Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp189001iob;
        Mon, 2 May 2022 16:41:48 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzkMkpNq2OEb2oBhm0EIrhkORpyaegcugmhMA0YhlydRJU6CIJdmJahXS5KgyOWMjisAZQo
X-Received: by 2002:a63:5606:0:b0:3ab:84d3:cfbe with SMTP id k6-20020a635606000000b003ab84d3cfbemr11842572pgb.191.1651534908170;
        Mon, 02 May 2022 16:41:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651534908; cv=none;
        d=google.com; s=arc-20160816;
        b=dnIyy7eQWxhmxen/mgg/h1DPYNs+BWnIJtvVY0KGGgEb5dOXwdZE+DbehFzBIYJaNY
         zajvpHJgV2B+oiY9QmIphtyhtU0qG1ZJXX9CmCgsaqef4zkpoqtlk7jj24dGzwRx+hoo
         aDy91uskeHr2p6dkPKFUqQ1zQKmq5wlmQw0gxDuXdspaIujLo8k6RFNWubYeUsh8UP0/
         ncWqq8A5MtJFmOhSALdWIJPtcbX1UozQiNrbI6vvTtFbmiaaQFE3rR2qzGY4CXl5lNId
         Wrb+MvjHTgKxLCErcxeJT5MR21RiCVY70CSXvZvJ15h1V8Fy/Rm4CyJrCdiJhYXQ4hOz
         IHtA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:in-reply-to:from
         :references:cc:to:content-language:subject:user-agent:mime-version
         :date:message-id:dkim-signature;
        bh=ytdpwFrWd8RnkmiIzQk8qz8WrBSWNPUCbQZrvOmfxsw=;
        b=wcrFCXkoAf3sBd53vraOxbKi/s6i1zckHwW4+WT+bRUqfqn+e/4kQHMrpQ7br/laUi
         j1+TqAnTLf7ilJ70oFsPl9jQGM8pfqW6Tz4ZeHIPX8c1Gi1AnHqt8PqXwnLIS+sb4d+t
         emiefQ2JorVJokb7WqLCaLYAKVb7vyiqsJT7bu3ioeuCu7ErPIBYFKka7C29wPw26Iun
         aNKyJ1IRIfff5eOuUqybOVMx5O9bL/pNsh8dKBC9NRBEEl0+ASjsNyC9DACgebiVdMWf
         jtC0sPCkPvlhIbRo6tp5Qk9Gvg1/zWDJ80KaCZMurBLBC/Zo0CRBu09lrT001umxNhqO
         hatg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=YUo1ZqkZ;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id f130-20020a636a88000000b003ab7c3328absi15410598pgc.437.2022.05.02.16.41.47
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 02 May 2022 16:41:48 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=YUo1ZqkZ;
       spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 29C82BC7;
	Mon,  2 May 2022 16:41:17 -0700 (PDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1377712AbiD2Oom (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Fri, 29 Apr 2022 10:44:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33536 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1377951AbiD2OoO (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 29 Apr 2022 10:44:14 -0400
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1DAD8D3443;
        Fri, 29 Apr 2022 07:39:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1651243179; x=1682779179;
  h=message-id:date:mime-version:subject:to:cc:references:
   from:in-reply-to:content-transfer-encoding;
  bh=K5arLAYfSYDkrBf/hz/XwShI81HHiEcz3kuzcBSRsJU=;
  b=YUo1ZqkZfGucNv9LjOvupNtfciF5vQPqk6Kkg0pkkRl82eekQ9q6Isvm
   AUcL7DxFzzRiUn/OkHve0NKu+DVyy7uedsQVVYFvA9MIBsH0oEfl8Q+Rl
   630JVG2WlUlPklSjUOeLa7zjR/+h6THb3NwgKVfh+XEVZ3mi19z7ZpDoI
   2sNoteX7jJbD8Fdt72Zn7d26MmsSJfCNExKhfunSZBQDt5wlFI5lxUXmF
   EBjdejrEGWkuw0umSTnEC9yALxSVt/oGbzN/63TbbK/ohS/reoair+Se3
   AIUqfdyqOjokfUw0ob0t7S02tkcsUPk8NSRXD6Y+qjLS0X8jMkcL8zBed
   w==;
X-IronPort-AV: E=McAfee;i="6400,9594,10331"; a="266478752"
