From: Kai Huang <kai.huang@intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: seanjc@google.com, pbonzini@redhat.com, len.brown@intel.com,
tony.luck@intel.com, rafael.j.wysocki@intel.com,
reinette.chatre@intel.com, dan.j.williams@intel.com,
peterz@infradead.org, ak@linux.intel.com,
kirill.shutemov@linux.intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com,
isaku.yamahata@intel.com
Subject: Re: [PATCH v5 12/22] x86/virt/tdx: Convert all memory regions in memblock to TDX memory
Date: Wed, 03 Aug 2022 13:30:09 +1200 [thread overview]
Message-ID: <d3236016c46da2cbdf314839255e8806ae23f228.camel@intel.com> (raw)
In-Reply-To: <da423f82faec260150b158381a24300f3cd00ffa.camel@intel.com>
On Fri, 2022-07-08 at 11:34 +1200, Kai Huang wrote:
> > Why not just entirely remove the lower 1MB from the memblock structure
> > on TDX systems? Do something equivalent to adding this on the kernel
> > command line:
> >
> > memmap=1M$0x0
>
> I will explore this option. Thanks!
Hi Dave,
After investigating and testing, we cannot simply remove first 1MB from e820
table which is similar to what 'memmap=1M$0x0' does, as the kernel needs low
memory as trampoline to bring up all APs.
Currently I am doing below:
--- a/arch/x86/realmode/init.c
+++ b/arch/x86/realmode/init.c
@@ -65,6 +65,17 @@ void __init reserve_real_mode(void)
* setup_arch().
*/
memblock_reserve(0, SZ_1M);
+
+ /*
+ * As one step of initializing the TDX module (on-demand), the
+ * kernel will later verify all memory regions in memblock are
+ * truly TDX-capable and convert all of them to TDX memory.
+ * The first 1MB may not be enumerated as TDX-capable memory.
+ * To avoid failure to verify, explicitly remove the first 1MB
+ * from memblock for a TDX (BIOS) enabled system.
+ */
+ if (platform_tdx_enabled())
+ memblock_remove(0, SZ_1M);
I tested an it worked (I didn't observe any problem), but am I missing
something?
Also, regarding to whether we can remove platform_tdx_enabled() at all, I looked
into the spec again and there's no MSR or CPUID from which we can check TDX is
enabled by BIOS -- except checking the SEAMRR_MASK MSR, which is basically
platform_tdx_enabled() also did.
Checking MSR_MTRRcap.SEAMRR bit isn't enough as it will be true as long as the
hardware supports SEAMRR, but it doesn't tell whether SEAMRR(TDX) is enabled by
BIOS.
So if above code is reasonable, I think we can still detect TDX during boot and
keep platform_tdx_enabled().
It also detects TDX KeyIDs, which isn't necessary for removing the first 1MB
here (nor for kexec() support), but detecting TDX KeyIDs must be done anyway
either during kernel boot or during initializing TDX module.
Detecting TDX KeyID at boot time also has an advantage that in the future we can
expose KeyIDs via /sysfs and userspace can know how many TDs the machine can
support w/o having to initializing the TDX module first (we received such
requirement from customer but yes it is arguable).
Any comments?
