lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250220170604.2279312-1-pbonzini@redhat.com>
Date: Thu, 20 Feb 2025 12:05:34 -0500
From: Paolo Bonzini <pbonzini@...hat.com>
To: linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org
Cc: seanjc@...gle.com,
	Yan Zhao <yan.y.zhao@...el.com>,
	Rick Edgecombe <rick.p.edgecombe@...el.com>
Subject: [PATCH v3 00/30] TDX initialization + vCPU/VM creation

Hi,

Here is v3 of TDX VM/vCPU creation series, which Rick and others from
Intel have handed off to me.

The only remaining snag could be the retry loop around some SEAMCALLS.
It's likely that it can be dropped but I have left it in place for now,
waiting for Yan's patient advice. :)

I dropped support for CET/PT in trusted domains, as well as for TDX
modules without MD_FIELD_ID_FEATURES0_TOPOLOGY_ENUM.  I have also added
to the end a patch that I scavenged from the Intel tree to add support
for the misc cgroup.

All non-KVM patches have been acked, except for 07/29  ("x86/virt/tdx:
allocate tdx_sys_info in static memory").

This series is based straight off of Linux 6.14-rc3.  It requires TDX
module 1.5.06 or later.

Paolo

Isaku Yamahata (13):
  x86/virt/tdx: Add tdx_guest_keyid_alloc/free() to alloc and free TDX
    guest KeyID
  KVM: TDX: Add placeholders for TDX VM/vCPU structures
  KVM: TDX: Define TDX architectural definitions
  KVM: TDX: Add helper functions to print TDX SEAMCALL error
  KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl
  KVM: TDX: Get system-wide info about TDX module on initialization
  KVM: TDX: create/destroy VM structure
  KVM: TDX: Support per-VM KVM_CAP_MAX_VCPUS extension check
  KVM: TDX: initialize VM with TDX specific parameters
  KVM: TDX: Make pmu_intel.c ignore guest TD case
  KVM: TDX: Don't offline the last cpu of one package when there's TDX
    guest
  KVM: TDX: create/free TDX vcpu structure
  KVM: TDX: Do TDX specific vcpu initialization

Kai Huang (5):
  x86/virt/tdx: Read essential global metadata for KVM
  KVM: Export hardware virtualization enabling/disabling functions
  KVM: VMX: Refactor VMX module init/exit functions
  KVM: VMX: Initialize TDX during KVM module load
  KVM: TDX: Get TDX global information

Paolo Bonzini (2):
  x86/virt/tdx: allocate tdx_sys_info in static memory
  KVM: x86: expose cpuid_entry2_find for TDX

Rick Edgecombe (6):
  x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management
  x86/virt/tdx: Add SEAMCALL wrappers for TDX TD creation
  x86/virt/tdx: Add SEAMCALL wrappers for TDX vCPU creation
  x86/virt/tdx: Add SEAMCALL wrappers for TDX page cache management
  x86/virt/tdx: Add SEAMCALL wrappers for TDX VM/vCPU field access
  x86/virt/tdx: Add SEAMCALL wrappers for TDX flush operations

Sean Christopherson (1):
  KVM: TDX: Add TDX "architectural" error codes

Xiaoyao Li (2):
  KVM: x86: Introduce KVM_TDX_GET_CPUID
  KVM: x86/mmu: Taking guest pa into consideration when calculate tdp
    level

Zhiming Hu (1):
  KVM: TDX: Register TDX host key IDs to cgroup misc controller

 arch/x86/include/asm/kvm-x86-ops.h            |    4 +-
 arch/x86/include/asm/kvm_host.h               |    2 +
 arch/x86/include/asm/shared/tdx.h             |    7 +-
 arch/x86/include/asm/tdx.h                    |   59 +
 .../tdx => include/asm}/tdx_global_metadata.h |   19 +
 arch/x86/include/uapi/asm/kvm.h               |   60 +
 arch/x86/kvm/Kconfig                          |   12 +
 arch/x86/kvm/Makefile                         |    1 +
 arch/x86/kvm/cpuid.c                          |   33 +-
 arch/x86/kvm/cpuid.h                          |    3 +
 arch/x86/kvm/lapic.c                          |    1 +
 arch/x86/kvm/mmu/mmu.c                        |    9 +-
 arch/x86/kvm/vmx/main.c                       |  180 +-
 arch/x86/kvm/vmx/pmu_intel.c                  |   52 +-
 arch/x86/kvm/vmx/pmu_intel.h                  |   28 +
 arch/x86/kvm/vmx/tdx.c                        | 1557 +++++++++++++++++
 arch/x86/kvm/vmx/tdx.h                        |   90 +
 arch/x86/kvm/vmx/tdx_arch.h                   |  130 ++
 arch/x86/kvm/vmx/tdx_errno.h                  |   37 +
 arch/x86/kvm/vmx/vmx.c                        |   25 +-
 arch/x86/kvm/vmx/vmx.h                        |   37 +-
 arch/x86/kvm/vmx/x86_ops.h                    |   24 +
 arch/x86/kvm/x86.c                            |   14 +-
 arch/x86/virt/vmx/tdx/tdx.c                   |  276 ++-
 arch/x86/virt/vmx/tdx/tdx.h                   |   39 +-
 arch/x86/virt/vmx/tdx/tdx_global_metadata.c   |   50 +
 include/linux/kvm_host.h                      |    9 +
 include/linux/misc_cgroup.h                   |    4 +
 kernel/cgroup/misc.c                          |    4 +
 virt/kvm/kvm_main.c                           |   21 +-
 30 files changed, 2681 insertions(+), 106 deletions(-)
 rename arch/x86/{virt/vmx/tdx => include/asm}/tdx_global_metadata.h (58%)
 create mode 100644 arch/x86/kvm/vmx/pmu_intel.h
 create mode 100644 arch/x86/kvm/vmx/tdx.c
 create mode 100644 arch/x86/kvm/vmx/tdx.h
 create mode 100644 arch/x86/kvm/vmx/tdx_arch.h
 create mode 100644 arch/x86/kvm/vmx/tdx_errno.h

-- 
2.43.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