lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250503191515.24041-1-ricardo.neri-calderon@linux.intel.com>
Date: Sat,  3 May 2025 12:15:02 -0700
From: Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>
To: x86@...nel.org,
	Krzysztof Kozlowski <krzk+dt@...nel.org>,
	Conor Dooley <conor+dt@...nel.org>,
	Rob Herring <robh@...nel.org>,
	"K. Y. Srinivasan" <kys@...rosoft.com>,
	Haiyang Zhang <haiyangz@...rosoft.com>,
	Wei Liu <wei.liu@...nel.org>,
	Dexuan Cui <decui@...rosoft.com>,
	Michael Kelley <mhklinux@...look.com>
Cc: devicetree@...r.kernel.org,
	Saurabh Sengar <ssengar@...ux.microsoft.com>,
	Chris Oo <cho@...rosoft.com>,
	linux-hyperv@...r.kernel.org,
	"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
	linux-acpi@...r.kernel.org ,
	linux-kernel@...r.kernel.org,
	"Ravi V. Shankar" <ravi.v.shankar@...el.com>,
	Ricardo Neri <ricardo.neri@...el.com>
Subject: [PATCH v3 00/13] x86/hyperv/hv_vtl: Use a wakeup mailbox to boot secondary CPUs

Hi,

I have taken over this work from Yunhong Jiang [1]. I have implemented all
the feedback received in his last submission. I think that the acpi,
smpboot, and hyperv portions are in good shape and ready for review by the
x86 maintainers. I did major rework on the DeviceTree bindings and in my
opinion are also ready for review by the maintainer too.

Thanks in advance for your feedback!

---

This patchset adds functionality to use a wakeup mailbox to boot secondary
CPUs in Hyper-V VTL level 2 TDX guests with virtual firmware that describes
hardware using a DeviceTree graph. Although this is the target use case,
the use of the mailbox depends solely on it being enumerated in the
DeviceTree.

On x86 platforms, secondary CPUs are typically booted using INIT assert,
de-assert followed by Start-Up IPI messages. Virtual machines can also make
hypercalls to bring up secondary CPUs to a desired execution state. These
two mechanisms require support from the hypervisor. Confidential computing
VMs in a TDX environment cannot use this mechanism because the hypervisor
is considered an untrusted entity.

Linux already supports the ACPI Multiprocessor Wakeup Structure in which
the guest platform firmware boots the secondary CPUs and transfers control
to the kernel using a mailbox. This mechanism does not need involvement
of the VMM. It can be used in a Hyper-V VTL level 2 TDX guest.

Currently, this mechanism can only be used on x86 platforms with firmware
that supports ACPI. There are platforms that use DeviceTree (e.g., OpenHCL
[2]) instead of ACPI to describe the hardware.

Provided that a Wakeup Mailbox defined in the DeviceTree is compatible in
structure and operation with the ACPI Multiprocessor Wakeup Structure, the
kernel can use common code for both.

This patcheset is structured as follows:

   * Relocate portions of the ACPI Multiprocessor Wakeup Structure code to
     to a common location. (patches 1-3)
   * Add DeviceTree schema and bindings to define a Wakeup Mailbox for
     Intel processors that is compatible with the ACPI Multiprocessor
     Wakeup Structure as well as a new enable-method property for cpu@N
     nodes (patches 4, 6).
   * Add support to parse the enable-method property in the cpu@N nodes of
     DeviceTree graphs for x86 and enable the Wakeup Mailbox if available.
     (patches 5, 7)
   * Prepare Hyper-V VTL2 TDX guests to use the Wakeup Mailbox to boot
     secondary CPUs when available. (patches 8-13)

I have tested this patchset on a Hyper-V host with VTL2 OpenHCL, QEMU, and
physical hardware.