--
Thanks,
-Kai
next prev parent reply other threads:[~2022-08-03 1:30 UTC|newest]
Thread overview: 114+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-22 11:15 [PATCH v5 00/22] TDX host kernel support Kai Huang
2022-06-22 11:15 ` [PATCH v5 01/22] x86/virt/tdx: Detect TDX during kernel boot Kai Huang
2022-06-23 5:57 ` Chao Gao
2022-06-23 9:23 ` Kai Huang
2022-08-02 2:01 ` [PATCH v5 1/22] " Wu, Binbin
2022-08-03 9:25 ` Kai Huang
2022-06-22 11:15 ` [PATCH v5 02/22] cc_platform: Add new attribute to prevent ACPI CPU hotplug Kai Huang
2022-06-22 11:42 ` Rafael J. Wysocki
2022-06-23 0:01 ` Kai Huang
2022-06-27 8:01 ` Igor Mammedov
2022-06-28 10:04 ` Kai Huang
2022-06-28 11:52 ` Igor Mammedov
2022-06-28 17:33 ` Rafael J. Wysocki
2022-06-28 23:41 ` Kai Huang
2022-06-24 18:57 ` Dave Hansen
2022-06-27 5:05 ` Kai Huang
2022-07-13 11:09 ` Kai Huang
2022-07-19 17:46 ` Dave Hansen
2022-07-19 23:54 ` Kai Huang
2022-08-03 3:40 ` Binbin Wu
2022-08-03 9:20 ` Kai Huang
2022-06-29 5:33 ` Christoph Hellwig
2022-06-29 9:09 ` Kai Huang
2022-08-03 3:55 ` Binbin Wu
2022-08-03 9:21 ` Kai Huang
2022-06-22 11:15 ` [PATCH v5 03/22] cc_platform: Add new attribute to prevent ACPI memory hotplug Kai Huang
2022-06-22 11:45 ` Rafael J. Wysocki
2022-06-23 0:08 ` Kai Huang
2022-06-28 17:55 ` Rafael J. Wysocki
2022-06-28 12:01 ` Igor Mammedov
2022-06-28 23:49 ` Kai Huang
2022-06-29 8:48 ` Igor Mammedov
2022-06-29 9:13 ` Kai Huang
2022-06-22 11:16 ` [PATCH v5 04/22] x86/virt/tdx: Prevent ACPI CPU hotplug and " Kai Huang
2022-06-24 1:41 ` Chao Gao
2022-06-24 11:21 ` Kai Huang
2022-06-29 8:35 ` Yuan Yao
2022-06-29 9:17 ` Kai Huang
2022-06-29 14:22 ` Dave Hansen
2022-06-29 23:02 ` Kai Huang
2022-06-30 15:44 ` Dave Hansen
2022-06-30 22:45 ` Kai Huang
2022-06-22 11:16 ` [PATCH v5 05/22] x86/virt/tdx: Prevent hot-add driver managed memory Kai Huang
2022-06-24 2:12 ` Chao Gao
2022-06-24 11:23 ` Kai Huang
2022-06-24 19:01 ` Dave Hansen
2022-06-27 5:27 ` Kai Huang
2022-06-22 11:16 ` [PATCH v5 06/22] x86/virt/tdx: Add skeleton to initialize TDX on demand Kai Huang
2022-06-24 2:39 ` Chao Gao
2022-06-24 11:27 ` Kai Huang
2022-06-22 11:16 ` [PATCH v5 07/22] x86/virt/tdx: Implement SEAMCALL function Kai Huang
2022-06-24 18:38 ` Dave Hansen
2022-06-27 5:23 ` Kai Huang
2022-06-27 20:58 ` Dave Hansen
2022-06-27 22:10 ` Kai Huang
2022-07-19 19:39 ` Dan Williams
2022-07-19 23:28 ` Kai Huang
2022-07-20 10:18 ` Kai Huang
2022-07-20 16:48 ` Dave Hansen
2022-07-21 1:52 ` Kai Huang
2022-07-27 0:34 ` Kai Huang
2022-07-27 0:50 ` Dave Hansen
2022-07-27 12:46 ` Kai Huang
2022-08-03 2:37 ` Kai Huang
2022-08-03 14:20 ` Dave Hansen
2022-08-03 22:35 ` Kai Huang
2022-08-04 10:06 ` Kai Huang
2022-06-22 11:16 ` [PATCH v5 08/22] x86/virt/tdx: Shut down TDX module in case of error Kai Huang
