diff mbox series

[v8,018/103] KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers

Message ID d88e0cee35b70d86493d5a71becffa4ab5c5d97c.1659854790.git.isaku.yamahata@intel.com (mailing list archive)
State New, archived
Headers show
Series KVM TDX basic feature support | expand

Commit Message

Isaku Yamahata Aug. 7, 2022, 10:01 p.m. UTC 
From: Sean Christopherson <sean.j.christopherson@intel.com>

Stub in kvm_tdx, vcpu_tdx, and their various accessors.  TDX defines
SEAMCALL APIs to access TDX control structures corresponding to the VMX
VMCS.  Introduce helper accessors to hide its SEAMCALL ABI details.

Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/kvm/vmx/tdx.h | 103 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 101 insertions(+), 2 deletions(-)

Comments

Binbin Wu Aug. 23, 2022, 3:39 a.m. UTC | #1 
On 2022/8/8 6:01, isaku.yamahata@intel.com wrote:
> From: Sean Christopherson <sean.j.christopherson@intel.com>
>
> Stub in kvm_tdx, vcpu_tdx, and their various accessors.  TDX defines
> SEAMCALL APIs to access TDX control structures corresponding to the VMX
> VMCS.  Introduce helper accessors to hide its SEAMCALL ABI details.
>
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> ---
>   arch/x86/kvm/vmx/tdx.h | 103 ++++++++++++++++++++++++++++++++++++++++-
>   1 file changed, 101 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h
> index 2f43db5bbefb..f50d37f3fc9c 100644
> --- a/arch/x86/kvm/vmx/tdx.h
> +++ b/arch/x86/kvm/vmx/tdx.h
> @@ -3,16 +3,29 @@
>   #define __KVM_X86_TDX_H
>   
>   #ifdef CONFIG_INTEL_TDX_HOST
> +
> +#include "tdx_ops.h"
> +
>   int tdx_module_setup(void);
>   
> +struct tdx_td_page {
> +	unsigned long va;
> +	hpa_t pa;
> +	bool added;
> +};
> +
>   struct kvm_tdx {
>   	struct kvm kvm;
> -	/* TDX specific members follow. */
> +
> +	struct tdx_td_page tdr;
> +	struct tdx_td_page *tdcs;
>   };
>   
>   struct vcpu_tdx {
>   	struct kvm_vcpu	vcpu;
> -	/* TDX specific members follow. */
> +
> +	struct tdx_td_page tdvpr;
> +	struct tdx_td_page *tdvpx;
>   };
>   
>   static inline bool is_td(struct kvm *kvm)
> @@ -34,6 +47,92 @@ static inline struct vcpu_tdx *to_tdx(struct kvm_vcpu *vcpu)
>   {
>   	return container_of(vcpu, struct vcpu_tdx, vcpu);
>   }
> +
> +static __always_inline void tdvps_vmcs_check(u32 field, u8 bits)
> +{
> +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && (field) & 0x1,
> +			 "Read/Write to TD VMCS *_HIGH fields not supported");
> +
> +	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
> +
> +	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
> +			 (((field) & 0x6000) == 0x2000 ||
> +			  ((field) & 0x6000) == 0x6000),
> +			 "Invalid TD VMCS access for 64-bit field");

if bits is 64 here, "bits != 64" is false, how could this check for 
"Invalid TD VMCS access for 64-bit field"?


> +	BUILD_BUG_ON_MSG(bits != 32 && __builtin_constant_p(field) &&
> +			 ((field) & 0x6000) == 0x4000,
> +			 "Invalid TD VMCS access for 32-bit field");

ditto


> +	BUILD_BUG_ON_MSG(bits != 16 && __builtin_constant_p(field) &&
> +			 ((field) & 0x6000) == 0x0000,
> +			 "Invalid TD VMCS access for 16-bit field");