X-IronPort-AV: E=Sophos;i="5.91,185,1647327600"; 
   d="scan'208";a="266478752"
Received: from orsmga008.jf.intel.com ([10.7.209.65])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Apr 2022 07:39:38 -0700
X-IronPort-AV: E=Sophos;i="5.91,185,1647327600"; 
   d="scan'208";a="582156648"
Received: from jinggu-mobl1.amr.corp.intel.com (HELO [10.212.30.227]) ([10.212.30.227])
  by orsmga008-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Apr 2022 07:39:37 -0700
Message-ID: <92af7b22-fa8a-5d42-ae15-8526abfd2622@intel.com>
Date:   Fri, 29 Apr 2022 07:39:52 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.7.0
Subject: Re: [PATCH v3 00/21] TDX host kernel support
Content-Language: en-US
To:     Dan Williams <dan.j.williams@intel.com>,
        Kai Huang <kai.huang@intel.com>
Cc:     Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        KVM list <kvm@vger.kernel.org>,
        Sean Christopherson <seanjc@google.com>,
        Paolo Bonzini <pbonzini@redhat.com>,
        "Brown, Len" <len.brown@intel.com>,
        "Luck, Tony" <tony.luck@intel.com>,
        Rafael J Wysocki <rafael.j.wysocki@intel.com>,
        Reinette Chatre <reinette.chatre@intel.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Andi Kleen <ak@linux.intel.com>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Isaku Yamahata <isaku.yamahata@intel.com>
References: <cover.1649219184.git.kai.huang@intel.com>
 <522e37eb-68fc-35db-44d5-479d0088e43f@intel.com>
 <CAPcyv4g5E_TOow=3pFJXyFr=KLV9pTSnDthgz6TuXvru4xDzaQ@mail.gmail.com>
 <de9b8f4cef5da03226158492988956099199aa60.camel@intel.com>
 <CAPcyv4iGsXkHAVgf+JZ4Pah_fkCZ=VvUmj7s3C6Rkejtdw_sgQ@mail.gmail.com>
From:   Dave Hansen <dave.hansen@intel.com>
In-Reply-To: <CAPcyv4iGsXkHAVgf+JZ4Pah_fkCZ=VvUmj7s3C6Rkejtdw_sgQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,NICE_REPLY_A,RDNS_NONE,SPF_HELO_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 4/28/22 19:58, Dan Williams wrote:
> That only seems possible if the kernel is given a TDX capable physical
> address map at the beginning of time.

TDX actually brings along its own memory map.  The "EAS"[1]. has a lot
of info on it, if you know where to find it.  Here's the relevant chunk:

CMR - Convertible Memory Range -
	A range of physical memory configured by BIOS and verified by
	MCHECK. MCHECK verificatio n is intended to help ensure that a
	CMR may be used to hold TDX memory pages encrypted with a
	private HKID.

So, the BIOS has the platform knowledge to enumerate this range.  It
stashes the information off somewhere that the TDX module can find it.
Then, during OS boot, the OS makes a SEAMCALL (TDH.SYS.CONFIG) to the
TDX module and gets the list of CMRs.

The OS then has to reconcile this CMR "memory map" against the regular
old BIOS-provided memory map, tossing out any memory regions which are
RAM, but not covered by a CMR, or disabling TDX entirely.

Fun, eh?

I'm still grappling with how this series handles the policy of what
memory to throw away when.

1.
https://www.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-module-1eas.pdf