2022-06-24 18:50 ` Dave Hansen
2022-06-27 5:26 ` Kai Huang
2022-06-27 20:46 ` Dave Hansen
2022-06-27 22:34 ` Kai Huang
2022-06-27 22:56 ` Dave Hansen
2022-06-27 23:59 ` Kai Huang
2022-06-28 0:03 ` Dave Hansen
2022-06-28 0:11 ` Kai Huang
2022-06-22 11:16 ` [PATCH v5 09/22] x86/virt/tdx: Detect TDX module by doing module global initialization Kai Huang
2022-06-22 11:16 ` [PATCH v5 10/22] x86/virt/tdx: Do logical-cpu scope TDX module initialization Kai Huang
2022-06-22 11:17 ` [PATCH v5 11/22] x86/virt/tdx: Get information about TDX module and TDX-capable memory Kai Huang
2022-06-22 11:17 ` [PATCH v5 12/22] x86/virt/tdx: Convert all memory regions in memblock to TDX memory Kai Huang
2022-06-24 19:40 ` Dave Hansen
2022-06-27 6:16 ` Kai Huang
2022-07-07 2:37 ` Kai Huang
2022-07-07 14:26 ` Dave Hansen
2022-07-07 14:36 ` Juergen Gross
2022-07-07 23:42 ` Kai Huang
2022-07-07 23:34 ` Kai Huang
2022-08-03 1:30 ` Kai Huang [this message]
2022-08-03 14:22 ` Dave Hansen
2022-08-03 22:14 ` Kai Huang
2022-06-22 11:17 ` [PATCH v5 13/22] x86/virt/tdx: Add placeholder to construct TDMRs based on memblock Kai Huang
2022-06-22 11:17 ` [PATCH v5 14/22] x86/virt/tdx: Create TDMRs to cover all memblock memory regions Kai Huang
2022-06-22 11:17 ` [PATCH v5 15/22] x86/virt/tdx: Allocate and set up PAMTs for TDMRs Kai Huang
2022-06-24 20:13 ` Dave Hansen
2022-06-27 10:31 ` Kai Huang
2022-06-27 20:41 ` Dave Hansen
2022-06-27 22:50 ` Kai Huang
2022-06-27 22:57 ` Dave Hansen
2022-06-27 23:05 ` Kai Huang
2022-06-28 0:48 ` Xiaoyao Li
2022-06-28 17:03 ` Dave Hansen
2022-08-17 22:46 ` Sagi Shahar
2022-08-17 23:43 ` Huang, Kai
2022-06-22 11:17 ` [PATCH v5 16/22] x86/virt/tdx: Set up reserved areas for all TDMRs Kai Huang
2022-06-22 11:17 ` [PATCH v5 17/22] x86/virt/tdx: Reserve TDX module global KeyID Kai Huang
2022-06-22 11:17 ` [PATCH v5 18/22] x86/virt/tdx: Configure TDX module with TDMRs and " Kai Huang
2022-06-22 11:17 ` [PATCH v5 19/22] x86/virt/tdx: Configure global KeyID on all packages Kai Huang
2022-06-22 11:17 ` [PATCH v5 20/22] x86/virt/tdx: Initialize all TDMRs Kai Huang
2022-06-22 11:17 ` [PATCH v5 21/22] x86/virt/tdx: Support kexec() Kai Huang
2022-06-22 11:17 ` [PATCH v5 22/22] Documentation/x86: Add documentation for TDX host support Kai Huang
2022-08-18 4:07 ` Bagas Sanjaya
2022-08-18 9:33 ` Huang, Kai
2022-06-24 19:47 ` [PATCH v5 00/22] TDX host kernel support Dave Hansen
2022-06-27 4:09 ` Kai Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d3236016c46da2cbdf314839255e8806ae23f228.camel@intel.com \
--to=kai.huang@intel.com \
--cc=ak@linux.intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael.j.wysocki@intel.com \
--cc=reinette.chatre@intel.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tony.luck@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).