From: Chao Gao <chao.gao@intel.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "seanjc@google.com" <seanjc@google.com>,
"Li, Xiaoyao" <xiaoyao.li@intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"pbonzini@redhat.com" <pbonzini@redhat.com>
Subject: Re: [RFC] TDX module configurability of 0x80000008
Date: Tue, 7 May 2024 22:22:56 +0800 [thread overview]
Message-ID: <Zjo5QBVXjO2/wLE6@chao-email> (raw)
In-Reply-To: <322e67ab6e965a70a7365da441179a7fa65f2314.camel@intel.com>
On Mon, May 06, 2024 at 06:40:03PM +0000, Edgecombe, Rick P wrote:
>Follow up on this:
>
>1. The plan is to just always inject the #VEs for private and shared GPAs that
>exceed GPAW. (i.e. not pass the subset of EPT violations that could be handled
>by the VMM by clearing suppress #VE)
>
>
>2. There was some concern that exposing non-zero bits in [23:16] could confuse
>existing TDs. Of course KVM doesn't support any TDs today, but if this feature
>comes after initial KVM support for TDX and KVM wants to set it by default, then
>it could be an issue.
Do you mean some TDs may assert that [23:16] are 0s? A future-proof design
won't have this assertion. And this case (i.e., some CPUID bits become non-zero)
happens on every new generation of CPUs and doesn't confuse existing OSes. I
don't understand why it would be a problem for TDs.
>
>For normal VMs, is there any concern that guests might not be masking the bits
>correctly?
>
>TDX module folks were pushing for a guest opt-in out of concern some breakages
>could result. Of course it requires additional enabling in the guest OS and
>vBIOS then. I was thinking it should be a host opt-in without guest control. If
>there was a problem it could be a host userspace opt-in. Any concerns there?
>
>Thanks,
>
>Rick
next prev parent reply other threads:[~2024-05-07 14:23 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-24 16:55 [RFC] TDX module configurability of 0x80000008 Edgecombe, Rick P
2024-04-25 15:09 ` Xiaoyao Li
2024-04-25 16:31 ` Edgecombe, Rick P
2024-04-25 16:59 ` Sean Christopherson
2024-04-25 18:20 ` Edgecombe, Rick P
2024-04-25 21:39 ` Sean Christopherson
2024-04-25 22:41 ` Edgecombe, Rick P
2024-04-25 22:53 ` Sean Christopherson
2024-04-25 23:08 ` Edgecombe, Rick P
2024-04-25 23:28 ` Sean Christopherson
2024-04-25 23:38 ` Edgecombe, Rick P
2024-05-06 18:40 ` Edgecombe, Rick P
2024-05-07 14:22 ` Chao Gao [this message]
2024-05-07 14:49 ` Edgecombe, Rick P
2024-05-07 16:21 ` Sean Christopherson
2024-05-07 16:41 ` Xiaoyao Li
2024-05-07 17:11 ` Sean Christopherson
2024-05-08 7:50 ` Xiaoyao Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zjo5QBVXjO2/wLE6@chao-email \
--to=chao.gao@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=xiaoyao.li@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.