From: Tom Lendacky <thomas.lendacky@amd.com>
To: Michael Kelley <mhklinux@outlook.com>,
Dexuan Cui <decui@microsoft.com>,
Dave Hansen <dave.hansen@intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"bp@alien8.de" <bp@alien8.de>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"kirill.shutemov@linux.intel.com"
<kirill.shutemov@linux.intel.com>,
KY Srinivasan <kys@microsoft.com>,
"luto@kernel.org" <luto@kernel.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"sathyanarayanan.kuppuswamy@linux.intel.com"
<sathyanarayanan.kuppuswamy@linux.intel.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"wei.liu@kernel.org" <wei.liu@kernel.org>,
jason <jason@zx2c4.com>, "tytso@mit.edu" <tytso@mit.edu>,
"ardb@kernel.org" <ardb@kernel.org>
Cc: "linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Tianyu Lan <Tianyu.Lan@microsoft.com>
Subject: Re: [RFC PATCH] clocksource: hyper-v: Enable the tsc_page for a TDX VM in TD mode
Date: Tue, 28 May 2024 09:15:57 -0500 [thread overview]
Message-ID: <eb470f47-9957-a8d6-c5c2-aaf5ccc8b9db@amd.com> (raw)
In-Reply-To: <SN6PR02MB4157B940ED0A5F39D49A897BD4F52@SN6PR02MB4157.namprd02.prod.outlook.com>
On 5/24/24 17:44, Michael Kelley wrote:
> From: Dexuan Cui <decui@microsoft.com> Sent: Friday, May 24, 2024 1:46 AM
>>> From: Dave Hansen <dave.hansen@intel.com>
>>> Sent: Thursday, May 23, 2024 7:26 AM
>>> [...]
>>> On 5/22/24 19:24, Dexuan Cui wrote:
>>> ...
>
> My thoughts:
>
> __bss_decrypted is named as if it applies to any CoCo VM, but really
> it is specific to AMD SEV. It was originally used for a GHCB page, which
IIRC, it was originally used for KVM clock, not the GHCB page, since
plain SEV doesn't use a GHCB, see:
b3f0907c71e0 ("x86/mm: Add .bss..decrypted section to hold shared variables")
> is SEV-specific, and then it proved to be convenient for the Hyper-V TSC
> page. Ideally, we could fix __bss_decrypted to work generally in a
> TDX VM without any dependency on code specific to a hypervisor. But
> looking at some of the details, that may be non-trivial.
In reality, TDX should also make this area shared as that is how this
section is meant to be setup. But up till now, I don't think TDX used
anything in the __bss_decrypted section, so it was never moved to a
common location and has remained SEV specific.
>
> A narrower solution is to remove the Hyper-V TSC page from
> __bss_decrypted, and use Hyper-V specific code on both TDX and
> SEV-SNP to decrypt just that page (not the entire __bss_decrypted),
> based on whether the Hyper-V guest is running with a paravisor.
> From Dexuan's patch, it looks like set_memory_decrypted()
> works on TDX at the time that ms_hyperv_init_platform() runs.
> Does it also work on SEV-SNP? The code in kvm_init_platform()
> uses early_set_mem_enc_dec_hypercall() with
> kvm_sev_hc_page_enc_status(), which is SEV only. So maybe
This is to inform the hypervisor that these pages are now shared, see
below.
> the normal set_memory_decrypted() doesn't work on SEV at
> that point, though I'm not at all clear on what kvm_init_platform is
> trying to do. Shouldn't __bss_decrypted already be set up correctly?
With SEV, yes, the pagetable is set up correctly. And specific to SNP,
the RMP is set up correctly because of the page state change (PSC) call
which also notifies the hypervisor of the state change.
But since the RMP PSC is SNP specific, SEV and SEV-ES require the
separate hypercall to notify the hypervisor of the state change.
Thanks,
Tom
>
next prev parent reply other threads:[~2024-05-28 14:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-23 2:24 [RFC PATCH] clocksource: hyper-v: Enable the tsc_page for a TDX VM in TD mode Dexuan Cui
2024-05-23 12:06 ` Kirill A. Shutemov
2024-05-24 8:22 ` Dexuan Cui
2024-05-23 14:25 ` Dave Hansen
2024-05-24 8:45 ` Dexuan Cui
2024-05-24 22:44 ` Michael Kelley
2024-05-28 14:15 ` Tom Lendacky [this message]
2024-05-28 9:16 ` kirill.shutemov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eb470f47-9957-a8d6-c5c2-aaf5ccc8b9db@amd.com \
--to=thomas.lendacky@amd.com \
--cc=Tianyu.Lan@microsoft.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=hpa@zytor.com \
--cc=jason@zx2c4.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kys@microsoft.com \
--cc=linux-coco@lists.linux.dev \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhklinux@outlook.com \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=tglx@linutronix.de \
--cc=tytso@mit.edu \
--cc=wei.liu@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox