From patchwork Mon Jan 22 23:52:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Isaku Yamahata X-Patchwork-Id: 13526443 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C8BD5786E; Mon, 22 Jan 2024 23:55:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.15 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967708; cv=none; b=avcCjyiBa4V1hnmm6WLTfeWHnafrooJ11Nsg7BkI4/QKIDAikxmSr+uQVR92GIiDp2vIPywdLy6f3RGvZnZG3nAqZD8wSOYhKxww9OaIcGrxlAahXSVv0bE9Sv6YWHnnmvNACkiWGUN7i07ovAz/tkDKRgvKoj5FhT01XyGE8HI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967708; c=relaxed/simple; bh=EDYr4lgdW6JFMZ6HyRGabbtWHlxR2mkb0WVmf9cbOE4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=paEANL54imSb3F4RSCoGpA/u3Nqjw892+j0NXbWVRGzv4YMWkfa8aLiNuKc7UdFR7q/+AArj9fP3RiE5lU2UupteIGCnJSVyozDe5ePZ5teELG0ui8QoTrqhHja+gNuNGGcIpFhyfDHpj2gEr3hNKjLtkntpsoldZiOZPiD42gM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=b5T81TQ5; arc=none smtp.client-ip=198.175.65.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="b5T81TQ5" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1705967707; x=1737503707; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EDYr4lgdW6JFMZ6HyRGabbtWHlxR2mkb0WVmf9cbOE4=; b=b5T81TQ5e5oyZqYFKvnDG9mx7fwadzajbPvy2aJ1rXqDSPqBEsZtzVqT ELAo36AAwhZhP3M/OtYroS7IlkfmU2PvKiwrfeylAqy7367NUQZ1qX9kT Zkk6CnLpXcl1jVPyEKuT6NrbbE+KDpxASGhakw+i+OwKVujwkMgv3MxQg yn4eF4CvgmL1Xq63/9Kl4ti5OrHyROppRxHHwywcZ1XeMZLh0L9alSVvt eCr7OfXCoSpXShOgGO8S42UpNGPNLtK46Jirf2hgVCxb5bR1WkpWY3zXv rPbMGrCIbkSXBp0h6tXphKCenyrAL+CvEQQ5fDRgMIyiDtwrQEfoKNwvI g==; X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="1243769" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="1243769" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="819888425" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="819888425" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:04 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v18 018/121] KVM: TDX: Add helper functions to allocate/free TDX private host key id Date: Mon, 22 Jan 2024 15:52:54 -0800 Message-Id: <16ebf3b34cf1a2346ac6a58f4dc720abf74daab4.1705965634.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 From: Isaku Yamahata Add helper functions to allocate/free TDX private host key id (HKID). The memory controller encrypts TDX memory with the assigned TDX HKIDs. The global TDX HKID is to encrypt the TDX module, its memory, and some dynamic data (TDR). The private TDX HKID is assigned to guest TD to encrypt guest memory and the related data. When VMM releases an encrypted page for reuse, the page needs a cache flush with the used HKID. VMM needs the global TDX HKID and the private TDX HKIDs to flush encrypted pages. Signed-off-by: Isaku Yamahata --- v18: - Moved the functions to kvm tdx from arch/x86/virt/vmx/tdx/ - Drop exporting symbols as the host tdx does. --- arch/x86/kvm/vmx/tdx.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 9d3f593eacb8..ee9d6a687d93 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -11,6 +11,35 @@ #undef pr_fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +/* + * Key id globally used by TDX module: TDX module maps TDR with this TDX global + * key id. TDR includes key id assigned to the TD. Then TDX module maps other + * TD-related pages with the assigned key id. TDR requires this TDX global key + * id for cache flush unlike other TD-related pages. + */ +/* TDX KeyID pool */ +static DEFINE_IDA(tdx_guest_keyid_pool); + +static int __used tdx_guest_keyid_alloc(void) +{ + if (WARN_ON_ONCE(!tdx_guest_keyid_start || !tdx_nr_guest_keyids)) + return -EINVAL; + + /* The first keyID is reserved for the global key. */ + return ida_alloc_range(&tdx_guest_keyid_pool, tdx_guest_keyid_start, + tdx_guest_keyid_start + tdx_nr_guest_keyids - 1, + GFP_KERNEL); +} + +static void __used tdx_guest_keyid_free(int keyid) +{ + /* keyid = 0 is reserved. */ + if (WARN_ON_ONCE(keyid <= 0)) + return; + + ida_free(&tdx_guest_keyid_pool, keyid); +} + static int __init tdx_module_setup(void) { int ret;