Received: by 2002:ab2:7b86:0:b0:1f7:5705:b850 with SMTP id q6csp1441966lqh;
        Mon, 6 May 2024 07:54:27 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCWwJGx1ivMZoscoGVNs48b5NQESidD/nXWsZzDhOI0/eGmBK1raVJDF1F/dP/YGaLCdss9NbJMrtK1vB+z/nOoyM6SMq8I6mWKJhTcqhA==
X-Google-Smtp-Source: AGHT+IG5qpWXcmEsjSZIagRp+7On70z3laHgbuF05dgqgvbJGW/bqvx8q/HhEMHmO38emWrxDbPf
X-Received: by 2002:a05:6359:5fa3:b0:186:100b:1552 with SMTP id lh35-20020a0563595fa300b00186100b1552mr13329465rwc.8.1715007267000;
        Mon, 06 May 2024 07:54:27 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715007266; cv=pass;
        d=google.com; s=arc-20160816;
        b=JiUaWLsL1CfpT9Ntj/Xp5iw34CX3SPiMizwrEXZvw6b0TTIjJjrRPESW94D8zz0cnp
         DbLmDtvvOSZN5qxJiWKzRtTj7yn81cddV33qo59tTNlKVE+kJQ5qQa3yt3WfM0Rq+p+t
         j9v1Fw6Qq9KSQBCTHJvtGeX8TduIs6/rY+aOLfLSfojqYw5pcFUDaKK9CZUplmznDb4a
         bW7uz52iynWcrb/PVJpy9NWIQx1IcvXv+1eS0OBXnKJCcPj55yiVj8o10j2UUJhlLSV+
         e5IzUsqq3/uul/lQbtspti/vcBwNAizIoFt8BGVAxhd0ke9y3R+t/q8v74LKX6WgLKTX
         MXUg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=aci+T+83dmN8cZRyKg3gJmgChnEaLAe6dqRi71GJh1s=;
        fh=EX3xgfA35ZrmQvF3iQjPnQBNbPC0IslQ8YH4YoBxFtU=;
        b=M5mTMmiik4XsM5k18xtiylPJ05fpctiPZKCepE8ChOIebFhdJcu5p2JwNdTHRhCxaP
         sDJ1QR2gx92QH67fcqDzjOA5/8ub96BrEmBeVG7LIB4bsAZ+QsETd2v2Zf50+JYqkD0s
         t5ucgehw4d8MNshbEjH0EAppTGkGxbLspqJZX7jS0wswFBJ5KoQ0PPgWnmtz/AMLGU+3
         M9hRqSpZWtdisBxAW5NnGXgS4djEpyVKNCz8CgWB6PY/a9xY7Z5vUjLqulSJXJeEfhPg
         fQbnVABzvW3iZwvHz3ozWxFLg2ZYsTCxMkZKhTDl0bLKgrjIBz1+5pqWUIO3K0U3IQE9
         mTEQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=FaEMlaAh;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-169781-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-169781-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel+bounces-169781-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id a70-20020a639049000000b005f0565d7c96si8363271pge.319.2024.05.06.07.54.26
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 06 May 2024 07:54:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-169781-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=FaEMlaAh;
       arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com);
       spf=pass (google.com: domain of linux-kernel+bounces-169781-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-169781-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 35EB428502F
	for <linux.lists.archive@gmail.com>; Mon,  6 May 2024 12:16:09 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 1EF53143C53;
	Mon,  6 May 2024 12:16:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FaEMlaAh"
Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.16])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD0EE6EB51
	for <linux-kernel@vger.kernel.org>; Mon,  6 May 2024 12:15:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.16
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1714997761; cv=none; b=dBKHqyEzIYyQDwhdVhG6YZNKTtpsv03rMRc/HwO7dOds1dibhY75zxRtjbaLQsmc1ABNpNdtEj7PJqk5l619+nupTW60rEMegDDMWGI8n8XVYYbfHEUWooQXsCF8v+lpRB62/NqnUldxtwScKgf+Jhw6Ad6acmflSJQ8bs5fRdM=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1714997761; c=relaxed/simple;
	bh=gPCtKS/qlmSozPKm0sB0wF9GZEtKev//fnbnOTTG+/Q=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=jD0qebp1OgiiMd9j6IMcZGlW31rsjLpVQq/2KbC4DybmEWhPO0miFkM2wS7f6aHwV40Lw1sGEpPqBbaFKsJFWJ5u3GAnM+t89kO9zS1575bn6HCiEL7Bcg3WA8D73hshcnN8zRDUXL6h4KP3Io729Ac+dPCEoVWytedlQKJpnfs=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FaEMlaAh; arc=none smtp.client-ip=192.198.163.16
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com
Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1714997758; x=1746533758;
  h=from:to:cc:subject:date:message-id:mime-version:
   content-transfer-encoding;
  bh=gPCtKS/qlmSozPKm0sB0wF9GZEtKev//fnbnOTTG+/Q=;
  b=FaEMlaAhrIUnJie70wp2pvdzSX8RrB6jnbifHxtCfsvzDBBg0U9saOY5
   ROGDqlaR3IgxJ5iyEzHcg7D7E2ZCsfyAFm4YpSyfztXpCDLgfgpHc1wDU
   +BGN0rzB0koorK4Orm3krsHu3yO1kf+5eyPDuML4s2EiBAuaOBzzZWSAT
   I3orzFCTXapBkuKkTSnjbVjHkyyZI5yeFtBSDIhJX4PENPiiBR3Iq+E+l
   7MXCF0u2x1QtBavN7dHf2lpBvLessDZpDHIfn/UXTdKETBCBrWoyFQfoA
   3HbmPZEVqdi2d3ALtMbq54bhezQM/8m+LFm/m26kT67NcTdbxYhOSs6RY
   A==;
X-CSE-ConnectionGUID: ErWSvBqdShyWDEm1/gl7gQ==
X-CSE-MsgGUID: daLNQcVgRSuuShLkXo0FaA==
X-IronPort-AV: E=McAfee;i="6600,9927,11064"; a="11271841"
X-IronPort-AV: E=Sophos;i="6.07,258,1708416000"; 
   d="scan'208";a="11271841"
Received: from fmviesa007.fm.intel.com ([10.60.135.147])
  by fmvoesa110.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 May 2024 05:15:58 -0700
X-CSE-ConnectionGUID: fYLWpQCORY+I+mxx/Mg7jA==
X-CSE-MsgGUID: f6wpcMCCRdWnHATyGokM8Q==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="6.07,258,1708416000"; 
   d="scan'208";a="28140599"
Received: from black.fi.intel.com ([10.237.72.28])
  by fmviesa007.fm.intel.com with ESMTP; 06 May 2024 05:15:56 -0700
Received: by black.fi.intel.com (Postfix, from userid 1000)
	id CF2A320F; Mon, 06 May 2024 15:15:54 +0300 (EEST)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>
Cc: linux-coco@lists.linux.dev,
	linux-kernel@vger.kernel.org
Subject: [PATCHv3 0/4] x86/tdx: Adjust TD settings on boot
Date: Mon,  6 May 2024 15:15:49 +0300
Message-ID: <20240506121553.3824346-1-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.43.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

