| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<SN6PR02MB415740783351D43FDBFFE9CCD49FA@SN6PR02MB4157.namprd02.prod.outlook.com>
Date: Tue, 20 May 2025 01:31:53 +0000
From: Michael Kelley <mhklinux@...look.com>
To: Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>, "x86@...nel.org"
<x86@...nel.org>, Krzysztof Kozlowski <krzk+dt@...nel.org>, Conor Dooley
<conor+dt@...nel.org>, Rob Herring <robh@...nel.org>, "K. Y. Srinivasan"
<kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Wei Liu
<wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>
CC: "devicetree@...r.kernel.org" <devicetree@...r.kernel.org>, Saurabh Sengar
<ssengar@...ux.microsoft.com>, Chris Oo <cho@...rosoft.com>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>, "Kirill A.
Shutemov" <kirill.shutemov@...ux.intel.com>, "linux-acpi@...r.kernel.org"
<linux-acpi@...r.kernel.org>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "Ravi V. Shankar" <ravi.v.shankar@...el.com>,
Ricardo Neri <ricardo.neri@...el.com>
Subject: RE: [PATCH v3 10/13] x86/hyperv/vtl: Setup the 64-bit trampoline for
TDX guests
From: Ricardo Neri <ricardo.neri-calderon@...ux.intel.com> Sent: Saturday, May 3, 2025 12:15 PM
>
> From: Yunhong Jiang <yunhong.jiang@...ux.intel.com>
>
> The hypervisor is an untrusted entity for TDX guests. It cannot be used
> to boot secondary CPUs - neither via hypercalls not the INIT assert,
> de-assert plus Start-Up IPI messages.
>
> Instead, the platform virtual firmware boots the secondary CPUs and
> puts them in a state to transfer control to the kernel. This mechanism uses
> the wakeup mailbox described in the Multiprocessor Wakeup Structure of the
> ACPI specification. The entry point to the kernel is trampoline_start64.
>
> Allocate and setup the trampoline using the default x86_platform callbacks.
>
> The platform firmware configures the secondary CPUs in long mode. It is no
> longer necessary to locate the trampoline under 1MB memory. After handoff
> from firmware, the trampoline code switches briefly to 32-bit addressing
> mode, which has an addressing limit of 4GB. Set the upper bound of the
> trampoline memory accordingly.
>
> Signed-off-by: Yunhong Jiang <yunhong.jiang@...ux.intel.com>
> Signed-off-by: Ricardo Neri <ricardo.neri-calderon@...ux.intel.com>
> ---
> Changes since v2:
> - Added a note regarding there is no need to check for a present
> paravisor.
> - Edited commit message for clarity.
>
> Changes since v1:
> - Dropped the function hv_reserve_real_mode(). Instead, used the new
> members realmode_limit and reserve_bios members of x86_init to
> set the upper bound of the trampoline memory. (Thomas)
> ---
> arch/x86/hyperv/hv_vtl.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c
> index 6bd183ee484f..8b497c8292d3 100644
> --- a/arch/x86/hyperv/hv_vtl.c
> +++ b/arch/x86/hyperv/hv_vtl.c
> @@ -58,9 +58,14 @@ void __init hv_vtl_init_platform(void)
> {
> pr_info("Linux runs in Hyper-V Virtual Trust Level\n");
>
> - x86_platform.realmode_reserve = x86_init_noop;
> - x86_platform.realmode_init = x86_init_noop;
> - real_mode_header = &hv_vtl_real_mode_header;
> + /* There is no paravisor present if we are here. */
> + if (hv_isolation_type_tdx()) {
> + x86_init.resources.realmode_limit = SZ_4G;
> + } else {
> + x86_platform.realmode_reserve = x86_init_noop;
> + x86_platform.realmode_init = x86_init_noop;
> + real_mode_header = &hv_vtl_real_mode_header;
> + }
> x86_init.irqs.pre_vector_init = x86_init_noop;
> x86_init.timers.timer_init = x86_init_noop;
> x86_init.resources.probe_roms = x86_init_noop;
> --
> 2.43.0
Reviewed-by: Michael Kelley <mhklinux@...look.com>
Powered by blists - more mailing lists