From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E49C0125B2 for ; Wed, 22 Jan 2025 00:27:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.9 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737505673; cv=none; b=b/UmviG0E27CeqX9xFCL8b3fYGAx+vQCmygTVc/KDyAVvesXWBm7Mvqy/TxzSqRVCQEKOBt9QPFTVdC8nbAtRmGoIIUTdvPLhRVTrVmZxyZYc2EKGpU6ZXjQV2fOBGnkFJkRxF6l3iIIci5ZCJDdmXW2X96hn+AgQ3uKk0r1vzg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737505673; c=relaxed/simple; bh=A1OOUxuZUgubINCa7SayEf4VlG5m9dk45fbihyD7Bfg=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=bYEg/g0WY9mHLVi56KjmOPYRQplZZCTwcLQBOPa2KtKy0TryQNRtAXuABCoF7h8UoSh0JDmOAZNRXKocG1mz4U3Zj8aSRxSdlA87ZS01he00wVs1EOXoicPokc1VLdRuTJ9zSCugliIilVQmIYtqRA4UWWCc4AZr6zVYWClM69k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=dasgiEh+; arc=none smtp.client-ip=198.175.65.9 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="dasgiEh+" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1737505671; x=1769041671; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=A1OOUxuZUgubINCa7SayEf4VlG5m9dk45fbihyD7Bfg=; b=dasgiEh+7cZ+BsgllVYTTfL3KOiJPd4+/tJSFm2rVurNgI/BdvAru1hj D90h7V8PNlW97LpQMwWj7d8zQeP5S8tQo+f9jodIs74mi+ndl21W+fkln ICG4gZiOGGLfjzcRMbDZ8deVnJfQbBdpIo9X0vhY+yhn8n/y1ZVQedcQP Tw4tc8xyZDLZf1GHambURdPdeMWh5FblAQ36rH3pgKlU5fbuQKmOsuhO1 pToBBIrjkmaaX3Vnb7T1sezuGUBBY6zAuTHA9iIaDOV5YTlO1NPK4grya s4OTAmMfS1qrSD3gLxqVax5okIBm2qn1wwCr1zhhmk6nu6PV66PHWPUkv A==; X-CSE-ConnectionGUID: Al3VSXUiQeyj6ledmx0X5Q== X-CSE-MsgGUID: hJfmpVgJSvukmlom08bYnQ== X-IronPort-AV: E=McAfee;i="6700,10204,11322"; a="60417609" X-IronPort-AV: E=Sophos;i="6.13,223,1732608000"; d="scan'208";a="60417609" Received: from fmviesa008.fm.intel.com ([10.60.135.148]) by orvoesa101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jan 2025 16:27:51 -0800 X-CSE-ConnectionGUID: 4VKdnq5zRDW7qwdzX7WIfA== X-CSE-MsgGUID: m9uTzDl0QyaiQnlcBhtnlg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.13,223,1732608000"; d="scan'208";a="107081822" Received: from viggo.jf.intel.com (HELO ray2.sr71.net) ([10.54.77.144]) by fmviesa008.fm.intel.com with ESMTP; 21 Jan 2025 16:27:50 -0800 From: Dave Hansen To: torvalds@linux-foundation.org Cc: x86@kernel.org, linux-kernel@vger.kernel.org, Dave Hansen Subject: [GIT PULL] x86/tdx for 6.14-rc1 Date: Tue, 21 Jan 2025 16:27:51 -0800 Message-Id: <20250122002751.2321863-1-dave.hansen@linux.intel.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Hi Linus, Please pull some x86/tdx changes for 6.14-rc1. The existing TDX code needs a _bit_ of metadata from the TDX module. But KVM is going to need a bunch more very shortly. Rework the interface with the TDX module to be more consistent and handle the new higher volume. The TDX module has added a few new features. The first is a promise not to clobber RBP under any circumstances. Basically the kernel now will refuse to use any modules that don't have this promise. Second, enable the new "REDUCE_VE" feature. This ensures that the TDX module will not send some silly virtualization exceptions that the guest had no good way to handle anyway. -- The following changes since commit 40384c840ea1944d7c5a392e8975ed088ecf0b37: Linux 6.13-rc1 (2024-12-01 14:28:56 -0800) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_tdx_for_6.14-rc1 for you to fetch changes up to 6f5c71cc42d49203771bceed91a023d4dbec54f4: x86/virt/tdx: Require the module to assert it has the NO_RBP_MOD mitigation (2024-12-18 14:36:02 -0800) ---------------------------------------------------------------- * Centralize global metadata infrastructure * Use new TDX module features for exception suppression and RBP clobbering ---------------------------------------------------------------- Kai Huang (5): x86/virt/tdx: Rename 'struct tdx_tdmr_sysinfo' to reflect the spec better x86/virt/tdx: Start to track all global metadata in one structure x86/virt/tdx: Use dedicated struct members for PAMT entry sizes x86/virt/tdx: Switch to use auto-generated global metadata reading code x86/virt/tdx: Require the module to assert it has the NO_RBP_MOD mitigation Kirill A. Shutemov (2): x86/tdx: Disable unnecessary virtualization exceptions x86/tdx: Dump attributes and TD_CTLS on boot Paolo Bonzini (1): x86/virt/tdx: Use auto-generated code to read global metadata arch/x86/coco/tdx/Makefile | 2 +- arch/x86/coco/tdx/debug.c | 69 +++++++++++++++++++++ arch/x86/coco/tdx/tdx.c | 44 ++++++++++--- arch/x86/include/asm/shared/tdx.h | 38 +++++++++++- arch/x86/include/asm/tdx.h | 3 + arch/x86/virt/vmx/tdx/tdx.c | 95 ++++++++++------------------- arch/x86/virt/vmx/tdx/tdx.h | 40 ++---------- arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 48 +++++++++++++++ arch/x86/virt/vmx/tdx/tdx_global_metadata.h | 25 ++++++++ 9 files changed, 252 insertions(+), 112 deletions(-) create mode 100644 arch/x86/coco/tdx/debug.c create mode 100644 arch/x86/virt/vmx/tdx/tdx_global_metadata.c create mode 100644 arch/x86/virt/vmx/tdx/tdx_global_metadata.h