From patchwork Wed Oct 26 23:16:15 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kai Huang X-Patchwork-Id: 13021364 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5680CC38A2D for ; Wed, 26 Oct 2022 23:18:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E9E448E0002; Wed, 26 Oct 2022 19:18:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id E4E108E0001; Wed, 26 Oct 2022 19:18:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id CEF3C8E0002; Wed, 26 Oct 2022 19:18:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id BFB518E0001 for ; Wed, 26 Oct 2022 19:18:07 -0400 (EDT) Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 99737A0717 for ; Wed, 26 Oct 2022 23:18:07 +0000 (UTC) X-FDA: 80064665814.27.C7DCE0C Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by imf28.hostedemail.com (Postfix) with ESMTP id CE084C0040 for ; Wed, 26 Oct 2022 23:18:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1666826286; x=1698362286; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=B9+BH03JuRueFuPcbZL8eGNw4YMtDKBJepkCjrMD21g=; b=QCg8w6J7zjcaSYrqoV4b0T4cv41qF5OrHqOiRfBfFN3h7234vBbhPwT0 m5bGVfhbHFhjAOTXx2yyTaQUxFS2GS1qC7u2geI3WCLTCVOSJNnV4VQ1R 8mbpYKVMB8l7+IpWQoqZUgxE1QnNbbbRqo+iC9pWDLfD3A6/2YiIWFLY9 tWZ8643xGjXRkGh+i2SWjoD+VNXoQu6AsGSeqttlnV3j2GN3vLzXVT0uB 3UCUzalHJbSbMMRn0QTjlWEwP1Cgmt+3ATJup7AwlabcK1z7gj7QgZAkV Vq5QLZRBZ+eDCVASkq2HObqJOwp99z6fLViAn7KRzwpBCPpawkBIlPFFb Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10512"; a="394400439" X-IronPort-AV: E=Sophos;i="5.95,215,1661842800"; d="scan'208";a="394400439" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2022 16:18:06 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10512"; a="737446496" X-IronPort-AV: E=Sophos;i="5.95,215,1661842800"; d="scan'208";a="737446496" Received: from fordon1x-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.212.24.177]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2022 16:18:02 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, peterz@infradead.org, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v6 16/21] x86/virt/tdx: Reserve TDX module global KeyID Date: Thu, 27 Oct 2022 12:16:15 +1300 Message-Id: <7558961d3dff6311c7872f57ac5bd6727f21e140.1666824663.git.kai.huang@intel.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: References: MIME-Version: 1.0 ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=QCg8w6J7; spf=pass (imf28.hostedemail.com: domain of kai.huang@intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kai.huang@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1666826287; a=rsa-sha256; cv=none; b=shvfK+U61PoXALiVAVGAThlXXT8wbUAFb67UaD6YE/GS3iVmsrsPdTKMNYDdRXfrngS5eb NlnZvt+3Ot3VOnl5ru6YB6I6/0QvnM7rfmKEmeyKTEwdV6JzowOXN5OnP7Moi65FcD5nEk QRN6k4nCBPHeGZ/d7B1hfY/y45Y0joI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1666826287; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NzPhTO39hdVi1srg41p6qw0WxFPtXGNHta0iCLXng3M=; b=kXmG2DvledZgagY9B0WMR43ghEECT4PRH4Kim6DLZa5sk+vttQJDcpHYwUUUh/9zCdxTLr lNndHIaPeFXCXYAx8xuBJKLoeQPCSV6m8vV2Q88bNzE8qY3IT0YA8ekCxcnQ9mU7YmbNtz W2ja4ftqHpa3R7baKJC9fwwTTWt/i1Q= X-Rspamd-Queue-Id: CE084C0040 Authentication-Results: imf28.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=QCg8w6J7; spf=pass (imf28.hostedemail.com: domain of kai.huang@intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=kai.huang@intel.com; dmarc=pass (policy=none) header.from=intel.com X-Rspamd-Server: rspam02 X-Rspam-User: X-Stat-Signature: 7m1wquzjrbbnxi1xfsei8xn84o87kneq X-HE-Tag: 1666826286-350898 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: TDX module initialization requires to use one TDX private KeyID as the global KeyID to protect the TDX module metadata. The global KeyID is configured to the TDX module along with TDMRs. Just reserve the first TDX private KeyID as the global KeyID. Keep the global KeyID as a static variable as KVM will need to use it too. Reviewed-by: Isaku Yamahata Signed-off-by: Kai Huang --- arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 5d74ada072ca..0820ba781f97 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -62,6 +62,9 @@ static struct tdsysinfo_struct tdx_sysinfo; static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMENT); static int tdx_cmr_num; +/* TDX module global KeyID. Used in TDH.SYS.CONFIG ABI. */ +static u32 tdx_global_keyid; + /* * Detect TDX private KeyIDs to see whether TDX has been enabled by the * BIOS. Both initializing the TDX module and running TDX guest require @@ -1113,6 +1116,12 @@ static int init_tdx_module(void) if (ret) goto out_free_tdmrs; + /* + * Reserve the first TDX KeyID as global KeyID to protect + * TDX module metadata. + */ + tdx_global_keyid = tdx_keyid_start; + /* * Return -EINVAL until all steps of TDX module initialization * process are done.