ditto


> +}
> +
> +static __always_inline void tdvps_state_non_arch_check(u64 field, u8 bits) {}
> +static __always_inline void tdvps_management_check(u64 field, u8 bits) {}
> +
> +#define TDX_BUILD_TDVPS_ACCESSORS(bits, uclass, lclass)				\
> +static __always_inline u##bits td_##lclass##_read##bits(struct vcpu_tdx *tdx,	\
> +							u32 field)		\
> +{										\
> +	struct tdx_module_output out;						\
> +	u64 err;								\
> +										\
> +	tdvps_##lclass##_check(field, bits);					\
> +	err = tdh_vp_rd(tdx->tdvpr.pa, TDVPS_##uclass(field), &out);		\
> +	if (unlikely(err)) {							\
> +		pr_err("TDH_VP_RD["#uclass".0x%x] failed: 0x%llx\n",		\
> +		       field, err);						\
> +		return 0;							\
> +	}									\
> +	return (u##bits)out.r8;							\
> +}										\
> +static __always_inline void td_##lclass##_write##bits(struct vcpu_tdx *tdx,	\
> +						      u32 field, u##bits val)	\
> +{										\
> +	struct tdx_module_output out;						\
> +	u64 err;								\
> +										\
> +	tdvps_##lclass##_check(field, bits);					\
> +	err = tdh_vp_wr(tdx->tdvpr.pa, TDVPS_##uclass(field), val,		\
> +		      GENMASK_ULL(bits - 1, 0), &out);				\
> +	if (unlikely(err))							\
> +		pr_err("TDH_VP_WR["#uclass".0x%x] = 0x%llx failed: 0x%llx\n",	\
> +		       field, (u64)val, err);					\
> +}										\
> +static __always_inline void td_##lclass##_setbit##bits(struct vcpu_tdx *tdx,	\
> +						       u32 field, u64 bit)	\
> +{										\
> +	struct tdx_module_output out;						\
> +	u64 err;								\
> +										\
> +	tdvps_##lclass##_check(field, bits);					\
> +	err = tdh_vp_wr(tdx->tdvpr.pa, TDVPS_##uclass(field), bit, bit,		\
> +			&out);							\
> +	if (unlikely(err))							\
> +		pr_err("TDH_VP_WR["#uclass".0x%x] |= 0x%llx failed: 0x%llx\n",	\
> +		       field, bit, err);					\
> +}										\
> +static __always_inline void td_##lclass##_clearbit##bits(struct vcpu_tdx *tdx,	\
> +							 u32 field, u64 bit)	\
> +{										\
> +	struct tdx_module_output out;						\
> +	u64 err;								\
> +										\
> +	tdvps_##lclass##_check(field, bits);					\
> +	err = tdh_vp_wr(tdx->tdvpr.pa, TDVPS_##uclass(field), 0, bit,		\
> +			&out);							\
> +	if (unlikely(err))							\
> +		pr_err("TDH_VP_WR["#uclass".0x%x] &= ~0x%llx failed: 0x%llx\n",	\
> +		       field, bit,  err);					\
> +}
> +
> +TDX_BUILD_TDVPS_ACCESSORS(16, VMCS, vmcs);
> +TDX_BUILD_TDVPS_ACCESSORS(32, VMCS, vmcs);
> +TDX_BUILD_TDVPS_ACCESSORS(64, VMCS, vmcs);
> +
> +TDX_BUILD_TDVPS_ACCESSORS(64, STATE_NON_ARCH, state_non_arch);
> +TDX_BUILD_TDVPS_ACCESSORS(8, MANAGEMENT, management);
> +
>   #else
>   static inline int tdx_module_setup(void) { return -ENODEV; };
>
Sean Christopherson Aug. 23, 2022, 3:40 p.m. UTC | #2 
On Tue, Aug 23, 2022, Binbin Wu wrote:
> 
> On 2022/8/8 6:01, isaku.yamahata@intel.com wrote:
> > +static __always_inline void tdvps_vmcs_check(u32 field, u8 bits)
> > +{
> > +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && (field) & 0x1,
> > +			 "Read/Write to TD VMCS *_HIGH fields not supported");
> > +
> > +	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
> > +
> > +	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
> > +			 (((field) & 0x6000) == 0x2000 ||
> > +			  ((field) & 0x6000) == 0x6000),
> > +			 "Invalid TD VMCS access for 64-bit field");
> 
> if bits is 64 here, "bits != 64" is false, how could this check for "Invalid
> TD VMCS access for 64-bit field"?

Bits 14:13 of the encoding, which is extracted by "(field) & 0x6000", encodes the
width of the VMCS field.  Bit 0 of the encoding, "(field) & 0x1" above, is a modifier
that is only relevant when operating in 32-bit mode, and is disallowed because TDX is
64-bit only.

