Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp103295pxb;
        Wed, 6 Apr 2022 23:50:28 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxU7hrGtBiFJU0bqyjr71iJoAXzWF6tuCNfJCUTXv/wTyLfX3MhwzwDA2ReNp1NU3L4zxKb
X-Received: by 2002:a17:907:8a15:b0:6e8:a80:aaae with SMTP id sc21-20020a1709078a1500b006e80a80aaaemr12143772ejc.637.1649314227667;
        Wed, 06 Apr 2022 23:50:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649314227; cv=none;
        d=google.com; s=arc-20160816;
        b=LdQ/hJg+oTRHcKRrLbPFJdTNJ+IfxecQ/+jhF9tIrgEYSzDJ1lBSdzSfQpQNG2yRhD
         HWI65P0vYfm93TMMs4y5LxSwaGP63jetdma6rLTpbORomPhkHVQakv8njiwN64QWn+Gi
         Vst57cNgDJw22i9Rz9tCxs6IwNOze+N5sxqbuUz/cloFBGdLvYdju6hlRQq/Vcw/g5cL
         LyPJ1QQVTwkf59BT58KFN9aTal2rp6p0uDp8nvAMRe3H3fMJwT+G0e2Omx471GjCvmZE
         N7fHQga7tzhWD9seFUteh4IsmHBzwFRZE6Rgk+4Os35FpOTd/xWOIruixze2b5a0x8xU
         FmzA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=phtIgU0Y2tS7NvO6L4yAAjTaixl7pYy/bjKqyGI7WJo=;
        b=FnvF06/E/73Xh96VRX70a0r/+PVwGls6A+1/zirgSwFLZbLQTopr38wYy6TT7IuMJN
         laJvoQOf+hM8hSbraryJpRh9WvnsfvYoFhyaPnwxkNbfWWHKu6j3jHPslKSNgDkPAcM0
         etSW2R5QE9v+R+zF3Vevth59mWmgtC3ZEGETNg92r0jEYi4GTgnFm/DFYEcz0mcvEDGo
         2LgeRRuex4HhnP/jwpJyds2KrlQdyU/smmINwbZ5Q6BIElPrkn72kNF5cLbryya6Y6s6
         4mlm5Z/nkLtcgsVp7qKgl4xu4k3/jb9QP6uv4j4D+1KjgFe43dKA2gB2GGR7h3eCbK8Y
         09lA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Sl3LZQN7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id z9-20020a05640235c900b00418c2b5be34si14554216edc.278.2022.04.06.23.50.02;
        Wed, 06 Apr 2022 23:50:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Sl3LZQN7;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232969AbiDGBCt (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Wed, 6 Apr 2022 21:02:49 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49576 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230047AbiDGBCs (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 Apr 2022 21:02:48 -0400
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C65BEAC99;
        Wed,  6 Apr 2022 18:00:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1649293250; x=1680829250;
  h=message-id:subject:from:to:cc:date:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=9Xr/aMM/aBRiUNqncfjg8FGIVBvzbGhbRBKe75kPJqs=;
  b=Sl3LZQN7tAFTHLEdcw/ZK9zvcYKihmVqMOft5DdlxKhXJckJruLIl18+
   ReD4kfMIaI0bdkv5ksG+gD9znjTRhjm1teRAWHbQ+A9yfQSgwfwsXERmA
   ZrNN+XRbUkD/H5GuhTKJLG7G4r/+3clefQvIpfwFsubVMYm4C+YPwEPjF
   CEosn58eBTIsjSLYHWIpp5Y0PYUKV5pa1oACsqeVsnZZ+IECaVewc/iKX
   fysG4TJRFN4lL+5O/Pf30givkpceR6hWezxljZuQNu4BVuHZgeuR4hswW
   V4evBWAOb6lm3Ok5xLzsqUKiXKgeVXo353XxNRx3iGk+f+VrguwRkitLV
   w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10309"; a="241788577"
X-IronPort-AV: E=Sophos;i="5.90,241,1643702400"; 
   d="scan'208";a="241788577"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Apr 2022 18:00:49 -0700
X-IronPort-AV: E=Sophos;i="5.90,241,1643702400"; 
   d="scan'208";a="570818409"
Received: from mgailhax-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.254.55.23])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Apr 2022 18:00:46 -0700
Message-ID: <0a717d253785b3b6ea5f889d7399ad06ca465896.camel@intel.com>
Subject: Re: [RFC PATCH v5 023/104] x86/cpu: Add helper functions to
 allocate/free MKTME keyid
From:   Kai Huang <kai.huang@intel.com>
To:     Isaku Yamahata <isaku.yamahata@gmail.com>
Cc:     isaku.yamahata@intel.com, kvm@vger.kernel.org,
        linux-kernel@vger.kernel.org, Paolo Bonzini <pbonzini@redhat.com>,
        Jim Mattson <jmattson@google.com>, erdemaktas@google.com,
        Connor Kuehl <ckuehl@redhat.com>,
        Sean Christopherson <seanjc@google.com>
Date:   Thu, 07 Apr 2022 13:00:44 +1200
In-Reply-To: <cec13fb656f05d8c9d231c225587072076448d71.camel@intel.com>
References: <cover.1646422845.git.isaku.yamahata@intel.com>
         <a1d1e4f26c6ef44a557e873be2818e6a03e12038.1646422845.git.isaku.yamahata@intel.com>
         <2386151bc0a42b2eda895d85b459bf7930306694.camel@intel.com>
         <20220331201550.GC2084469@ls.amr.corp.intel.com>
         <cec13fb656f05d8c9d231c225587072076448d71.camel@intel.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.42.4 (3.42.4-1.fc35) 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

> 
> > 
> > Also export the global TDX private host key id that is used to encrypt TDX
> > module, its memory and some dynamic data (e.g. TDR).  
> > 

Sorry I was replying too quick.

This sentence is not correct.  Hardware doesn't use global KeyID to encrypt TDX
module itself.  In current generation of TDX, global KeyID is used to encrypt
TDX memory metadata (PAMTs) and TDRs.


> > When VMM releasing
> > encrypted page to reuse it, the page needs to be flushed with the used host
> > key id.  VMM needs the global TDX private host key id to flush such pages
> > TDX module accesses with the global TDX private host key id.
> > 
> > 
> 
> Find to me.
>