| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Jul 2022 11:20:28 +0700
From: Bagas Sanjaya <bagasdotme@...il.com>
To: linux-doc@...r.kernel.org
Cc: Paolo Bonzini <pbonzini@...hat.com>,
Jonathan Corbet <corbet@....net>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Isaku Yamahata <isaku.yamahata@...el.com>,
Kai Huang <kai.huang@...el.com>, x86@...nel.org,
kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
Bagas Sanjaya <bagasdotme@...il.com>
Subject: [PATCH 02/12] Documentation: kvm: tdx: Use appropriate subbullet marker
Sphinx only supports dash (-) and asterisk (*) as bullet marker. Use
them instead of dot (.) and equal (=).
Fixes: 9e54fa1ac03df3 ("Documentation/virtual/kvm: Document on Trust Domain Extensions(TDX)")
Signed-off-by: Bagas Sanjaya <bagasdotme@...il.com>
---
Documentation/virt/kvm/intel-tdx.rst | 23 +++++++++++++----------
1 file changed, 13 insertions(+), 10 deletions(-)
diff --git a/Documentation/virt/kvm/intel-tdx.rst b/Documentation/virt/kvm/intel-tdx.rst
index 46ad32f3248e40..7a7c17da3a045f 100644
--- a/Documentation/virt/kvm/intel-tdx.rst
+++ b/Documentation/virt/kvm/intel-tdx.rst
@@ -216,15 +216,16 @@ The main issue for it is that the logic of kvm_x86_ops callbacks for
TDX is different from VMX. On the other hand, the variable,
kvm_x86_ops, is global single variable. Not per-VM, not per-vcpu.
-Several points to be considered.
- . No or minimal overhead when TDX is disabled(CONFIG_INTEL_TDX_HOST=n).
- . Avoid overhead of indirect call via function pointers.
- . Contain the changes under arch/x86/kvm/vmx directory and share logic
+Several points to be considered:
+
+ * No or minimal overhead when TDX is disabled(CONFIG_INTEL_TDX_HOST=n).
+ * Avoid overhead of indirect call via function pointers.
+ * Contain the changes under arch/x86/kvm/vmx directory and share logic
with VMX for maintenance.
Even though the ways to operation on VM (VMX instruction vs TDX
SEAM call) is different, the basic idea remains same. So, many
logic can be shared.
- . Future maintenance
+ * Future maintenance
The huge change of kvm_x86_ops in (near) future isn't expected.
a centralized file is acceptable.
@@ -295,21 +296,23 @@ One bit of GPA (51 or 47 bit) is repurposed so that it means shared
with host(if set to 1) or private to TD(if cleared to 0).
- The current implementation
- . Reuse the existing MMU code with minimal update. Because the
+
+ * Reuse the existing MMU code with minimal update. Because the
execution flow is mostly same. But additional operation, TDX call
for S-EPT, is needed. So add hooks for it to kvm_x86_ops.
- . For performance, minimize TDX SEAM call to operate on S-EPT. When
+ * For performance, minimize TDX SEAM call to operate on S-EPT. When
getting corresponding S-EPT pages/entry from faulting GPA, don't
use TDX SEAM call to read S-EPT entry. Instead create shadow copy
in host memory.
Repurpose the existing kvm_mmu_page as shadow copy of S-EPT and
associate S-EPT to it.
- . Treats share bit as attributes. mask/unmask the bit where
+ * Treats share bit as attributes. mask/unmask the bit where
necessary to keep the existing traversing code works.
Introduce kvm.arch.gfn_shared_mask and use "if (gfn_share_mask)"
for special case.
- = 0 : for non-TDX case
- = 51 or 47 bit set for TDX case.
+
+ * 0 : for non-TDX case
+ * 51 or 47 bit set for TDX case.
Pros:
--
An old man doll... just what I always wanted! - Clara
Powered by blists - more mailing lists