| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250502130828.4071412-1-kirill.shutemov@linux.intel.com>
Date: Fri, 2 May 2025 16:08:16 +0300
From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
To: pbonzini@...hat.com,
seanjc@...gle.com
Cc: rick.p.edgecombe@...el.com,
isaku.yamahata@...el.com,
kai.huang@...el.com,
yan.y.zhao@...el.com,
tglx@...utronix.de,
mingo@...hat.com,
bp@...en8.de,
dave.hansen@...ux.intel.com,
kvm@...r.kernel.org,
x86@...nel.org,
linux-coco@...ts.linux.dev,
linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: [RFC, PATCH 00/12] TDX: Enable Dynamic PAMT
This RFC patchset enables Dynamic PAMT in TDX. It is not intended to be
applied, but rather to receive early feedback on the feature design and
enabling.
>From our perspective, this feature has a lower priority compared to huge
page support. I will rebase this patchset on top of Yan's huge page
enabling at a later time, as it requires additional work.
Any feedback is welcome. We are open to ideas.
=========================================================================
The Physical Address Metadata Table (PAMT) holds TDX metadata for
physical memory and must be allocated by the kernel during TDX module
initialization.
The exact size of the required PAMT memory is determined by the TDX
module and may vary between TDX module versions, but currently it is
approximately 0.4% of the system memory. This is a significant
commitment, especially if it is not known upfront whether the machine
will run any TDX guests.
The Dynamic PAMT feature reduces static PAMT allocations. PAMT_1G and
PAMT_2M levels are still allocated on TDX module initialization, but the
PAMT_4K level is allocated dynamically, reducing static allocations to
approximately 0.004% of the system memory.
PAMT memory is dynamically allocated as pages gain TDX protections.
It is reclaimed when TDX protections have been removed from all
pages in a contiguous area.
TODO:
- Rebase on top of Yan's huge page support series. Demotion requires
additional handling with Dynamic PAMT;
- Get better vmalloc API from core-mm and simplify patch 02/12.
Kirill A. Shutemov (12):
x86/virt/tdx: Allocate page bitmap for Dynamic PAMT
x86/virt/tdx: Allocate reference counters for PAMT memory
x86/virt/tdx: Add wrappers for TDH.PHYMEM.PAMT.ADD/REMOVE
x86/virt/tdx: Account PAMT memory and print if in /proc/meminfo
KVM: TDX: Add tdx_pamt_get()/put() helpers
KVM: TDX: Allocate PAMT memory in __tdx_td_init()
KVM: TDX: Allocate PAMT memory in tdx_td_vcpu_init()
KVM: x86/tdp_mmu: Add phys_prepare() and phys_cleanup() to kvm_x86_ops
KVM: TDX: Preallocate PAMT pages to be used in page fault path
KVM: TDX: Hookup phys_prepare() and phys_cleanup() kvm_x86_ops
KVM: TDX: Reclaim PAMT memory
x86/virt/tdx: Enable Dynamic PAMT
arch/x86/include/asm/kvm-x86-ops.h | 2 +
arch/x86/include/asm/kvm_host.h | 5 +
arch/x86/include/asm/set_memory.h | 2 +
arch/x86/include/asm/tdx.h | 22 ++
arch/x86/include/asm/tdx_global_metadata.h | 1 +
arch/x86/kvm/mmu/mmu.c | 10 +
arch/x86/kvm/mmu/tdp_mmu.c | 47 ++++-
arch/x86/kvm/vmx/main.c | 2 +
arch/x86/kvm/vmx/tdx.c | 215 ++++++++++++++++++--
arch/x86/kvm/vmx/tdx_errno.h | 1 +
arch/x86/kvm/vmx/x86_ops.h | 9 +
arch/x86/mm/Makefile | 2 +
arch/x86/mm/meminfo.c | 11 +
arch/x86/mm/pat/set_memory.c | 2 +-
arch/x86/virt/vmx/tdx/tdx.c | 211 ++++++++++++++++++-
arch/x86/virt/vmx/tdx/tdx.h | 5 +-
arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 3 +
virt/kvm/kvm_main.c | 1 +
18 files changed, 522 insertions(+), 29 deletions(-)
create mode 100644 arch/x86/mm/meminfo.c
--
2.47.2
Powered by blists - more mailing lists