This yields four possibilities for TDX:

  (field) & 0x6000) == 0x0000 : 16-bit field
  (field) & 0x6000) == 0x2000 : 64-bit field
  (field) & 0x6000) == 0x4000 : 32-bit field
  (field) & 0x6000) == 0x6000 : 64-bit field (technically "natural width", but
                                              effectively 64-bit because TDX is
					      64-bit only)

The assertion is that if the encoding indicates a 64-bit field (0x2000 or 0x6000),
then the number of bits KVM is accessing must be '64'.  The below assertions do
the same thing for 32-bit and 16-bit fields.
 
> > +	BUILD_BUG_ON_MSG(bits != 32 && __builtin_constant_p(field) &&
> > +			 ((field) & 0x6000) == 0x4000,
> > +			 "Invalid TD VMCS access for 32-bit field");
> 
> ditto
> 
> 
> > +	BUILD_BUG_ON_MSG(bits != 16 && __builtin_constant_p(field) &&
> > +			 ((field) & 0x6000) == 0x0000,
> > +			 "Invalid TD VMCS access for 16-bit field");
> 
> ditto
Isaku Yamahata Aug. 26, 2022, 4:48 a.m. UTC | #3 
On Tue, Aug 23, 2022 at 03:40:40PM +0000,
Sean Christopherson <seanjc@google.com> wrote:

> On Tue, Aug 23, 2022, Binbin Wu wrote:
> > 
> > On 2022/8/8 6:01, isaku.yamahata@intel.com wrote:
> > > +static __always_inline void tdvps_vmcs_check(u32 field, u8 bits)
> > > +{
> > > +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && (field) & 0x1,
> > > +			 "Read/Write to TD VMCS *_HIGH fields not supported");
> > > +
> > > +	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
> > > +
> > > +	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
> > > +			 (((field) & 0x6000) == 0x2000 ||
> > > +			  ((field) & 0x6000) == 0x6000),
> > > +			 "Invalid TD VMCS access for 64-bit field");
> > 
> > if bits is 64 here, "bits != 64" is false, how could this check for "Invalid
> > TD VMCS access for 64-bit field"?
> 
> Bits 14:13 of the encoding, which is extracted by "(field) & 0x6000", encodes the
> width of the VMCS field.  Bit 0 of the encoding, "(field) & 0x1" above, is a modifier
> that is only relevant when operating in 32-bit mode, and is disallowed because TDX is
> 64-bit only.
> 
> This yields four possibilities for TDX:
> 
>   (field) & 0x6000) == 0x0000 : 16-bit field
>   (field) & 0x6000) == 0x2000 : 64-bit field
>   (field) & 0x6000) == 0x4000 : 32-bit field
>   (field) & 0x6000) == 0x6000 : 64-bit field (technically "natural width", but
>                                               effectively 64-bit because TDX is
> 					      64-bit only)
> 
> The assertion is that if the encoding indicates a 64-bit field (0x2000 or 0x6000),
> then the number of bits KVM is accessing must be '64'.  The below assertions do
> the same thing for 32-bit and 16-bit fields.

Thanks for explanation. I've updated it as follows to use symbolic value.

#define VMCS_ENC_ACCESS_TYPE_MASK	0x1UL
#define VMCS_ENC_ACCESS_TYPE_FULL	0x0UL
#define VMCS_ENC_ACCESS_TYPE_HIGH	0x1UL
#define VMCS_ENC_ACCESS_TYPE(field)	((field) & VMCS_ENC_ACCESS_TYPE_MASK)

	/* TDX is 64bit only.  HIGH field isn't supported. */
	BUILD_BUG_ON_MSG(__builtin_constant_p(field) &&
			 VMCS_ENC_ACCESS_TYPE(field) == VMCS_ENC_ACCESS_TYPE_HIGH,
			 "Read/Write to TD VMCS *_HIGH fields not supported");

	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);

#define VMCS_ENC_WIDTH_MASK	GENMASK_UL(14, 13)
#define VMCS_ENC_WIDTH_16BIT	(0UL << 13)
#define VMCS_ENC_WIDTH_64BIT	(1UL << 13)
#define VMCS_ENC_WIDTH_32BIT	(2UL << 13)
#define VMCS_ENC_WIDTH_NATURAL	(3UL << 13)
#define VMCS_ENC_WIDTH(field)	((field) & VMCS_ENC_WIDTH_MASK)

