lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240823232327.2408869-1-yunhong.jiang@linux.intel.com>
Date: Fri, 23 Aug 2024 16:23:18 -0700
From: Yunhong Jiang <yunhong.jiang@...ux.intel.com>
To: tglx@...utronix.de,
	mingo@...hat.com,
	bp@...en8.de,
	dave.hansen@...ux.intel.com,
	x86@...nel.org,
	hpa@...or.com,
	robh@...nel.org,
	krzk+dt@...nel.org,
	conor+dt@...nel.org,
	kys@...rosoft.com,
	haiyangz@...rosoft.com,
	wei.liu@...nel.org,
	decui@...rosoft.com,
	rafael@...nel.org,
	lenb@...nel.org,
	kirill.shutemov@...ux.intel.com,
	yunhong.jiang@...ux.intel.com
Cc: linux-kernel@...r.kernel.org,
	devicetree@...r.kernel.org,
	linux-hyperv@...r.kernel.org,
	linux-acpi@...r.kernel.org
Subject: [PATCH v2 0/9] x86/hyperv: Support wakeup mailbox for VTL2 TDX guest

This set of patches add ACPI multiprocessor wakeup support to VTL2 TDX VMs
booting with device tree instead of ACPI.

Historically, x86 platforms have booted secondary processors (APs) using
INIT followed by the start up IPI (SIPI) messages. However, TDX VMs
can't use this protocol because this protocol requires assistance from
VMMs while VMMs are not trusted by TDX guest.

ACPI specification version 6.4 introduced a new wakeup mailbox model to
address this issue. A "Multiprocessor Wakeup Structure" has been added to
an existing ACPI table (MADT). This structure provides the physical of a
"Multiprocessor Wakeup Mailbox Structure". Message written to the mailbox
structure steers the APs to the boot code.

With this new wakeup model, TDX VMs with ACPI support boot the APs
securely. However, TDX VMs with the device tree, like VTL2 TDX hyperv
guests, have no ACPI support and still face the challenge.

To fix this challenge, either a new mechanism from scratch is
introduced, or the TDX VMs with device tree can utilize the ACPI wakeup
model.

By reusing the ACPI wakeup mailbox model, the Multiprocessor Wakeup Mailbox
Structure will be kept and the message mechanism will be the same as ACPI.
This will reduce maintenance effort in the long term.

The first patch moves the madt wakeup implementation to generic code.
The patches 2-3 add the wakeup mailbox support to the device tree.
The patches 4-5 add the wakeup mailbox support to the hyperv guest.
The patches 6-8 update the real mode memory reservation.
The last patch applies the wakeup mailbox support to the VTL2 TDX guest.

v2:
  - Fix the cover letter's summary phrase.
  - Fix the DT binding document to pass validation.
  - Change the DT binding document to be ACPI independent.
  - Move ACPI-only functions into the #ifdef CONFIG_ACPI.
  - Change dtb_parse_mp_wake() to return mailbox physical address.
  - Rework the hv_is_private_mmio_tdx().
  - Remove unrelated real mode change from the patch that marks mailbox
    page private.
  - Check hv_isolation_type_tdx() instead of wakeup_mailbox_addr in
    hv_vtl_init_platform() because wakeup_mailbox_addr is not parsed yet.
  - Add memory range support to reserve_real_mode.
  - Remove realmode_reserve callback and use the memory range.
  - Move setting the real_mode_header to hv_vtl_init_platform.
  - Update comments and commit messages.
  - Minor style changes.

Yunhong Jiang (9):
  x86/acpi: Move ACPI MADT wakeup to generic code
  dt-bindings: x86: Add a binding for x86 wakeup mailbox
  x86/dt: Support the ACPI multiprocessor wakeup for device tree
  x86/hyperv: Parse the ACPI wakeup mailbox
  x86/hyperv: Mark ACPI wakeup mailbox page as private
  x86/realmode: Add memory range support to reserve_real_mode
  x86/hyperv: Move setting the real_mode_header to hv_vtl_init_platform
  x86/hyperv: Set realmode_limit to 4G for VTL2 TDX guest
  x86/hyperv: Use wakeup mailbox for VTL2 guests if available

 .../devicetree/bindings/x86/wakeup.yaml       | 64 +++++++++++++++++++
 MAINTAINERS                                   |  3 +
 arch/x86/Kconfig                              |  2 +-
 arch/x86/hyperv/hv_vtl.c                      | 29 +++++++--
 arch/x86/include/asm/acpi.h                   |  1 -
 arch/x86/include/asm/madt_wakeup.h            | 16 +++++
 arch/x86/include/asm/mshyperv.h               |  3 +
 arch/x86/include/asm/x86_init.h               |  6 ++
 arch/x86/kernel/Makefile                      |  1 +
 arch/x86/kernel/acpi/Makefile                 |  1 -
 arch/x86/kernel/cpu/mshyperv.c                |  2 +
 arch/x86/kernel/{acpi => }/madt_playdead.S    |  0
 arch/x86/kernel/{acpi => }/madt_wakeup.c      | 38 +++++++++++
 arch/x86/kernel/x86_init.c                    |  3 +
 arch/x86/realmode/init.c                      | 14 ++--
 drivers/hv/hv_common.c                        |  8 +++
 16 files changed, 176 insertions(+), 15 deletions(-)
 create mode 100644 Documentation/devicetree/bindings/x86/wakeup.yaml
 create mode 100644 arch/x86/include/asm/madt_wakeup.h
 rename arch/x86/kernel/{acpi => }/madt_playdead.S (100%)
 rename arch/x86/kernel/{acpi => }/madt_wakeup.c (90%)


base-commit: fedb9ddeb1445f85d8f691b20f3faaa6dab8dd3f
-- 
2.25.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