[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 03/22] x86/boot: add MLE header and Secure Launch entry point

  • To: Sergii Dmytruk <sergii.dmytruk@xxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Mon, 14 Jul 2025 09:38:12 +0200
  • Autocrypt: addr=jbeulich@xxxxxxxx; keydata= xsDiBFk3nEQRBADAEaSw6zC/EJkiwGPXbWtPxl2xCdSoeepS07jW8UgcHNurfHvUzogEq5xk hu507c3BarVjyWCJOylMNR98Yd8VqD9UfmX0Hb8/BrA+Hl6/DB/eqGptrf4BSRwcZQM32aZK 7Pj2XbGWIUrZrd70x1eAP9QE3P79Y2oLrsCgbZJfEwCgvz9JjGmQqQkRiTVzlZVCJYcyGGsD /0tbFCzD2h20ahe8rC1gbb3K3qk+LpBtvjBu1RY9drYk0NymiGbJWZgab6t1jM7sk2vuf0Py O9Hf9XBmK0uE9IgMaiCpc32XV9oASz6UJebwkX+zF2jG5I1BfnO9g7KlotcA/v5ClMjgo6Gl MDY4HxoSRu3i1cqqSDtVlt+AOVBJBACrZcnHAUSuCXBPy0jOlBhxPqRWv6ND4c9PH1xjQ3NP nxJuMBS8rnNg22uyfAgmBKNLpLgAGVRMZGaGoJObGf72s6TeIqKJo/LtggAS9qAUiuKVnygo 3wjfkS9A3DRO+SpU7JqWdsveeIQyeyEJ/8PTowmSQLakF+3fote9ybzd880fSmFuIEJldWxp Y2ggPGpiZXVsaWNoQHN1c2UuY29tPsJgBBMRAgAgBQJZN5xEAhsDBgsJCAcDAgQVAggDBBYC AwECHgECF4AACgkQoDSui/t3IH4J+wCfQ5jHdEjCRHj23O/5ttg9r9OIruwAn3103WUITZee e7Sbg12UgcQ5lv7SzsFNBFk3nEQQCACCuTjCjFOUdi5Nm244F+78kLghRcin/awv+IrTcIWF hUpSs1Y91iQQ7KItirz5uwCPlwejSJDQJLIS+QtJHaXDXeV6NI0Uef1hP20+y8qydDiVkv6l IreXjTb7DvksRgJNvCkWtYnlS3mYvQ9NzS9PhyALWbXnH6sIJd2O9lKS1Mrfq+y0IXCP10eS FFGg+Av3IQeFatkJAyju0PPthyTqxSI4lZYuJVPknzgaeuJv/2NccrPvmeDg6Coe7ZIeQ8Yj t0ARxu2xytAkkLCel1Lz1WLmwLstV30g80nkgZf/wr+/BXJW/oIvRlonUkxv+IbBM3dX2OV8 AmRv1ySWPTP7AAMFB/9PQK/VtlNUJvg8GXj9ootzrteGfVZVVT4XBJkfwBcpC/XcPzldjv+3 HYudvpdNK3lLujXeA5fLOH+Z/G9WBc5pFVSMocI71I8bT8lIAzreg0WvkWg5V2WZsUMlnDL9 mpwIGFhlbM3gfDMs7MPMu8YQRFVdUvtSpaAs8OFfGQ0ia3LGZcjA6Ik2+xcqscEJzNH+qh8V m5jjp28yZgaqTaRbg3M/+MTbMpicpZuqF4rnB0AQD12/3BNWDR6bmh+EkYSMcEIpQmBM51qM EKYTQGybRCjpnKHGOxG0rfFY1085mBDZCH5Kx0cl0HVJuQKC+dV2ZY5AqjcKwAxpE75MLFkr wkkEGBECAAkFAlk3nEQCGwwACgkQoDSui/t3IH7nnwCfcJWUDUFKdCsBH/E5d+0ZnMQi+G0A nAuWpQkjM1ASeQwSHEeAWPgskBQL
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Michal Orzel <michal.orzel@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, trenchboot-devel@xxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
  • Delivery-date: Mon, 14 Jul 2025 07:38:28 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 13.07.2025 19:51, Sergii Dmytruk wrote:
> On Tue, Jul 08, 2025 at 09:02:55AM +0200, Jan Beulich wrote:
>>>>> +         * - DS, ES, SS, FS and GS are undefined according to TXT SDG, 
>>>>> but this
>>>>> +         *   would make it impossible to initialize GDTR, because GDT 
>>>>> base must
>>>>> +         *   be relocated in the descriptor, which requires write access 
>>>>> that
>>>>> +         *   CS doesn't provide. Instead we have to assume that DS is 
>>>>> set by
>>>>> +         *   SINIT ACM as flat 4GB data segment.
>>>>
>>>> Do you really _have to_? At least as plausibly SS might be properly set up,
>>>> while DS might not be.
>>>
>>> "have to" is referring to the fact that making this assumption is forced
>>> on the implementation.
>>
>> But that's not really true. The Xen bits could be changed if needed, e.g. ...
>>
>>>  LGDT instruction uses DS in the code below, hence it's DS.
>>
>> ... these could be made use SS or even CS.
> 
> SS can be used, but is it really any better than DS?  CS can be used for
> LGDT but it won't work for modifying base address because code segments
> are read-only.  Or do you mean that the comment should be made more
> precise?

Exactly. I was specifically referring to you saying "have to". Which is fine
to say when that's actually true.

>>>>> +         * Additional restrictions:
>>>>> +         * - some MSRs are partially cleared, among them 
>>>>> IA32_MISC_ENABLE, so
>>>>> +         *   some capabilities might be reported as disabled even if 
>>>>> they are
>>>>> +         *   supported by CPU
>>>>> +         * - interrupts (including NMIs and SMIs) are disabled and must 
>>>>> be
>>>>> +         *   enabled later
>>>>> +         * - trying to enter real mode results in reset
>>>>> +         * - APs must be brought up by MONITOR or GETSEC[WAKEUP], 
>>>>> depending on
>>>>> +         *   which is supported by a given SINIT ACM
>>>>
>>>> I'm curious: How would MONITOR allow to bring up an AP? That's not even a
>>>> memory access.
>>>
>>> See patch #15.  BSP sets up TXT.MLE.JOIN and writes to an address
>>> monitored by APs, this causes APs to become part of dynamic launch by
>>> continuing execution at TXT-specific entry point.  It's more of a
>>> redirection rather than waking up, just another case of bad terminology.
>>
>> Okay, (just ftaod) then my more general request: Please try to be as accurate
>> as possible in comments (and similarly patch descriptions). "must be brought
>> up by" is wording that I interpret to describe the action the "active" party
>> (i.e. the BSP) needs to take. Whereas MONITOR, as you now clarify, is the
>> action the AP needs to take (and then apparently is further required to
>> check for false wakeups).
> 
> I'll try and in particular will correct this comment, but I might still
> miss things due to being used to them.  In general when code is
> developed over the years by several people doing other projects in
> between, things just end up looking weird, so please bear with me.

That I can surely understand. Still my expectation is that when one takes
over code, everything is being looked at carefully. Much like a non-public
review. After all once you submit such work publicly, you will be the one
to "defend" that code, including all of the commentary.

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.