Re: [PATCH v11 20/20] Documentation/x86: Add documentation for TDX host support

From: Nikolay Borisov
Date: Fri Jun 16 2023 - 05:05:54 EST

Next message: Arnd Bergmann: "[PATCH] iwlwifi: dbg_ini: fix structure packing"
Previous message: Arnd Bergmann: "[PATCH 4/4] ASoC: loongson: fix compile testing on 32-bit"
Next in thread: Dave Hansen: "Re: [PATCH v11 20/20] Documentation/x86: Add documentation for TDX host support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4.06.23 г. 17:27 ч., Kai Huang wrote:

<snip>

+
+To enable TDX, the user of TDX should: 1) hold read lock of CPU hotplug
+lock; 2) do VMXON and tdx_enable_cpu() on all online cpus successfully;
+3) call tdx_enable(). For example::
+
+ cpus_read_lock();
+ on_each_cpu(vmxon_and_tdx_cpu_enable());
+ ret = tdx_enable();
+ cpus_read_unlock();
+ if (ret)
+ goto no_tdx;
+ // TDX is ready to use
+
+And the user of TDX must be guarantee tdx_cpu_enable() has beene

s/be// and s/beene/been/

+successfully done on any cpu before it wants to run any other SEAMCALL.
+A typical usage is do both VMXON and tdx_cpu_enable() in CPU hotplug
+online callback, and refuse to online if tdx_cpu_enable() fails.
+
+User can consult dmesg to see the presence of the TDX module, and whether
+it has been initialized.
+
+If the TDX module is not loaded, dmesg shows below::
+
+ [..] tdx: TDX module is not loaded.

nit: There were some comments that given the tdx: prefix it's redundant to also have TDX in the printed string. You might modify this in the code but it should also be reflected in the docs for the sake of completeness.

+
+If the TDX module is initialized successfully, dmesg shows something
+like below::
+
+ [..] tdx: TDX module: attributes 0x0, vendor_id 0x8086, major_version 1, minor_version 0, build_date 20211209, build_num 160
+ [..] tdx: 262668 KBs allocated for PAMT.
+ [..] tdx: TDX module initialized.
+
+If the TDX module failed to initialize, dmesg also shows it failed to
+initialize::
+
+ [..] tdx: TDX module initialization failed ...
+
+TDX Interaction to Other Kernel Components
+------------------------------------------
+
+TDX Memory Policy
+~~~~~~~~~~~~~~~~~
+
+TDX reports a list of "Convertible Memory Region" (CMR) to tell the

nit: It might be worth mentioning that those CMRs ultimately come from the BIOS. Because it's never mentioned here and in the "Physical Memory Hotplug" it's directly mentioned that bios shouldn't support hot-removal of memory. So the bios is a central component in a sense.

+kernel which memory is TDX compatible. The kernel needs to build a list
+of memory regions (out of CMRs) as "TDX-usable" memory and pass those
+regions to the TDX module. Once this is done, those "TDX-usable" memory
+regions are fixed during module's lifetime.
+
+To keep things simple, currently the kernel simply guarantees all pages
+in the page allocator are TDX memory. Specifically, the kernel uses all
+system memory in the core-mm at the time of initializing the TDX module
+as TDX memory, and in the meantime, refuses to online any non-TDX-memory
+in the memory hotplug.
+

<snip>

Next message: Arnd Bergmann: "[PATCH] iwlwifi: dbg_ini: fix structure packing"
Previous message: Arnd Bergmann: "[PATCH 4/4] ASoC: loongson: fix compile testing on 32-bit"
Next in thread: Dave Hansen: "Re: [PATCH v11 20/20] Documentation/x86: Add documentation for TDX host support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]