| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <69352b2239a33_1b2e100d2@dwillia2-mobl4.notmuch> Date: Sat, 6 Dec 2025 23:22:10 -0800 From: <dan.j.williams@...el.com> To: Sean Christopherson <seanjc@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, <x86@...nel.org>, Kiryl Shutsemau <kas@...nel.org>, Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com> CC: <linux-kernel@...r.kernel.org>, <linux-coco@...ts.linux.dev>, <kvm@...r.kernel.org>, Chao Gao <chao.gao@...el.com>, Dan Williams <dan.j.williams@...el.com> Subject: Re: [PATCH v2 2/7] KVM: x86: Extract VMXON and EFER.SVME enablement to kernel Sean Christopherson wrote: > Move the innermost VMXON and EFER.SVME management logic out of KVM and > into to core x86 so that TDX can force VMXON without having to rely on > KVM being loaded, e.g. to do SEAMCALLs during initialization. > > Implement a per-CPU refcounting scheme so that "users", e.g. KVM and the > future TDX code, can co-exist without pulling the rug out from under each > other. > > To avoid having to choose between SVM and VMX, simply refuse to enable > either if both are somehow supported. No known CPU supports both SVM and > VMX, and it's comically unlikely such a CPU will ever exist. > > For lack of a better name, call the new file "hw.c", to yield "virt > hardware" when combined with its parent directory. > > Signed-off-by: Sean Christopherson <seanjc@...gle.com> [..] Only patch organization and naming choice questions from me. I only looked at the VMX side of things since I previously made an attempt at moving that. I gave a cursory look at the SVM details. Reviewed-by: Dan Williams <dan.j.williams@...el.com> > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 80cb882f19e2..f650f79d3d5a 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -83,6 +83,8 @@ > #include <asm/intel_pt.h> > #include <asm/emulate_prefix.h> > #include <asm/sgx.h> > +#include <asm/virt.h> > + > #include <clocksource/hyperv_timer.h> > > #define CREATE_TRACE_POINTS > @@ -694,9 +696,6 @@ static void drop_user_return_notifiers(void) > kvm_on_user_return(&msrs->urn); > } > > -__visible bool kvm_rebooting; > -EXPORT_SYMBOL_FOR_KVM_INTERNAL(kvm_rebooting); ...a short stay for this symbol in kvm/x86.c? It raises my curiosity why patch1 is separate. Patch1 looked like the start of a series of incremental conversions, patch2 is a combo move. I am ok either way, just questioning consistency. I.e. if combo move then patch1 folds in here, if incremental, perhaps split out other combo conversions like emergency_disable_virtualization_cpu()? The aspect of "this got moved twice in the same patchset" is what poked me. [..] > diff --git a/arch/x86/virt/hw.c b/arch/x86/virt/hw.c > new file mode 100644 > index 000000000000..986e780cf438 > --- /dev/null > +++ b/arch/x86/virt/hw.c > @@ -0,0 +1,340 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +#include <linux/cpu.h> > +#include <linux/cpumask.h> > +#include <linux/errno.h> > +#include <linux/kvm_types.h> > +#include <linux/list.h> > +#include <linux/percpu.h> > + > +#include <asm/perf_event.h> > +#include <asm/processor.h> > +#include <asm/virt.h> > +#include <asm/vmx.h> > + > +static int x86_virt_feature __ro_after_init; > + > +__visible bool virt_rebooting; > +EXPORT_SYMBOL_GPL(virt_rebooting); > + > +static DEFINE_PER_CPU(int, virtualization_nr_users); > + > +static cpu_emergency_virt_cb __rcu *kvm_emergency_callback; Hmm, why kvm_ and not virt_? [..] > +#if IS_ENABLED(CONFIG_KVM_INTEL) > +static DEFINE_PER_CPU(struct vmcs *, root_vmcs); Perhaps introduce a CONFIG_INTEL_VMX for this? For example, KVM need not be enabled if all one wants to do is use TDX to setup PCIe Link Encryption. ...or were you expecting? #if IS_ENABLED(CONFIG_KVM_INTEL) || IS_ENABLED(...<other VMX users>...)
Powered by blists - more mailing lists