From: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Peter Zijlstra <peterz@infradead.org>,
Andy Lutomirski <luto@kernel.org>
Cc: Peter H Anvin <hpa@zytor.com>,
Dave Hansen <dave.hansen@intel.com>,
Tony Luck <tony.luck@intel.com>,
Dan Williams <dan.j.williams@intel.com>,
Andi Kleen <ak@linux.intel.com>,
Kirill Shutemov <kirill.shutemov@linux.intel.com>,
Sean Christopherson <seanjc@google.com>,
Kuppuswamy Sathyanarayanan <knsathya@kernel.org>,
x86@kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v1 0/7] Add TDX Guest Support (shared-mm support)
Date: Wed, 9 Jun 2021 14:55:30 -0700 [thread overview]
Message-ID: <20210609215537.1956150-1-sathyanarayanan.kuppuswamy@linux.intel.com> (raw)
Hi All,
Intel's Trust Domain Extensions (TDX) protect guest VMs from malicious
hosts and some physical attacks. Since VMM is untrusted entity, it does
not allow VMM to access guest private memory. Any memory that is required
for communication with VMM must be shared explicitly. This series adds
support to securely share guest memory with VMM when it is required by
guest.
This series is the continuation of the patch series titled "Add TDX Guest
Support (Initial support)", "Add TDX Guest Support (#VE handler support)"
and "Add TDX Guest Support (boot fixes)" which added initial support,
#VE handler support and boot fixes for TDX guests. You can find the
related patchsets in the following links.
https://lore.kernel.org/patchwork/project/lkml/list/?series=502143
https://lore.kernel.org/patchwork/project/lkml/list/?series=503701
https://lore.kernel.org/patchwork/project/lkml/list/?series=503702
Also please note that this series alone is not necessarily fully
functional. You need to apply all the above 3 patch series to get
a fully functional TDX guest.
You can find TDX related documents in the following link.
https://software.intel.com/content/www/br/pt/develop/articles/intel-trust-domain-extensions.html
Isaku Yamahata (1):
x86/tdx: ioapic: Add shared bit for IOAPIC base address
Kirill A. Shutemov (6):
x86/mm: Move force_dma_unencrypted() to common code
x86/tdx: Exclude Shared bit from physical_mask
x86/tdx: Make pages shared in ioremap()
x86/tdx: Add helper to do MapGPA hypercall
x86/tdx: Make DMA pages shared
x86/kvm: Use bounce buffers for TD guest
arch/x86/Kconfig | 9 +++-
arch/x86/include/asm/mem_encrypt_common.h | 20 ++++++++
arch/x86/include/asm/pgtable.h | 5 ++
arch/x86/include/asm/tdx.h | 23 +++++++++
arch/x86/kernel/apic/io_apic.c | 17 ++++++-
arch/x86/kernel/tdx.c | 58 +++++++++++++++++++++++
arch/x86/mm/Makefile | 2 +
arch/x86/mm/ioremap.c | 9 ++--
arch/x86/mm/mem_encrypt.c | 10 ++--
arch/x86/mm/mem_encrypt_common.c | 39 +++++++++++++++
arch/x86/mm/pat/set_memory.c | 46 +++++++++++++++---
11 files changed, 218 insertions(+), 20 deletions(-)
create mode 100644 arch/x86/include/asm/mem_encrypt_common.h
create mode 100644 arch/x86/mm/mem_encrypt_common.c
--
2.25.1
next reply other threads:[~2021-06-09 21:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-09 21:55 Kuppuswamy Sathyanarayanan [this message]
2021-06-09 21:55 ` [PATCH v1 1/7] x86/mm: Move force_dma_unencrypted() to common code Kuppuswamy Sathyanarayanan
2021-06-11 14:43 ` Tom Lendacky
2021-06-11 16:00 ` Kuppuswamy, Sathyanarayanan
2021-06-09 21:55 ` [PATCH v1 2/7] x86/tdx: Exclude Shared bit from physical_mask Kuppuswamy Sathyanarayanan
2021-06-09 21:55 ` [PATCH v1 3/7] x86/tdx: Make pages shared in ioremap() Kuppuswamy Sathyanarayanan
2021-06-09 21:55 ` [PATCH v1 4/7] x86/tdx: Add helper to do MapGPA hypercall Kuppuswamy Sathyanarayanan
2021-06-09 21:55 ` [PATCH v1 5/7] x86/tdx: Make DMA pages shared Kuppuswamy Sathyanarayanan
2021-06-09 21:55 ` [PATCH v1 6/7] x86/kvm: Use bounce buffers for TD guest Kuppuswamy Sathyanarayanan
2021-06-11 14:52 ` Tom Lendacky
2021-06-11 16:03 ` Kuppuswamy, Sathyanarayanan
2021-06-09 21:55 ` [PATCH v1 7/7] x86/tdx: ioapic: Add shared bit for IOAPIC base address Kuppuswamy Sathyanarayanan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210609215537.1956150-1-sathyanarayanan.kuppuswamy@linux.intel.com \
--to=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=hpa@zytor.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=knsathya@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).