Re: [PATCHv2 16/29] x86/boot: Add a trampoline for booting APs via firmware handoff

From: Kuppuswamy, Sathyanarayanan
Date: Fri Feb 04 2022 - 06:27:34 EST

Next message: Damien Le Moal: "Re: [PATCH 00/16] scsi: libsas and users: Factor out LLDD TMF code"
Previous message: Adrian Hunter: "Re: [PATCH] mmc: block: fix read single on recovery logic"
In reply to: Borislav Petkov: "Re: [PATCHv2 16/29] x86/boot: Add a trampoline for booting APs via firmware handoff"
Next in thread: Borislav Petkov: "Re: [PATCHv2 16/29] x86/boot: Add a trampoline for booting APs via firmware handoff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/2/2022 3:27 AM, Borislav Petkov wrote:

On Mon, Jan 24, 2022 at 06:02:02PM +0300, Kirill A. Shutemov wrote:

From: Sean Christopherson <sean.j.christopherson@xxxxxxxxx>

Historically, x86 platforms have booted secondary processors (APs)
using INIT followed by the start up IPI (SIPI) messages. In regular
VMs, this boot sequence is supported by the VMM emulation. But such a
wakeup model is fatal for secure VMs like TDX in which VMM is an
untrusted entity. To address this issue, a new wakeup model was added
in ACPI v6.4, in which firmware (like TDX virtual BIOS) will help boot
the APs. More details about this wakeup model can be found in ACPI
specification v6.4, the section titled "Multiprocessor Wakeup Structure".

Since the existing trampoline code requires processors to boot in real
mode with 16-bit addressing, it will not work for this wakeup model
(because it boots the AP in 64-bit mode). To handle it, extend the
trampoline code to support 64-bit mode firmware handoff. Also, extend
IDT and GDT pointers to support 64-bit mode hand off.

There is no TDX-specific detection for this new boot method. The kernel
will rely on it as the sole boot method whenever the new ACPI structure
is present.

The ACPI table parser for the MADT multiprocessor wake up structure and
the wakeup method that uses this structure will be added by the following
patch in this series.

Reported-by: Kai Huang <kai.huang@xxxxxxxxx>

I wonder what that Reported-by tag means here for this is a feature
patch, not a bug fix or so...

I think it was added when Sean created the original patch. I don't have the
full history.

Sean, since this is not a bug fix, shall we remove the Reported-by tag?

diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h
index 331474b150f1..fd6f6e5b755a 100644
--- a/arch/x86/include/asm/realmode.h
+++ b/arch/x86/include/asm/realmode.h
@@ -25,6 +25,7 @@ struct real_mode_header {
u32 sev_es_trampoline_start;
#endif
#ifdef CONFIG_X86_64
+ u32 trampoline_start64;
u32 trampoline_pgd;
#endif

Hmm, so there's trampoline_start, sev_es_trampoline_start and
trampoline_start64. If those are mutually exclusive, can we merge them
all into a single trampoline_start?

trampoline_start and sev_es_trampoline_start are not mutually exclusive. Both are
used in arch/x86/kernel/sev.c.

arch/x86/kernel/sev.c:560: startup_ip = (u16)(rmh->sev_es_trampoline_start -
arch/x86/kernel/sev.c:561: rmh->trampoline_start);

But trampoline_start64 can be removed and replaced with trampoline_start. But using
_*64 suffix makes it clear that is used for 64 bit(CONFIG_X86_64).

Adding it for clarity seems to be fine to me. But if you would prefer single variable, we
can remove it. Please let me know.

--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

Next message: Damien Le Moal: "Re: [PATCH 00/16] scsi: libsas and users: Factor out LLDD TMF code"
Previous message: Adrian Hunter: "Re: [PATCH] mmc: block: fix read single on recovery logic"
In reply to: Borislav Petkov: "Re: [PATCHv2 16/29] x86/boot: Add a trampoline for booting APs via firmware handoff"
Next in thread: Borislav Petkov: "Re: [PATCHv2 16/29] x86/boot: Add a trampoline for booting APs via firmware handoff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]