Confidential Compute patches continue to hit the kernel mailing lists, and in particular those targeting x86 (both Intel and AMD). Intel’s Trusted Domain eXtensions (TDX) and AMD’s Secure Encrypted Virtualization (SEV) achieve much of the same thing, but through slightly different mechanisms, thus requiring different enablement. However, this month has focused on similar areas, including (encrypted) guest support for interrupt handling in a manner that isolates the guest from a malicious host hypervisor attempting to inject bad interrupts.
Rik van Riel et al continue to work on a patch series titled AMD Broadcast TLB Invalidation, which adopts a feature common to the ARM architecture for use on x86. TLBs (Translation Lookaside Buffers) are used within a CPU to speed up the process of resolving a (virtual) address used by an application or the kernel into underlying physical memory locations. Sometimes, these need to be invalidated (for example, when tearing down a memory mapping), and it must be completed before a process can continue. Traditionally, this happened on x86 by sending a special software Inter-Processor Interrupt (IPI) to other CPUs, instructing them to stop what they were doing and invalidate any entries they had for the old entry. This is slow and scales poorly. Hardware broadcast invalidates are more complex but can improve performance on large systems.
Gregory Price is creating a series of posts under the concept of CXL Boot to Bash, explaining the various stages involved in detecting and enabling CXL (Compute eXpress Link) (memory) devices with Linux. CXL is a technology that is similar to PCIe but is used to more closely couple accelerators and memory devices. Its main use case has been in the CXL.mem variant (aka Type3 device) used for memory expansion, which is the case Gregory is discussing. You can read the thread here: https://bit.ly/lxf327thread.