| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251206011054.494190-1-seanjc@google.com>
Date: Fri, 5 Dec 2025 17:10:47 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
Kiryl Shutsemau <kas@...nel.org>, Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev,
kvm@...r.kernel.org, Chao Gao <chao.gao@...el.com>,
Dan Williams <dan.j.williams@...el.com>
Subject: [PATCH v2 0/7] KVM: x86/tdx: Have TDX handle VMXON during bringup
The idea here is to extract _only_ VMXON+VMXOFF and EFER.SVME toggling. AFAIK
there's no second user of SVM, i.e. no equivalent to TDX, but I wanted to keep
things as symmetrical as possible.
TDX isn't a hypervisor, and isn't trying to be a hypervisor. Specifically, TDX
should _never_ have it's own VMCSes (that are visible to the host; the
TDX-Module has it's own VMCSes to do SEAMCALL/SEAMRET), and so there is simply
no reason to move that functionality out of KVM.
With that out of the way, dealing with VMXON/VMXOFF and EFER.SVME is a fairly
simple refcounting game.
Decently tested, and it seems like the core idea is sound, so I dropped the
RFC. But the side of things definitely needs testing.
Note, this is based on kvm-x86/next, which doesn't have
EXPORT_SYMBOL_FOR_KVM(), and so the virt/hw.c exports need to be fixed up.
I'm sending now instead of waiting for -rc1 because I'm assuming I'll need to
spin at least v3 anyways :-)
v2:
- Initialize the TDX-Module via subsys initcall instead of during
tdx_init(). [Rick]
- Isolate the __init and __ro_after_init changes. [Rick]
- Use ida_is_empty() instead of manually tracking HKID usage. [Dan]
- Don't do weird things with the refcounts when virt_rebooting is
true. [Chao]
- Drop unnecessary setting of virt_rebooting in KVM code. [Chao]
- Rework things to have less X86_FEATURE_FOO code. [Rick]
- Consolidate the CPU hotplug callbacks. [Chao]
v1 (RFC):
- https://lore.kernel.org/all/20251010220403.987927-1-seanjc@google.com
Chao Gao (1):
x86/virt/tdx: KVM: Consolidate TDX CPU hotplug handling
Sean Christopherson (6):
KVM: x86: Move kvm_rebooting to x86
KVM: x86: Extract VMXON and EFER.SVME enablement to kernel
KVM: x86/tdx: Do VMXON and TDX-Module initialization during subsys
init
x86/virt/tdx: Tag a pile of functions as __init, and globals as
__ro_after_init
x86/virt/tdx: Use ida_is_empty() to detect if any TDs may be running
KVM: Bury kvm_{en,dis}able_virtualization() in kvm_main.c once more
Documentation/arch/x86/tdx.rst | 26 --
arch/x86/events/intel/pt.c | 1 -
arch/x86/include/asm/kvm_host.h | 3 +-
arch/x86/include/asm/reboot.h | 11 -
arch/x86/include/asm/tdx.h | 4 -
arch/x86/include/asm/virt.h | 26 ++
arch/x86/include/asm/vmx.h | 11 +
arch/x86/kernel/cpu/common.c | 2 +
arch/x86/kernel/crash.c | 3 +-
arch/x86/kernel/reboot.c | 63 +---
arch/x86/kernel/smp.c | 5 +-
arch/x86/kvm/svm/svm.c | 34 +-
arch/x86/kvm/svm/vmenter.S | 10 +-
arch/x86/kvm/vmx/tdx.c | 209 ++----------
arch/x86/kvm/vmx/vmcs.h | 11 -
arch/x86/kvm/vmx/vmenter.S | 2 +-
arch/x86/kvm/vmx/vmx.c | 127 +-------
arch/x86/kvm/x86.c | 20 +-
arch/x86/virt/Makefile | 2 +
arch/x86/virt/hw.c | 340 ++++++++++++++++++++
arch/x86/virt/vmx/tdx/tdx.c | 315 ++++++++++--------
arch/x86/virt/vmx/tdx/tdx.h | 8 -
arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 10 +-
include/linux/kvm_host.h | 10 +-
virt/kvm/kvm_main.c | 31 +-
25 files changed, 657 insertions(+), 627 deletions(-)
create mode 100644 arch/x86/include/asm/virt.h
create mode 100644 arch/x86/virt/hw.c
base-commit: 5d3e2d9ba9ed68576c70c127e4f7446d896f2af2
--
2.52.0.223.gf5cc29aaa4-goog
Powered by blists - more mailing lists