From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61DF1C7EE2F for ; Wed, 7 Jun 2023 15:25:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C8F4E8E0003; Wed, 7 Jun 2023 11:25:44 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C3FC48E0002; Wed, 7 Jun 2023 11:25:44 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B07288E0003; Wed, 7 Jun 2023 11:25:44 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id A074B8E0002 for ; Wed, 7 Jun 2023 11:25:44 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 05480C02FD for ; Wed, 7 Jun 2023 15:25:43 +0000 (UTC) X-FDA: 80876326608.10.7ADD99B Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf21.hostedemail.com (Postfix) with ESMTP id EB2BB1C0021 for ; Wed, 7 Jun 2023 15:25:39 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=RcZkIqtV; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf21.hostedemail.com: domain of dave.hansen@intel.com designates 134.134.136.100 as permitted sender) smtp.mailfrom=dave.hansen@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1686151540; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4S9sDtL41xSXwGNBeZ10GsStbelvnqd5Cx8Nw82Erto=; b=EbpKYP+KpHplpL7jsxTUwbQ6P7qATM6q5pI8znVei5G/vuyna6/1FkZXPHfAljSUKSQL1c U9qIgv5ZJYDReVMziEzBa1BtcHPP4WmuitzKS8vhYRywXhj8fjOb+FmZ/5YG0lsnWTflr8 hlWh0fS7AJS2w2MNUmi8cwqGIRHYxN8= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=RcZkIqtV; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf21.hostedemail.com: domain of dave.hansen@intel.com designates 134.134.136.100 as permitted sender) smtp.mailfrom=dave.hansen@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1686151540; a=rsa-sha256; cv=none; b=4Nzjwt3FcWsJxYuduDG5FmGWEgQ5RuagjjFeASyayZklV2Ohm5mfXG3NMW2Ww/czsV81Dn ofb/8Urts8fuSssVYP8eCmM1Kr0VMd2cRQ79AWIluftQIBMYKNjmW3NpqAywqcaoesvAKd j9zfImobSY6Mmc0esMfFNpOcLGFPjrY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1686151540; x=1717687540; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=o9s+xCFEIMsJhr2kn88p0xT5DlNmtrw35RZsqUG2rrU=; b=RcZkIqtVLCK0Vzq21f9hzjzMYk9SJl1n6iJvZXt9I78cDbpTj+VGXZyz Lm9iXrOzafBvIYBjNlGZF11zqBK3ent36PT72Ake2nuHTFeP9JNzAaOev Qu8ABaC0HE2fExgBWFX1038X7/WfVHYL3i3P9kcypeajEvVXaHAl0eQ9V 05IQVXc5lQC9pAx/33s4SvmOTdRukFPyNYVXSNlkU9pqceweLtreU96Nw ZW9PC/yu6jp/rPSG9DvGKS+wQKyqEN9prOSPT4yZssmukZcrYaNTiASM8 wZZL7myVTrM8QZdf940Y1QfPBJdiGOOCuASH3RCr6uCqbbqBa4GmLf9bN w==; X-IronPort-AV: E=McAfee;i="6600,9927,10734"; a="422868711" X-IronPort-AV: E=Sophos;i="6.00,224,1681196400"; d="scan'208";a="422868711" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jun 2023 08:25:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10734"; a="822207952" X-IronPort-AV: E=Sophos;i="6.00,224,1681196400"; d="scan'208";a="822207952" Received: from vsmyers-mobl2.amr.corp.intel.com (HELO [10.212.146.233]) ([10.212.146.233]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Jun 2023 08:25:36 -0700 Message-ID: <692d2345-914c-595c-1214-84c966f15aa6@intel.com> Date: Wed, 7 Jun 2023 08:25:35 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v11 08/20] x86/virt/tdx: Get information about TDX module and TDX-capable memory Content-Language: en-US To: Kai Huang , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, david@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com References: <50386eddbb8046b0b222d385e56e8115ed566526.1685887183.git.kai.huang@intel.com> From: