lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a2386cbfc8a4e091f86840df491fb4d999478f44.camel@intel.com>
Date: Sat, 6 Apr 2024 00:09:40 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "binbin.wu@...ux.intel.com" <binbin.wu@...ux.intel.com>, "Yamahata, Isaku"
	<isaku.yamahata@...el.com>
CC: "Zhang, Tina" <tina.zhang@...el.com>, "isaku.yamahata@...ux.intel.com"
	<isaku.yamahata@...ux.intel.com>, "seanjc@...gle.com" <seanjc@...gle.com>,
	"Huang, Kai" <kai.huang@...el.com>, "sean.j.christopherson@...el.com"
	<sean.j.christopherson@...el.com>, "sagis@...gle.com" <sagis@...gle.com>,
	"Chen, Bo2" <chen.bo@...el.com>, "isaku.yamahata@...il.com"
	<isaku.yamahata@...il.com>, "Aktas, Erdem" <erdemaktas@...gle.com>,
	"kvm@...r.kernel.org" <kvm@...r.kernel.org>, "pbonzini@...hat.com"
	<pbonzini@...hat.com>, "Yuan, Hang" <hang.yuan@...el.com>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v19 067/130] KVM: TDX: Add load_mmu_pgd method for TDX

On Wed, 2024-04-03 at 10:33 -0700, Isaku Yamahata wrote:
> On Mon, Apr 01, 2024 at 11:49:43PM +0800,
> Binbin Wu <binbin.wu@...ux.intel.com> wrote:
> 
> > 
> > 
> > On 2/26/2024 4:26 PM, isaku.yamahata@...el.com wrote:
> > > From: Sean Christopherson <sean.j.christopherson@...el.com>
> > > 
> > > For virtual IO, the guest TD shares guest pages with VMM without
> > > encryption.
> > 
> > Virtual IO is a use case of shared memory, it's better to use it
> > as a example instead of putting it at the beginning of the sentence.
> > 
> > 
> > >    Shared EPT is used to map guest pages in unprotected way.
> > > 
> > > Add the VMCS field encoding for the shared EPTP, which will be used by
> > > TDX to have separate EPT walks for private GPAs (existing EPTP) versus
> > > shared GPAs (new shared EPTP).
> > > 
> > > Set shared EPT pointer value for the TDX guest to initialize TDX MMU.
> > May have a mention that the EPTP for priavet GPAs is set by TDX module.
> 
> Sure, let me update the commit message.

How about this?

KVM: TDX: Add load_mmu_pgd method for TDX

TDX has uses two EPT pointers, one for the private half of the GPA
space and one for the shared half. The private half used the normal
EPT_POINTER vmcs field and is managed in a special way by the TDX module.
The shared half uses a new SHARED_EPT_POINTER field and will be managed by
the conventional MMU management operations that operate directly on the
EPT tables. This means for TDX the .load_mmu_pgd() operation will need to
know to use the SHARED_EPT_POINTER field instead of the normal one. Add a
new wrapper in x86 ops for load_mmu_pgd() that either directs the write to
the existing vmx implementation or a TDX one.

For the TDX operation, EPT will always be used, so it can simpy write to
the SHARED_EPT_POINTER field.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