From patchwork Mon Jun 26 14:12:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Huang, Kai" X-Patchwork-Id: 13292983 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF0B4EB64D7 for ; Mon, 26 Jun 2023 14:15:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7AE638D0009; Mon, 26 Jun 2023 10:15:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 737368D0001; Mon, 26 Jun 2023 10:15:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5B2698D0009; Mon, 26 Jun 2023 10:15:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 420FF8D0001 for ; Mon, 26 Jun 2023 10:15:13 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 07E25120205 for ; Mon, 26 Jun 2023 14:15:13 +0000 (UTC) X-FDA: 80945096106.07.C44FFBC Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf14.hostedemail.com (Postfix) with ESMTP id CA5F3100007 for ; Mon, 26 Jun 2023 14:15:09 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Y3uUrhO0; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf14.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687788910; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=MEB6PUAULYWrhK8ujbZNY49+xs3c+06kytkyxg88xxw=; b=07tgn9a8nQrmel9iv0xGvXv3FTZILRHet5o1nTYLUuIbNSIuZ3haF22dSjTtP7FLMvTMBL vuRew7mF9tR1LdLS8RmSeA9w/O5eogv3Th1zQMwdUGFOqpFkMtkahb+mIVjqKq6YIuH0wO 6aLnKZrdSmKTpLs9mM0GSKbyyPR6sf8= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Y3uUrhO0; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf14.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687788910; a=rsa-sha256; cv=none; b=7ZxecKUT6+pUyI8f9g4adaDO1plhmkLxQymXJkNFCh1YWxViO2IrlqBswC17LAv28eg4OG l80fagVwLJ/+Nyxn5nYct6NYAymyG7x3lcbgSXpFYv20Ffq2WLqoj/e073IYcCY9GmyXZU pABwnJ2YjHipx836WgWRYTQyRRbtiqM= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687788910; x=1719324910; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7sUUC3QHhe9v8agSed4LLafdaNDuQsaczLJKmfjGoz0=; b=Y3uUrhO0P+w8EsU7vrdxYcYpeB9tnxjp3OCBDefpggS2IjFDdAisO3vr sXT1Jm3A6YLt1AmuQCGPoInBOAh6zXgPH1PY2c5bTjB2Ey0InxdwRTc22 0QGZ6/gW4GnQME78fNfYDkRNrFu7ds+Ldlo1RbQEmpdnEnEEr5h9fuN0+ MDZi6LrB5s37LkGBxgaachTC9Heto8R7E3tTre4sRYnvog373Ar42whUh IiFVXJsTwJq77ubXKzFo5Yq96XHFpNHqpiq0azWb7pawSmgFaMP/zWEiu 4LBRBr5hhW0uJXncae9ZVR1b3INNWOfHyQd++Hpj53BWfP8NZHkZ4YCzL A==; X-IronPort-AV: E=McAfee;i="6600,9927,10753"; a="346033935" X-IronPort-AV: E=Sophos;i="6.01,159,1684825200"; d="scan'208";a="346033935" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jun 2023 07:15:09 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10753"; a="890292396" X-IronPort-AV: E=Sophos;i="6.01,159,1684825200"; d="scan'208";a="890292396" Received: from smithau-mobl1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.213.179.223]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jun 2023 07:15:02 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, x86@kernel.org, dave.hansen@intel.com, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, bp@alien8.de, mingo@redhat.com, hpa@zytor.com, seanjc@google.com, pbonzini@redhat.com, david@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ashok.raj@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, ying.huang@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, nik.borisov@suse.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v12 14/22] x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID Date: Tue, 27 Jun 2023 02:12:44 +1200 Message-Id: <0978700f954d311a5580b746ec44124d1cb65c28.1687784645.git.kai.huang@intel.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: CA5F3100007 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: kn1p1chrxsww3bmm6q5agsjqgdr9ja1j X-HE-Tag: 1687788909-809787 X-HE-Meta: U2FsdGVkX1/y0BF7j5p1P4lTAmQoYjQJmhJ4E5WlS6bQa/9SQI0oJPyMufpjtScvPK1fG5RQJngsgdLcn5uLIsKF82Jl9WLAgjMq+DiqfcIe4xLXvd2fc+b065mXUzl3aOPCfFe42cv+mha38c6ASXJWvmAEyrsWL4CQtBJhXXDh0vMDw/Y7DKlKCyHS60Alcsrw7leeEnEVH/vf1nT3MctYvhnEHIW5NButq9GNBB6z7aWBduzE/iM6ztNgrLbVre3G59da2u9nemHijsSS5CZRxEx8inatfrMdFY/s50Mhh87wa3DnNQFTGxvp81UWRyiRvbbA5QoZBUOdHVL4b7hSd0G/nf5tnmt+Zb9F5isckzc9auRKaasV8dHD1xl4aU5rGl8gLo9vPwsZKplYYrmo6qR2wt9M0rnM+5OQjg8VJW5ReUXKsRz3jiKUX2t+a36Z+uwk86G5A9sMYx6o8tlEUbn/6PKLd01V4UnWbnoTilsqyz1SvznnYDpM8eGv0z46+NDYOOYL4G1nktALPEguPRuNAlYr1bFUtge1dA4soP1EGijlbsG2SaYzOyK7SdgqoohHjgSoNMqi3iH6cRJSi/3bjLNxVnsj9sk/CR7YB3lm8QAFWvEqAf7WZLtScEX8TspxL/t6QOm9CfS2baYEJoC8ZbmkoPbS6vFV0+x5eKIdDBTeoTALrjwrawQL4vfZcEz9V7LA2ZNv1CpZrKB4195tcnYrNRY5ScrDmZ/FzzXaJ11aplILB4UBt0lcULcrkN3lWiImZ2XWqwpSAImog+5pW5OuA9RaZHC7RFEixn/ZdKJgyZCkV8r4xbO8OK6ZPInOgSGVkspu9d8UujMfMDKHqcGZSSNhIHNufrLESuWAe+kPKfymh67Rx0VqfZ7+5cnms5D2KpcK+O/OgZobuJlsWFZt4rzjVfd8nrnngjCMCeFwwuMm5UbujkUO1JzUZnBQdz1t276yYjx +SDVlO+O GxFYLaXacgJYUSz673p7gmk0WTBNZi2PzWjSQAv4Puv0fvvV5jWaY3i4SXZZsZxHZBbqr5UsRCwA5P8t/tqrUt/k+sNRpKq5dkHVdn9v7iMwnfyk/aFyXvi9Pp68zl6nXuB31XrUjB3wvbNPIP+jGNSALtqneAsTttjXs X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: The TDX module uses a private KeyID as the "global KeyID" for mapping things like the PAMT and other TDX metadata. This KeyID has already been reserved when detecting TDX during the kernel early boot. After the list of "TD Memory Regions" (TDMRs) has been constructed to cover all TDX-usable memory regions, the next step is to pass them to the TDX module together with the global KeyID. Signed-off-by: Kai Huang Reviewed-by: Isaku Yamahata Reviewed-by: Kirill A. Shutemov Reviewed-by: Yuan Yao --- v11 -> v12: - Added Kirill's tag v10 -> v11: - No update v9 -> v10: - Code change due to change static 'tdx_tdmr_list' to local 'tdmr_list'. v8 -> v9: - Improved changlog to explain why initializing TDMRs can take long time (Dave). - Improved comments around 'next-to-initialize' address (Dave). v7 -> v8: (Dave) - Changelog: - explicitly call out this is the last step of TDX module initialization. - Trimed down changelog by removing SEAMCALL name and details. - Removed/trimmed down unnecessary comments. - Other changes due to 'struct tdmr_info_list'. v6 -> v7: - Removed need_resched() check. -- Andi. --- arch/x86/virt/vmx/tdx/tdx.c | 41 ++++++++++++++++++++++++++++++++++++- arch/x86/virt/vmx/tdx/tdx.h | 2 ++ 2 files changed, 42 insertions(+), 1 deletion(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 2bcace5cb25c..1992245290de 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -864,6 +865,39 @@ static int construct_tdmrs(struct list_head *tmb_list, return ret; } +static int config_tdx_module(struct tdmr_info_list *tdmr_list, u64 global_keyid) +{ + u64 *tdmr_pa_array; + size_t array_sz; + int i, ret; + + /* + * TDMRs are passed to the TDX module via an array of physical + * addresses of each TDMR. The array itself also has certain + * alignment requirement. + */ + array_sz = tdmr_list->nr_consumed_tdmrs * sizeof(u64); + array_sz = roundup_pow_of_two(array_sz); + if (array_sz < TDMR_INFO_PA_ARRAY_ALIGNMENT) + array_sz = TDMR_INFO_PA_ARRAY_ALIGNMENT; + + tdmr_pa_array = kzalloc(array_sz, GFP_KERNEL); + if (!tdmr_pa_array) + return -ENOMEM; + + for (i = 0; i < tdmr_list->nr_consumed_tdmrs; i++) + tdmr_pa_array[i] = __pa(tdmr_entry(tdmr_list, i)); + + ret = seamcall(TDH_SYS_CONFIG, __pa(tdmr_pa_array), + tdmr_list->nr_consumed_tdmrs, + global_keyid, 0, NULL, NULL); + + /* Free the array as it is not required anymore. */ + kfree(tdmr_pa_array); + + return ret; +} + static int init_tdx_module(void) { struct tdsysinfo_struct *sysinfo; @@ -917,16 +951,21 @@ static int init_tdx_module(void) if (ret) goto out_free_tdmrs; + /* Pass the TDMRs and the global KeyID to the TDX module */ + ret = config_tdx_module(&tdmr_list, tdx_global_keyid); + if (ret) + goto out_free_pamts; + /* * TODO: * - * - Configure the TDMRs and the global KeyID to the TDX module. * - Configure the global KeyID on all packages. * - Initialize all TDMRs. * * Return error before all steps are done. */ ret = -EINVAL; +out_free_pamts: if (ret) tdmrs_free_pamt_all(&tdmr_list); else diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 9b5a65f37e8b..c386aa3afe2a 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -24,6 +24,7 @@ #define TDH_SYS_INFO 32 #define TDH_SYS_INIT 33 #define TDH_SYS_LP_INIT 35 +#define TDH_SYS_CONFIG 45 struct cmr_info { u64 base; @@ -88,6 +89,7 @@ struct tdmr_reserved_area { } __packed; #define TDMR_INFO_ALIGNMENT 512 +#define TDMR_INFO_PA_ARRAY_ALIGNMENT 512 struct tdmr_info { u64 base;