	/* TDX is 64bit only.  i.e. natural width = 64bit. */
	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
			 (VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_64BIT ||
			  VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_NATURAL),
			 "Invalid TD VMCS access for 64-bit field");
	BUILD_BUG_ON_MSG(bits != 32 && __builtin_constant_p(field) &&
			 VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_32BIT,
			 "Invalid TD VMCS access for 32-bit field");
	BUILD_BUG_ON_MSG(bits != 16 && __builtin_constant_p(field) &&
			 VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_16BIT,
			 "Invalid TD VMCS access for 16-bit field");
Binbin Wu Aug. 26, 2022, 6:24 a.m. UTC | #4 
On 2022/8/23 23:40, Sean Christopherson wrote:
> On Tue, Aug 23, 2022, Binbin Wu wrote:
>> On 2022/8/8 6:01, isaku.yamahata@intel.com wrote:
>>> +static __always_inline void tdvps_vmcs_check(u32 field, u8 bits)
>>> +{
>>> +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && (field) & 0x1,
>>> +			 "Read/Write to TD VMCS *_HIGH fields not supported");
>>> +
>>> +	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
>>> +
>>> +	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
>>> +			 (((field) & 0x6000) == 0x2000 ||
>>> +			  ((field) & 0x6000) == 0x6000),
>>> +			 "Invalid TD VMCS access for 64-bit field");
>> if bits is 64 here, "bits != 64" is false, how could this check for "Invalid
>> TD VMCS access for 64-bit field"?
> Bits 14:13 of the encoding, which is extracted by "(field) & 0x6000", encodes the
> width of the VMCS field.  Bit 0 of the encoding, "(field) & 0x1" above, is a modifier
> that is only relevant when operating in 32-bit mode, and is disallowed because TDX is
> 64-bit only.
>
> This yields four possibilities for TDX:
>
>    (field) & 0x6000) == 0x0000 : 16-bit field
>    (field) & 0x6000) == 0x2000 : 64-bit field
>    (field) & 0x6000) == 0x4000 : 32-bit field
>    (field) & 0x6000) == 0x6000 : 64-bit field (technically "natural width", but
>                                                effectively 64-bit because TDX is
> 					      64-bit only)
>
> The assertion is that if the encoding indicates a 64-bit field (0x2000 or 0x6000),
> then the number of bits KVM is accessing must be '64'.  The below assertions do
> the same thing for 32-bit and 16-bit fields.

Thanks for explanation, it is crystal clear to me now.  :)