The patchset adjusts a few TD settings on boot for the optimal functioning
of the system:

  - Disable EPT violation #VE on private memory if TD can control it

    The newer TDX module allows the guest to control whether it wants to
    see #VE on EPT violation on private memory. The Linux kernel does not
    want such #VEs and needs to disable them.

  - Enable virtualization of topology-related CPUID leafs X2APIC_APICID MSR;

    The ENUM_TOPOLOGY feature allows the VMM to provide topology
    information to the guest. Enabling the feature eliminates
    topology-related #VEs: the TDX module virtualizes accesses to the
    CPUID leafs and the MSR.

    It allows TDX guest to run with non-trivial topology configuration.

v3:
  - Update commit messages;
  - Rework patches 3/4 and 4/4;
v2:
  - Rebased;
  - Allow write to TDCS_TD_CTLS to fail;
  - Adjust commit messages;

Kirill A. Shutemov (4):
  x86/tdx: Factor out TD metadata write TDCALL
  x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup()
  x86/tdx: Handle PENDING_EPT_VIOLATION_V2
  x86/tdx: Enable ENUM_TOPOLOGY

 arch/x86/coco/tdx/tdx.c           | 163 +++++++++++++++++++++++++++---
 arch/x86/include/asm/shared/tdx.h |  21 +++-
 2 files changed, 169 insertions(+), 15 deletions(-)

-- 
2.43.0