Re: [RFC PATCH] clocksource: hyper-v: Enable the tsc_page for a TDX VM in TD mode

From: Tom Lendacky
Date: Tue May 28 2024 - 10:16:23 EST

Next message: Stefan Wahren: "Re: [PATCH v4 3/4] mmc: sdhci-brcmstb: Add BCM2712 support"
Previous message: Chen-Yu Tsai: "Re: [PATCH] soc: sunxi: sram: Remove unused list 'claimed_sram'"
In reply to: Michael Kelley: "RE: [RFC PATCH] clocksource: hyper-v: Enable the tsc_page for a TDX VM in TD mode"
Next in thread: kirill.shutemov@xxxxxxxxxxxxxxx: "Re: [RFC PATCH] clocksource: hyper-v: Enable the tsc_page for a TDX VM in TD mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/24/24 17:44, Michael Kelley wrote:

From: Dexuan Cui <decui@xxxxxxxxxxxxx> Sent: Friday, May 24, 2024 1:46 AM

From: Dave Hansen <dave.hansen@xxxxxxxxx>
Sent: Thursday, May 23, 2024 7:26 AM
[...]
On 5/22/24 19:24, Dexuan Cui wrote:
...

My thoughts:

__bss_decrypted is named as if it applies to any CoCo VM, but really
it is specific to AMD SEV. It was originally used for a GHCB page, which

IIRC, it was originally used for KVM clock, not the GHCB page, since
plain SEV doesn't use a GHCB, see:

b3f0907c71e0 ("x86/mm: Add .bss..decrypted section to hold shared variables")

is SEV-specific, and then it proved to be convenient for the Hyper-V TSC
page. Ideally, we could fix __bss_decrypted to work generally in a
TDX VM without any dependency on code specific to a hypervisor. But
looking at some of the details, that may be non-trivial.

In reality, TDX should also make this area shared as that is how this
section is meant to be setup. But up till now, I don't think TDX used
anything in the __bss_decrypted section, so it was never moved to a
common location and has remained SEV specific.

A narrower solution is to remove the Hyper-V TSC page from
__bss_decrypted, and use Hyper-V specific code on both TDX and
SEV-SNP to decrypt just that page (not the entire __bss_decrypted),
based on whether the Hyper-V guest is running with a paravisor.
From Dexuan's patch, it looks like set_memory_decrypted()
works on TDX at the time that ms_hyperv_init_platform() runs.
Does it also work on SEV-SNP? The code in kvm_init_platform()
uses early_set_mem_enc_dec_hypercall() with
kvm_sev_hc_page_enc_status(), which is SEV only. So maybe

This is to inform the hypervisor that these pages are now shared, see
below.

the normal set_memory_decrypted() doesn't work on SEV at
that point, though I'm not at all clear on what kvm_init_platform is
trying to do. Shouldn't __bss_decrypted already be set up correctly?

With SEV, yes, the pagetable is set up correctly. And specific to SNP,
the RMP is set up correctly because of the page state change (PSC) call
which also notifies the hypervisor of the state change.

But since the RMP PSC is SNP specific, SEV and SEV-ES require the
separate hypercall to notify the hypervisor of the state change.

Thanks,
Tom

Next message: Stefan Wahren: "Re: [PATCH v4 3/4] mmc: sdhci-brcmstb: Add BCM2712 support"
Previous message: Chen-Yu Tsai: "Re: [PATCH] soc: sunxi: sram: Remove unused list 'claimed_sram'"
In reply to: Michael Kelley: "RE: [RFC PATCH] clocksource: hyper-v: Enable the tsc_page for a TDX VM in TD mode"
Next in thread: kirill.shutemov@xxxxxxxxxxxxxxx: "Re: [RFC PATCH] clocksource: hyper-v: Enable the tsc_page for a TDX VM in TD mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]