>   
>>> +	BUILD_BUG_ON_MSG(bits != 32 && __builtin_constant_p(field) &&
>>> +			 ((field) & 0x6000) == 0x4000,
>>> +			 "Invalid TD VMCS access for 32-bit field");
>> ditto
>>
>>
>>> +	BUILD_BUG_ON_MSG(bits != 16 && __builtin_constant_p(field) &&
>>> +			 ((field) & 0x6000) == 0x0000,
>>> +			 "Invalid TD VMCS access for 16-bit field");
>> ditto
Yuan Yao Aug. 30, 2022, 6:51 a.m. UTC | #5 
On Thu, Aug 25, 2022 at 09:48:17PM -0700, Isaku Yamahata wrote:
> On Tue, Aug 23, 2022 at 03:40:40PM +0000,
> Sean Christopherson <seanjc@google.com> wrote:
>
> > On Tue, Aug 23, 2022, Binbin Wu wrote:
> > >
> > > On 2022/8/8 6:01, isaku.yamahata@intel.com wrote:
> > > > +static __always_inline void tdvps_vmcs_check(u32 field, u8 bits)
> > > > +{
> > > > +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && (field) & 0x1,
> > > > +			 "Read/Write to TD VMCS *_HIGH fields not supported");
> > > > +
> > > > +	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
> > > > +
> > > > +	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
> > > > +			 (((field) & 0x6000) == 0x2000 ||
> > > > +			  ((field) & 0x6000) == 0x6000),
> > > > +			 "Invalid TD VMCS access for 64-bit field");
> > >
> > > if bits is 64 here, "bits != 64" is false, how could this check for "Invalid
> > > TD VMCS access for 64-bit field"?
> >
> > Bits 14:13 of the encoding, which is extracted by "(field) & 0x6000", encodes the
> > width of the VMCS field.  Bit 0 of the encoding, "(field) & 0x1" above, is a modifier
> > that is only relevant when operating in 32-bit mode, and is disallowed because TDX is
> > 64-bit only.
> >
> > This yields four possibilities for TDX:
> >
> >   (field) & 0x6000) == 0x0000 : 16-bit field
> >   (field) & 0x6000) == 0x2000 : 64-bit field
> >   (field) & 0x6000) == 0x4000 : 32-bit field
> >   (field) & 0x6000) == 0x6000 : 64-bit field (technically "natural width", but
> >                                               effectively 64-bit because TDX is
> > 					      64-bit only)
> >
> > The assertion is that if the encoding indicates a 64-bit field (0x2000 or 0x6000),
> > then the number of bits KVM is accessing must be '64'.  The below assertions do
> > the same thing for 32-bit and 16-bit fields.
>
> Thanks for explanation. I've updated it as follows to use symbolic value.
>
> #define VMCS_ENC_ACCESS_TYPE_MASK	0x1UL
> #define VMCS_ENC_ACCESS_TYPE_FULL	0x0UL
> #define VMCS_ENC_ACCESS_TYPE_HIGH	0x1UL
> #define VMCS_ENC_ACCESS_TYPE(field)	((field) & VMCS_ENC_ACCESS_TYPE_MASK)
>
> 	/* TDX is 64bit only.  HIGH field isn't supported. */
> 	BUILD_BUG_ON_MSG(__builtin_constant_p(field) &&
> 			 VMCS_ENC_ACCESS_TYPE(field) == VMCS_ENC_ACCESS_TYPE_HIGH,
> 			 "Read/Write to TD VMCS *_HIGH fields not supported");
>
> 	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
>
> #define VMCS_ENC_WIDTH_MASK	GENMASK_UL(14, 13)
> #define VMCS_ENC_WIDTH_16BIT	(0UL << 13)
> #define VMCS_ENC_WIDTH_64BIT	(1UL << 13)
> #define VMCS_ENC_WIDTH_32BIT	(2UL << 13)
> #define VMCS_ENC_WIDTH_NATURAL	(3UL << 13)
> #define VMCS_ENC_WIDTH(field)	((field) & VMCS_ENC_WIDTH_MASK)
>
> 	/* TDX is 64bit only.  i.e. natural width = 64bit. */
> 	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
> 			 (VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_64BIT ||
> 			  VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_NATURAL),
> 			 "Invalid TD VMCS access for 64-bit field");
> 	BUILD_BUG_ON_MSG(bits != 32 && __builtin_constant_p(field) &&
> 			 VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_32BIT,
> 			 "Invalid TD VMCS access for 32-bit field");
> 	BUILD_BUG_ON_MSG(bits != 16 && __builtin_constant_p(field) &&
> 			 VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_16BIT,
> 			 "Invalid TD VMCS access for 16-bit field");
>

These are standard VMCS definition, I suggest to put them into
arch/x86/kvm/vmx/vmcs.h but not only in tdx.h, actually you can find
an already defined "enum vmcs_field_width" there.


