RE: [PATCH v1 1/3] x86/tdx: Check for TDX partitioning during early TDX init

From: "Reshetova, Elena" <elena.reshetova@intel.com>
To: Borislav Petkov <bp@alien8.de>,
	Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Cc: "linux-hyperv@vger.kernel.org" <linux-hyperv@vger.kernel.org>,
	"stefan.bader@canonical.com" <stefan.bader@canonical.com>,
	"tim.gardner@canonical.com" <tim.gardner@canonical.com>,
	"roxana.nicolescu@canonical.com" <roxana.nicolescu@canonical.com>,
	"cascardo@canonical.com" <cascardo@canonical.com>,
	"kys@microsoft.com" <kys@microsoft.com>,
	"haiyangz@microsoft.com" <haiyangz@microsoft.com>,
	"wei.liu@kernel.org" <wei.liu@kernel.org>,
	"sashal@kernel.org" <sashal@kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	"Ingo Molnar" <mingo@redhat.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Michael Kelley <mhkelley58@gmail.com>,
	Nikolay Borisov <nik.borisov@suse.com>,
	Peter Zijlstra <peterz@infradead.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Tom Lendacky <thomas.lendacky@amd.com>,
	"x86@kernel.org" <x86@kernel.org>,
	"Cui, Dexuan" <decui@microsoft.com>
Subject: RE: [PATCH v1 1/3] x86/tdx: Check for TDX partitioning during early TDX init
Date: Thu, 30 Nov 2023 07:08:00 +0000	[thread overview]
Message-ID: <DM8PR11MB575085570AF48AF4690986EDE782A@DM8PR11MB5750.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20231129164049.GVZWdpkVlc8nUvl/jx@fat_crate.local>

> On Wed, Nov 22, 2023 at 06:19:20PM +0100, Jeremi Piotrowski wrote:
> > Which approach do you prefer?
> 
> I'm trying to figure out from the whole thread, what this guest is.
> 
> * A HyperV second-level guest
> 
> * of type TDX
> 
> * Needs to defer cc_mask and page visibility bla...
> 
> * needs to disable TDX module calls
> 
> * stub out tdx_accept_memory
> 
> Anything else?
> 

Actually I want to challenge the whole notion that a TDX partitioning L2
guest is a TDX guest. By the definition of the TDX partitioning spec, 
L2 guest can be anything and L1 VMM can emulate any environment
for its L2 guests, including running a fully unmodified TDX 1.0 guest
(and virtualizing TDG calls for it and whatever else is needed).
So we are really talking about a big spectrum of possible L2 guests:

1. Normal legacy guest without *any* TDX knowledge
2. Normal legacy guest with some awareness of TDX partitioning (note, not TDX 1.0 aware!) 
(being able to do tdvmcalls to L0, being able to use shared memory, 
being able to use tdx partitioning specific paravirt interface to L1 if defined, etc) 
... 
3. Normal TDX 1.0 guest that is unaware that it runs in partitioned environment
4. and so on

I don’t know if AMD architecture would support all this spectrum of the guests through.
If it does, then we can discuss this vendor agnostic, which is much better.

Given that the many possible combinations of the L2 guests (and as Kai rightfully
pointed out, each option will be further broken down by what exactly interface 
L1 VMM decides to expose to the guest), I think we cannot hardcode any logic
about what this partitioned guest is in the guest itself. 
Instead we should have a flexible way for the L2 guest to discover the virt environment
it runs in (as modelled by L1 VMM) and the baseline should not to assume
it is a TDX or SEV guest, but assume this is some special virt guest (or legacy guest,
whatever approach is cleaner) and expose additional interfaces to it. 

Best Regards,
Elena.