialization error
    handling
  x86/kexec(): Reset TDX private memory on platforms with TDX erratum
  x86/virt/tdx: Handle TDX interaction with ACPI S3 and deeper states
  x86/mce: Improve error log of kernel space TDX #MC due to erratum
  Documentation/x86: Add documentation for TDX host support

 Documentation/arch/x86/tdx.rst     |  222 +++-
 arch/x86/Kconfig                   |    3 +
 arch/x86/coco/tdx/tdx-shared.c     |    6 +-
 arch/x86/include/asm/cpufeatures.h |    1 +
 arch/x86/include/asm/msr-index.h   |    3 +
 arch/x86/include/asm/shared/tdx.h  |    6 +
 arch/x86/include/asm/tdx.h         |   39 +
 arch/x86/kernel/cpu/intel.c        |   17 +
 arch/x86/kernel/cpu/mce/core.c     |   33 +
 arch/x86/kernel/machine_kexec_64.c |   16 +
 arch/x86/kernel/process.c          |    8 +-
 arch/x86/kernel/reboot.c           |   15 +
 arch/x86/kernel/setup.c            |    2 +
 arch/x86/virt/vmx/tdx/Makefile     |    2 +-
 arch/x86/virt/vmx/tdx/tdx.c        | 1555 ++++++++++++++++++++++++++++
 arch/x86/virt/vmx/tdx/tdx.h        |  121 +++
 16 files changed, 2033 insertions(+), 16 deletions(-)
 create mode 100644 arch/x86/virt/vmx/tdx/tdx.c
 create mode 100644 arch/x86/virt/vmx/tdx/tdx.h


base-commit: 6bc986ab839c844e78a2333a02e55f02c9e57935

Comments

Nikolay Borisov Nov. 13, 2023, 8:40 a.m. UTC | #1
On 9.11.23 г. 13:55 ч., Kai Huang wrote:
> Hi all,
> 
> (Again I didn't include the full cover letter here to save people's time.
>   The full coverletter can be found in the v13 [1]).
> 
> This version mainly addressed one issue that we (Intel people) discussed
> internally: to only initialize TDX module 1.5 and later versions.  The
> reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and
> later version (for detailed information please see [2]).  There's no
> value to support TDX 1.0 when the TDX 1.5 are already out.
> 
> Hi Kirill, Dave (and all),
> 
> Could you help to review the new patch mentioned in the detailed
> changes below (and other minor changes due to rebase to it)?
> 
> Appreciate a lot!
> 

It looks good as a foundation to build on apart from Dave's comment 
about the read out of metadata fields are there any outstanding issues 
impending the merge of this series - Dave?


FWIW:

Reviewed-by: Nikolay Borisov <nborisov@suse.com>
Huang, Kai Nov. 13, 2023, 9:11 a.m. UTC | #2
On Mon, 2023-11-13 at 10:40 +0200, Nikolay Borisov wrote:
> 
> On 9.11.23 г. 13:55 ч., Kai Huang wrote:
> > Hi all,
> > 
> > (Again I didn't include the full cover letter here to save people's time.
> >   The full coverletter can be found in the v13 [1]).
> > 
> > This version mainly addressed one issue that we (Intel people) discussed
> > internally: to only initialize TDX module 1.5 and later versions.  The
> > reason is TDX 1.0 has some incompatibility issues to the TDX 1.5 and
> > later version (for detailed information please see [2]).  There's no
> > value to support TDX 1.0 when the TDX 1.5 are already out.
> > 
> > Hi Kirill, Dave (and all),
> > 
> > Could you help to review the new patch mentioned in the detailed
> > changes below (and other minor changes due to rebase to it)?
> > 
> > Appreciate a lot!
> > 
> 
> It looks good as a foundation to build on apart from Dave's comment 
> about the read out of metadata fields are there any outstanding issues 
> impending the merge of this series - Dave?

I believe many people are attending Linux plumber this week. :-)

> 
> 
> FWIW:
> 
> Reviewed-by: Nikolay Borisov <nborisov@suse.com>

Thanks!