> --
> Isaku Yamahata <isaku.yamahata@gmail.com>
Xiaoyao Li Aug. 31, 2022, 3:40 a.m. UTC | #6 
On 8/26/2022 12:48 PM, Isaku Yamahata wrote:
> On Tue, Aug 23, 2022 at 03:40:40PM +0000,
> Sean Christopherson <seanjc@google.com> wrote:
> 
>> On Tue, Aug 23, 2022, Binbin Wu wrote:
>>>
>>> On 2022/8/8 6:01, isaku.yamahata@intel.com wrote:
>>>> +static __always_inline void tdvps_vmcs_check(u32 field, u8 bits)
>>>> +{
>>>> +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && (field) & 0x1,
>>>> +			 "Read/Write to TD VMCS *_HIGH fields not supported");
>>>> +
>>>> +	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
>>>> +
>>>> +	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
>>>> +			 (((field) & 0x6000) == 0x2000 ||
>>>> +			  ((field) & 0x6000) == 0x6000),
>>>> +			 "Invalid TD VMCS access for 64-bit field");
>>>
>>> if bits is 64 here, "bits != 64" is false, how could this check for "Invalid
>>> TD VMCS access for 64-bit field"?
>>
>> Bits 14:13 of the encoding, which is extracted by "(field) & 0x6000", encodes the
>> width of the VMCS field.  Bit 0 of the encoding, "(field) & 0x1" above, is a modifier
>> that is only relevant when operating in 32-bit mode, and is disallowed because TDX is
>> 64-bit only.
>>
>> This yields four possibilities for TDX:
>>
>>    (field) & 0x6000) == 0x0000 : 16-bit field
>>    (field) & 0x6000) == 0x2000 : 64-bit field
>>    (field) & 0x6000) == 0x4000 : 32-bit field
>>    (field) & 0x6000) == 0x6000 : 64-bit field (technically "natural width", but
>>                                                effectively 64-bit because TDX is
>> 					      64-bit only)
>>
>> The assertion is that if the encoding indicates a 64-bit field (0x2000 or 0x6000),
>> then the number of bits KVM is accessing must be '64'.  The below assertions do
>> the same thing for 32-bit and 16-bit fields.
> 
> Thanks for explanation. I've updated it as follows to use symbolic value.
> 
> #define VMCS_ENC_ACCESS_TYPE_MASK	0x1UL
> #define VMCS_ENC_ACCESS_TYPE_FULL	0x0UL
> #define VMCS_ENC_ACCESS_TYPE_HIGH	0x1UL
> #define VMCS_ENC_ACCESS_TYPE(field)	((field) & VMCS_ENC_ACCESS_TYPE_MASK)
> 
> 	/* TDX is 64bit only.  HIGH field isn't supported. */
> 	BUILD_BUG_ON_MSG(__builtin_constant_p(field) &&
> 			 VMCS_ENC_ACCESS_TYPE(field) == VMCS_ENC_ACCESS_TYPE_HIGH,
> 			 "Read/Write to TD VMCS *_HIGH fields not supported");
> 
> 	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
> 
> #define VMCS_ENC_WIDTH_MASK	GENMASK_UL(14, 13)
> #define VMCS_ENC_WIDTH_16BIT	(0UL << 13)
> #define VMCS_ENC_WIDTH_64BIT	(1UL << 13)
> #define VMCS_ENC_WIDTH_32BIT	(2UL << 13)
> #define VMCS_ENC_WIDTH_NATURAL	(3UL << 13)
> #define VMCS_ENC_WIDTH(field)	((field) & VMCS_ENC_WIDTH_MASK)
> 
> 	/* TDX is 64bit only.  i.e. natural width = 64bit. */
> 	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
> 			 (VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_64BIT ||
> 			  VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_NATURAL),
> 			 "Invalid TD VMCS access for 64-bit field");
> 	BUILD_BUG_ON_MSG(bits != 32 && __builtin_constant_p(field) &&
> 			 VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_32BIT,
> 			 "Invalid TD VMCS access for 32-bit field");
> 	BUILD_BUG_ON_MSG(bits != 16 && __builtin_constant_p(field) &&
> 			 VMCS_ENC_WIDTH(field) == VMCS_ENC_WIDTH_16BIT,
> 			 "Invalid TD VMCS access for 16-bit field");

Actually, the original code is written by me that is copied from 
vmcs_check{16/32/64/l} in arch/x86/kvm/vmx/vmx_ops.h

If you are going to do above change, you'd better cook a patch to change 
it for vmx_ops.h at first and see opinion from community.
diff mbox series

Patch

diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h
index 2f43db5bbefb..f50d37f3fc9c 100644
--- a/arch/x86/kvm/vmx/tdx.h
+++ b/arch/x86/kvm/vmx/tdx.h
@@ -3,16 +3,29 @@ 
 #define __KVM_X86_TDX_H
 
 #ifdef CONFIG_INTEL_TDX_HOST
+
+#include "tdx_ops.h"
+
 int tdx_module_setup(void);
 
+struct tdx_td_page {
+	unsigned long va;
+	hpa_t pa;
+	bool added;
+};
+
 struct kvm_tdx {
 	struct kvm kvm;
-	/* TDX specific members follow. */
+
+	struct tdx_td_page tdr;
+	struct tdx_td_page *tdcs;
 };
 
 struct vcpu_tdx {
 	struct kvm_vcpu	vcpu;
-	/* TDX specific members follow. */
+
+	struct tdx_td_page tdvpr;
+	struct tdx_td_page *tdvpx;
 };
 
 static inline bool is_td(struct kvm *kvm)
@@ -34,6 +47,92 @@  static inline struct vcpu_tdx *to_tdx(struct kvm_vcpu *vcpu)
 {
 	return container_of(vcpu, struct vcpu_tdx, vcpu);
 }
+
+static __always_inline void tdvps_vmcs_check(u32 field, u8 bits)
+{
+	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && (field) & 0x1,
+			 "Read/Write to TD VMCS *_HIGH fields not supported");
+
+	BUILD_BUG_ON(bits != 16 && bits != 32 && bits != 64);
+
+	BUILD_BUG_ON_MSG(bits != 64 && __builtin_constant_p(field) &&
+			 (((field) & 0x6000) == 0x2000 ||
+			  ((field) & 0x6000) == 0x6000),
+			 "Invalid TD VMCS access for 64-bit field");
+	BUILD_BUG_ON_MSG(bits != 32 && __builtin_constant_p(field) &&
+			 ((field) & 0x6000) == 0x4000,
+			 "Invalid TD VMCS access for 32-bit field");
+	BUILD_BUG_ON_MSG(bits != 16 && __builtin_constant_p(field) &&
+			 ((field) & 0x6000) == 0x0000,
+			 "Invalid TD VMCS access for 16-bit field");
+}
+
+static __always_inline void tdvps_state_non_arch_check(u64 field, u8 bits) {}
+static __always_inline void tdvps_management_check(u64 field, u8 bits) {}
+
+#define TDX_BUILD_TDVPS_ACCESSORS(bits, uclass, lclass)				\
+static __always_inline u##bits td_##lclass##_read##bits(struct vcpu_tdx *tdx,	\
+							u32 field)		\
+{										\
+	struct tdx_module_output out;						\
+	u64 err;								\
+										\
+	tdvps_##lclass##_check(field, bits);					\
+	err = tdh_vp_rd(tdx->tdvpr.pa, TDVPS_##uclass(field), &out);		\
+	if (unlikely(err)) {							\
+		pr_err("TDH_VP_RD["#uclass".0x%x] failed: 0x%llx\n",		\
+		       field, err);						\
+		return 0;							\
+	}									\
+	return (u##bits)out.r8;							\
+}										\
+static __always_inline void td_##lclass##_write##bits(struct vcpu_tdx *tdx,	\
+						      u32 field, u##bits val)	\
+{										\
+	struct tdx_module_output out;						\
+	u64 err;								\
+										\
+	tdvps_##lclass##_check(field, bits);					\
+	err = tdh_vp_wr(tdx->tdvpr.pa, TDVPS_##uclass(field), val,		\
+		      GENMASK_ULL(bits - 1, 0), &out);				\
+	if (unlikely(err))							\
+		pr_err("TDH_VP_WR["#uclass".0x%x] = 0x%llx failed: 0x%llx\n",	\
+		       field, (u64)val, err);					\
+}										\
+static __always_inline void td_##lclass##_setbit##bits(struct vcpu_tdx *tdx,	\
+						       u32 field, u64 bit)	\
+{										\
+	struct tdx_module_output out;						\
+	u64 err;								\
+										\
+	tdvps_##lclass##_check(field, bits);					\
+	err = tdh_vp_wr(tdx->tdvpr.pa, TDVPS_##uclass(field), bit, bit,		\
+			&out);							\
+	if (unlikely(err))							\
+		pr_err("TDH_VP_WR["#uclass".0x%x] |= 0x%llx failed: 0x%llx\n",	\
+		       field, bit, err);					\
+}										\
+static __always_inline void td_##lclass##_clearbit##bits(struct vcpu_tdx *tdx,	\
+							 u32 field, u64 bit)	\
+{										\
+	struct tdx_module_output out;						\
+	u64 err;								\
+										\
+	tdvps_##lclass##_check(field, bits);					\
+	err = tdh_vp_wr(tdx->tdvpr.pa, TDVPS_##uclass(field), 0, bit,		\
+			&out);							\
+	if (unlikely(err))							\
+		pr_err("TDH_VP_WR["#uclass".0x%x] &= ~0x%llx failed: 0x%llx\n",	\
+		       field, bit,  err);					\
+}
+
+TDX_BUILD_TDVPS_ACCESSORS(16, VMCS, vmcs);
+TDX_BUILD_TDVPS_ACCESSORS(32, VMCS, vmcs);
+TDX_BUILD_TDVPS_ACCESSORS(64, VMCS, vmcs);
+
+TDX_BUILD_TDVPS_ACCESSORS(64, STATE_NON_ARCH, state_non_arch);
+TDX_BUILD_TDVPS_ACCESSORS(8, MANAGEMENT, management);
+
 #else
 static inline int tdx_module_setup(void) { return -ENODEV; };