Thanks and BR,
Ricardo

Changes since v2:
  - Only move out of the acpi directory acpi_wakeup_cpu() and its
    accessory variables. Use helper functions to access the mailbox as
    needed. This also fixed the warnings about unused code with CONFIG_
    ACPI=n that Michael reported.
  - Major rework of the DeviceTree bindings and schema. Now there is a
    reserved-memory binding for the mailbox as well as a new x86 CPU
    bindings. Both have `compatible` properties.
  - Rework of the code parsing the DeviceTree bindings for the mailbox.
    Now configuring the mailbox depends solely on its enumeration in the
    DeviceTree and not on Hyper-V VTL2 TDX guest.
  - Do not make reserving the first 1MB of memory optional. It is not
    needed and may introduce bugs.
  - Prepare Hyper-V VTL2 guests to unconditionally use the mailbox in TDX
    environments. If the mailbox is not available, booting secondary CPUs
    will fail gracefully.

Changes since v1:
  - Fix the cover letter's summary phrase.
  - Fix the DT binding document to pass validation.
  - Change the DT binding document to be ACPI independent.
  - Move ACPI-only functions into the #ifdef CONFIG_ACPI.
  - Change dtb_parse_mp_wake() to return mailbox physical address.
  - Rework the hv_is_private_mmio_tdx().
  - Remove unrelated real mode change from the patch that marks mailbox
    page private.
  - Check hv_isolation_type_tdx() instead of wakeup_mailbox_addr in
    hv_vtl_init_platform() because wakeup_mailbox_addr is not parsed yet.
  - Add memory range support to reserve_real_mode.
  - Remove realmode_reserve callback and use the memory range.
  - Move setting the real_mode_header to hv_vtl_init_platform.
  - Update comments and commit messages.
  - Minor style changes.

[1]. https://lore.kernel.org/lkml/20240823232327.2408869-7-yunhong.jiang@linux.intel.com/T/#ma1f56fc7eee585b777829fa7e8bd39cd3e780fe0
[2]. https://openvmm.dev/guide/user_guide/openhcl.html

Ricardo Neri (9):
  x86/acpi: Add a helper function to setup the wakeup mailbox
  x86/acpi: Add a helper function to get a pointer to the wakeup mailbox
  x86/acpi: Move acpi_wakeup_cpu() and helpers to smpboot.c
  dt-bindings: x86: Add CPU bindings for x86
  x86/dt: Parse the `enable-method` property of CPU nodes
  dt-bindings: reserved-memory: Wakeup Mailbox for Intel processors
  x86/dt: Parse the Wakeup Mailbox for Intel processors
  x86/smpboot: Add a helper get the address of the wakeup mailbox
  x86/hyperv/vtl: Use the wakeup mailbox to boot secondary CPUs

Yunhong Jiang (4):
  x86/hyperv/vtl: Set real_mode_header in hv_vtl_init_platform()
  x86/realmode: Make the location of the trampoline configurable
  x86/hyperv/vtl: Setup the 64-bit trampoline for TDX guests
  x86/hyperv/vtl: Mark the wakeup mailbox page as private

 .../reserved-memory/intel,wakeup-mailbox.yaml |  87 +++++++++++
 .../devicetree/bindings/x86/cpus.yaml         |  80 ++++++++++
 arch/x86/hyperv/hv_vtl.c                      |  35 ++++-
 arch/x86/include/asm/smp.h                    |   6 +
 arch/x86/include/asm/x86_init.h               |   3 +
 arch/x86/kernel/acpi/madt_wakeup.c            |  75 +---------
 arch/x86/kernel/devicetree.c                  | 141 +++++++++++++++++-
 arch/x86/kernel/smpboot.c                     |  83 +++++++++++
 arch/x86/kernel/x86_init.c                    |   3 +
 arch/x86/realmode/init.c                      |   7 +-
 10 files changed, 440 insertions(+), 80 deletions(-)
 create mode 100644 Documentation/devicetree/bindings/reserved-memory/intel,wakeup-mailbox.yaml
 create mode 100644 Documentation/devicetree/bindings/x86/cpus.yaml

-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