Re: [PATCH v11 00/20] TDX host kernel support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Jun 05, 2023 at 02:27:13AM +1200,
Kai Huang <kai.huang@xxxxxxxxx> wrote:

> Intel Trusted Domain Extensions (TDX) protects guest VMs from malicious
> host and certain physical attacks.  TDX specs are available in [1].
> 
> This series is the initial support to enable TDX with minimal code to
> allow KVM to create and run TDX guests.  KVM support for TDX is being
> developed separately[2].  A new "userspace inaccessible memfd" approach
> to support TDX private memory is also being developed[3].  The KVM will
> only support the new "userspace inaccessible memfd" as TDX guest memory.
> 
> This series doesn't aim to support all functionalities, and doesn't aim
> to resolve all things perfectly.  All other optimizations will be posted
> as follow-up once this initial TDX support is upstreamed.
> 
> Also, the patch to add the new kernel comline tdx="force" isn't included
> in this initial version, as Dave suggested it isn't mandatory.  But I
> will add one once this initial version gets merged.
> 
> (For memory hotplug, sorry for broadcasting widely but I cc'ed the
> linux-mm@xxxxxxxxx following Kirill's suggestion so MM experts can also
> help to provide comments.)
> 
> Hi Dave, Kirill, Tony, Peter, Thomas, Dan (and Intel reviewers),
> 
> The new relaxed TDX per-cpu initialization flow has been verified.  The
> TDX module can be initialized when there are offline cpus, and the
> TDH.SYS.LP.INIT SEAMCALL can be made successfully later after module
> initialization when the offline cpu is up.
> 
> This series mainly added code to handle the new TDX "partial write
> machine check" erratum (SPR113) in [4].
> 
> And I would appreciate reviewed-by or acked-by tags if the patches look
> good to you.  Thanks in advance!

I've rebased the TDX KVM patch series v14 [1] with this patch series and
uploaded it at [2].  As the rebased TDX KVM patches doesn't have any changes
except trivial rebase fixes, I don't post something like v14.1.

[1] https://lore.kernel.org/lkml/cover.1685333727.git.isaku.yamahata@xxxxxxxxx/
[2] https://github.com/intel/tdx/tree/kvm-upstream-workaround
-- 
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux