lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZfuNpI1fiUr4h27+@chao-email>
Date: Thu, 21 Mar 2024 09:30:12 +0800
From: Chao Gao <chao.gao@...el.com>
To: <isaku.yamahata@...el.com>
CC: <kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<isaku.yamahata@...il.com>, Paolo Bonzini <pbonzini@...hat.com>,
	<erdemaktas@...gle.com>, Sean Christopherson <seanjc@...gle.com>, Sagi Shahar
	<sagis@...gle.com>, Kai Huang <kai.huang@...el.com>, <chen.bo@...el.com>,
	<hang.yuan@...el.com>, <tina.zhang@...el.com>
Subject: Re: [PATCH v19 043/130] KVM: TDX: create/free TDX vcpu structure

>+int tdx_vcpu_create(struct kvm_vcpu *vcpu)
>+{
>+	struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm);
>+
>+	WARN_ON_ONCE(vcpu->arch.cpuid_entries);
>+	WARN_ON_ONCE(vcpu->arch.cpuid_nent);
>+
>+	/* TDX only supports x2APIC, which requires an in-kernel local APIC. */

Cannot QEMU emulate x2APIC? In my understanding, the reason is TDX module always
enables APICv for TDs. So, KVM cannot intercept every access to APIC and forward
them to QEMU for emulation.

>+	if (!vcpu->arch.apic)

will "if (!irqchip_in_kernel(vcpu->kvm))" work? looks this is the custome for such
a check.

>+		return -EINVAL;
>+
>+	fpstate_set_confidential(&vcpu->arch.guest_fpu);
>+
>+	vcpu->arch.efer = EFER_SCE | EFER_LME | EFER_LMA | EFER_NX;
>+
>+	vcpu->arch.cr0_guest_owned_bits = -1ul;
>+	vcpu->arch.cr4_guest_owned_bits = -1ul;
>+
>+	vcpu->arch.tsc_offset = to_kvm_tdx(vcpu->kvm)->tsc_offset;

kvm_tdx->tsc_offset;

>+	vcpu->arch.l1_tsc_offset = vcpu->arch.tsc_offset;
>+	vcpu->arch.guest_state_protected =
>+		!(to_kvm_tdx(vcpu->kvm)->attributes & TDX_TD_ATTRIBUTE_DEBUG);

!(kvm_tdx->attributes & TDX_TD_ATTRIBUTE_DEBUG);

>+
>+	if ((kvm_tdx->xfam & XFEATURE_MASK_XTILE) == XFEATURE_MASK_XTILE)
>+		vcpu->arch.xfd_no_write_intercept = true;
>+
>+	return 0;
>+}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