From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "Li, Xiaoyao" <xiaoyao.li@intel.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"seanjc@google.com" <seanjc@google.com>
Cc: "Huang, Kai" <kai.huang@intel.com>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"Chatre, Reinette" <reinette.chatre@intel.com>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"tony.lindgren@linux.intel.com" <tony.lindgren@linux.intel.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Hunter, Adrian" <adrian.hunter@intel.com>,
"Yamahata, Isaku" <isaku.yamahata@intel.com>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: Re: (Proposal) New TDX Global Metadata To Report FIXED0 and FIXED1 CPUID Bits
Date: Fri, 6 Dec 2024 18:41:01 +0000 [thread overview]
Message-ID: <d63e1f3f0ad8ead9d221cff5b1746dc7a7fa065c.camel@intel.com> (raw)
In-Reply-To: <43b26df1-4c27-41ff-a482-e258f872cc31@intel.com>
On Fri, 2024-12-06 at 10:42 +0800, Xiaoyao Li wrote:
> # Interaction with TDX_FEATURES0.VE_REDUCTION
>
> TDX introduces a new feature VE_REDUCTION[2]. From the perspective of
> host VMM, VE_REDUCTION turns several CPUID bits from fixed1 to
> configurable, e.g., MTRR, MCA, MCE, etc. However, from the perspective
> of TD guest, it’s an opt-in feature. The actual value seen by TD guest
> depends on multiple factors: 1). If TD guest enables REDUCE_VE in
> TDCS.TD_CTLS, 2) TDCS.FEATURE_PARAVIRT_CTRL, 3) CPUID value configured
> by host VMM via TD_PARAMS.CPUID_CONFIG[]. (Please refer to latest TDX
> 1.5 spec for more details.)
>
> Since host VMM has no idea on the setting of 1) and 2) when creating the
> TD. We make the design to treat them as configurable bits and the global
> metadata interface doesn’t report them as fixed1 bits for simplicity.
>
> Host VMM must be aware itself that the value of these VE_REDUCTION
> related CPUID bits might not be what it configures. The actual value
> seen by TD guest also depends on the guest enabling and configuration of
> VE_REDUCTION.
As we've been working on this, I've started to wonder whether this is a halfway
solution that is not worth it. Today there are directly configurable bits,
XFAM/attribute controlled bits, other opt-ins (like #VE reduction). And this has
only gotten more complicated as time has gone on.
If we really want to fully solve the problem of userspace understanding which
configurations are possible, the TDX module would almost need to expose some
sort of CPUID logic DSL that could be used to evaluate user configuration.
On the other extreme we could just say, this kind of logic is just going to need
to be hand coded somewhere, like is currently done in the QEMU patches.
The solution in this proposal decreases the work the VMM has to do, but in the
long term won't remove hand coding completely. As long as we are designing
something, what kind of bar should we target?
next prev parent reply other threads:[~2024-12-06 18:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-06 2:42 (Proposal) New TDX Global Metadata To Report FIXED0 and FIXED1 CPUID Bits Xiaoyao Li
2024-12-06 18:41 ` Edgecombe, Rick P [this message]
2024-12-10 3:22 ` Xiaoyao Li
2024-12-10 17:45 ` Edgecombe, Rick P
2024-12-17 1:53 ` Sean Christopherson
2024-12-17 4:27 ` Xiaoyao Li
2024-12-17 21:31 ` Edgecombe, Rick P
2024-12-18 0:08 ` Sean Christopherson
2024-12-19 1:56 ` Edgecombe, Rick P
2024-12-19 2:33 ` Sean Christopherson
2024-12-19 17:52 ` Edgecombe, Rick P
2024-12-20 2:40 ` Xiaoyao Li
2024-12-20 16:59 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d63e1f3f0ad8ead9d221cff5b1746dc7a7fa065c.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=adrian.hunter@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=reinette.chatre@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@linux.intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).