| Message ID | 35081dba60ef61c313c2d7334815247248b8d1da.1649219184.git.kai.huang@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | TDX host kernel support | expand |
On 4/5/22 9:49 PM, Kai Huang wrote: > Logical-cpu scope initialization requires calling TDH.SYS.LP.INIT on all > BIOS-enabled cpus, otherwise the TDH.SYS.CONFIG SEAMCALL will fail. IIUC, this change handles logical CPU initialization part of TDX module initialization. So why talk about TDH.SYS.CONFIG failure here? Are they related? > TDH.SYS.LP.INIT can be called concurrently on all cpus. IMO, if you move the following paragraph to the beginning, it is easier to understand "what" and "why" part of this change. > > Following global initialization, do the logical-cpu scope initialization > by calling TDH.SYS.LP.INIT on all online cpus. Whether all BIOS-enabled > cpus are online is not checked here for simplicity. The caller of > tdx_init() should guarantee all BIOS-enabled cpus are online. Include specification reference for TDX module initialization and TDH.SYS.LP.INIT. In TDX module spec, section 22.2.35 (TDH.SYS.LP.INIT Leaf), mentions some environment requirements. I don't see you checking here for it? Is this already met?
On Sat, 2022-04-23 at 18:27 -0700, Sathyanarayanan Kuppuswamy wrote: > > On 4/5/22 9:49 PM, Kai Huang wrote: > > Logical-cpu scope initialization requires calling TDH.SYS.LP.INIT on all > > BIOS-enabled cpus, otherwise the TDH.SYS.CONFIG SEAMCALL will fail. > > IIUC, this change handles logical CPU initialization part of TDX module > initialization. So why talk about TDH.SYS.CONFIG failure here? Are they > related? They are a little bit related but I think I can remove it. Thanks. > > > TDH.SYS.LP.INIT can be called concurrently on all cpus. > > IMO, if you move the following paragraph to the beginning, it is easier > to understand "what" and "why" part of this change. OK. > > > > Following global initialization, do the logical-cpu scope initialization > > by calling TDH.SYS.LP.INIT on all online cpus. Whether all BIOS-enabled > > cpus are online is not checked here for simplicity. The caller of > > tdx_init() should guarantee all BIOS-enabled cpus are online. > > Include specification reference for TDX module initialization and > TDH.SYS.LP.INIT. > > In TDX module spec, section 22.2.35 (TDH.SYS.LP.INIT Leaf), mentions > some environment requirements. I don't see you checking here for it? > Is this already met? > Good catch. I missed it, and I'll look into it. Thanks.
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 5c2f3a30be2f..ef2718423f0f 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -461,6 +461,13 @@ static int __tdx_detect(void) return -ENODEV; } +static int tdx_module_init_cpus(void) +{ + struct seamcall_ctx sc = { .fn = TDH_SYS_LP_INIT }; + + return seamcall_on_each_cpu(&sc); +} + static int init_tdx_module(void) { int ret; @@ -470,6 +477,11 @@ static int init_tdx_module(void) if (ret) goto out; + /* Logical-cpu scope initialization */ + ret = tdx_module_init_cpus(); + if (ret) + goto out; + /* * Return -EFAULT until all steps of TDX module * initialization are done. diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index f0983b1936d8..b8cfdd6e12f3 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -39,6 +39,7 @@ struct p_seamldr_info { * TDX module SEAMCALL leaf functions */ #define TDH_SYS_INIT 33 +#define TDH_SYS_LP_INIT 35 #define TDH_SYS_LP_SHUTDOWN 44 struct tdx_module_output;
Logical-cpu scope initialization requires calling TDH.SYS.LP.INIT on all BIOS-enabled cpus, otherwise the TDH.SYS.CONFIG SEAMCALL will fail. TDH.SYS.LP.INIT can be called concurrently on all cpus. Following global initialization, do the logical-cpu scope initialization by calling TDH.SYS.LP.INIT on all online cpus. Whether all BIOS-enabled cpus are online is not checked here for simplicity. The caller of tdx_init() should guarantee all BIOS-enabled cpus are online. Signed-off-by: Kai Huang <kai.huang@intel.com> --- arch/x86/virt/vmx/tdx/tdx.c | 12 ++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 1 + 2 files changed, 13 insertions(+)