[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2f9dd848f8ea5092a206906aa99928c2fa47389d.camel@intel.com>
Date: Mon, 26 Aug 2024 17:46:26 +0000
From: "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>
To: "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "pbonzini@...hat.com"
<pbonzini@...hat.com>, "nik.borisov@...e.com" <nik.borisov@...e.com>,
"seanjc@...gle.com" <seanjc@...gle.com>
CC: "Li, Xiaoyao" <xiaoyao.li@...el.com>, "tony.lindgren@...ux.intel.com"
<tony.lindgren@...ux.intel.com>, "Huang, Kai" <kai.huang@...el.com>,
"isaku.yamahata@...il.com" <isaku.yamahata@...il.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 21/25] KVM: x86: Introduce KVM_TDX_GET_CPUID
On Mon, 2024-08-26 at 17:09 +0300, Nikolay Borisov wrote:
> > + /*
> > + * Work around missing support on old TDX modules, fetch
> > + * guest maxpa from gfn_direct_bits.
> > + */
>
>
> Define old TDX module? I believe the minimum supported TDX version is
> 1.5 as EMR are the first public CPUs to support this, no? Module 1.0 was
> used for private previews etc? Can this be dropped altogether?
Well, today "old" means all released TDX modules. This is a new feature under
development, that KVM maintainers were ok working around being missing for now.
The comment should be improved.
See here for discussion of the design and purpose of the feature:
https://lore.kernel.org/kvm/f9f1da5dc94ad6b776490008dceee5963b451cda.camel@intel.com/
> It is
> much easier to mandate the minimum supported version now when nothing
> has been merged. Furthermore, in some of the earlier patches it's
> specifically required that the TDX module support NO_RBP_MOD which
> became available in 1.5, which already dictates that the minimum version
> we should care about is 1.5.
There is some checking in Kai's TDX module init patches:
https://lore.kernel.org/kvm/d307d82a52ef604cfff8c7745ad8613d3ddfa0c8.1721186590.git.kai.huang@intel.com/
But beyond checking for supported features, there are also bug fixes that can
affect usability. In the NO_RBP_MOD case we need a specific recent TDX module in
order to remove the RBP workaround patches.
We could just check for a specific TDX module version instead, but I'm not sure
whether KVM would want to get into the game of picking preferred TDX module
versions. I guess in the case of any bugs that affect the host it will have to
do it though. So we will have to add a version check before live KVM support
lands upstream.
Hmm, thanks for the question.
Powered by blists - more mailing lists