Dave Hansen In-Reply-To: <50386eddbb8046b0b222d385e56e8115ed566526.1685887183.git.kai.huang@intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: EB2BB1C0021 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: 4rjz6iewd4nhkzimwekuwq7apzjwq7wb X-HE-Tag: 1686151539-304240 X-HE-Meta: U2FsdGVkX1/v13JNsyR2/EgOeu7NkSkpSadUFUMYHDuKGK27d6wLrAPfr7wAaOZMx0kJfsbt537DPqoBM++d6s9Iec2RbCPj3Yb36kxZ9wOQGBstEeitNRviZoksez+RhZpqN62x4Dh0KRbirpGyLHPHyVEKCDAo2quwH9X7S5oFvcGKfmaLjLqQ1tETCQ7tLaLKdi8lB8y/b26aIU5okpsmxQotvkTpshLjSk+MCbLsdLtlt262uFp3byiRhwLuPlZsflDOdnEX2cji8+SKdMGDrMft6xpIaIhist35wfMroAVsP2J+KeM4JI0VjUixQnrZZi99Ey8dHsZgmTeUcp8uN5cuwyMRRLcRIEBLwTzPz3xZqJtoSbVYg5lnkoBIlPvZknIZZG+tHcbQb7i1GQgV3h9XkDuDPgbyAQWWmjK1BwU+uZ+a8bznjvaxxG0Thb0CG1kou4VcpjnxyaNDS01JjjjFedzkM5ITrcgnAmdhkRScnYAZOaOM3C4+C+4fKHS7EnQrHC1ZAA3+8/2gRxkcNQNnmQm5Nq0gUXx6XnuS4sPxbE7VI6eIJzKumSQGbvZj+tVD4BrUQf5u1gDHZhmy8VApilr6/LYRnhoSlvaeuUiEz/fMaEShbUA27U4x8OIyU/X30j4oCSLk8a1Vh+WJ1tcz5frWVHbuFM+gTzb8nCmjpe0vWbmzidwkGaqUWq4czGqQ8R2gyGcGwg31QSrD9l9YftUHL22Z3AxURxpgHk0XVfun0UcoNfHtto7sBg6LpTrjgZ+EbQlKGlyaldlNL+vPKePC8z956eXDLGOC/VVd5SlyRn5KshlBznVePLjUx+YWPmv2mQb9RsWkAvN979ZhR2CDc5+8ljvKbkmJdOFSBCAbGNu+hwH48yy1Lk0jQ8+J0mHkDzDeONfkJZx3Gh0SE+TpQ6TnA/PjH0zMXnGgzyLI7oayF0qZv1Rq1lPWPhUbm8xwvX1xjNI nGgbxeKg FRvjxV4D3kxYZgIFlD23OOvPRRAqviE3N75JqnCop06tPgTgk2S5joiBiP/nol5kcS2YQjecD37jGsTwD7OoglzAfPqcYeazcMiwYOBi2zH5yW7QUU52aM9tXmSzCww+vqQl041Nd3zsW5VXQT4xRyj2mzFy2VIndA/5v53whgnOnyN/ucd0Pn6v4lPs7C8cFHThW8I8OIBbdTvM= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 6/4/23 07:27, Kai Huang wrote: > Start to transit out the "multi-steps" to initialize the TDX module. > > TDX provides increased levels of memory confidentiality and integrity. > This requires special hardware support for features like memory > encryption and storage of memory integrity checksums. Not all memory > satisfies these requirements. > > As a result, TDX introduced the concept of a "Convertible Memory Region" > (CMR). During boot, the firmware builds a list of all of the memory > ranges which can provide the TDX security guarantees. > > CMRs tell the kernel which memory is TDX compatible. The kernel takes > CMRs (plus a little more metadata) and constructs "TD Memory Regions" > (TDMRs). TDMRs let the kernel grant TDX protections to some or all of > the CMR areas. > > The TDX module also reports necessary information to let the kernel > build TDMRs and run TDX guests in structure 'tdsysinfo_struct'. The > list of CMRs, along with the TDX module information, is available to > the kernel by querying the TDX module. > > As a preparation to construct TDMRs, get the TDX module information and > the list of CMRs. Print out CMRs to help user to decode which memory > regions are TDX convertible. > > The 'tdsysinfo_struct' is fairly large (1024 bytes) and contains a lot > of info about the TDX module. Fully define the entire structure, but > only use the fields necessary to build the TDMRs and pr_info() some > basics about the module. The rest of the fields will get used by KVM. > > For now both 'tdsysinfo_struct' and CMRs are only used during the module > initialization. But because they are both relatively big, declare them > inside the module initialization function but as static variables. > > Signed-off-by: Kai Huang > Reviewed-by: Isaku Yamahata Reviewed-by: Dave Hansen