From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B58A2EB64DA for ; Mon, 19 Jun 2023 13:30:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D358B8D0002; Mon, 19 Jun 2023 09:29:59 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CE5528D0001; Mon, 19 Jun 2023 09:29:59 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B87358D0002; Mon, 19 Jun 2023 09:29:59 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id A8B118D0001 for ; Mon, 19 Jun 2023 09:29:59 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 4F8B41408A2 for ; Mon, 19 Jun 2023 13:29:59 +0000 (UTC) X-FDA: 80919580518.15.A895156 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf01.hostedemail.com (Postfix) with ESMTP id 17BD040009 for ; Mon, 19 Jun 2023 13:29:55 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=L7C0OSWB; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687181396; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ehDF1EfqVpL/EjIHvvHkOTz1CnikocCQsrKsBdK85Eg=; b=OkYRd55rrsfGiOBlEATDumnG/IFB138ilSbsHB6L3Yi2gYio9l7Jafv+CQS/jOqorSeyK7 WLY+eR4lS8SbR3vR1h0ab6ogS7JkKKS0CY+rMkfFDDRjKQOGhrhdLF5/lqn+zjopGzNGti oEL3OjVXPPfm2wGpKpodtI3kn05RXac= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=L7C0OSWB; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687181396; a=rsa-sha256; cv=none; b=Xi0Lepic/GXOoWpTpicQLJFWK9PGorvDwBbZSi+l2SeZxDftQYSugvYiEyWRnkgjgVGpyO y89mo4f0gupOfDsfUSQJgMYcKBO4hz9ZD6MujL7h1lHE5RwNzM+HR0m5NbMOrcMKPFy1o8 /VnqnkPMfjuf6Gr3suT4shuNIFAzYYI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1687181395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ehDF1EfqVpL/EjIHvvHkOTz1CnikocCQsrKsBdK85Eg=; b=L7C0OSWBcbhE5eTN8fK3JwgG5qiUnEUy0KdKr+5AE0JIkWuD4sSK7DApJ2WyEKsu691lj4 iOx/UlbqRNkMfs/mqmidkKvPLkJgK3jW0ydSal2KU9eNeatCqkll4R3RjlHz1CjOvLmcpl RLcGgiSie51RdHdt76hmxAnjOAE/HQY= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-655-uZtSW-pgN8yaMXdj51Ourw-1; Mon, 19 Jun 2023 09:29:50 -0400 X-MC-Unique: uZtSW-pgN8yaMXdj51Ourw-1 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-3111a458cfbso1380218f8f.2 for ; Mon, 19 Jun 2023 06:29:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687181390; x=1689773390; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ehDF1EfqVpL/EjIHvvHkOTz1CnikocCQsrKsBdK85Eg=; b=Nua7r+/1IuWu9wUJ/cEehFWSJ0RxsWCHviy7Xg1V/mB9DEx7HmH7h35U5MKJU4qRzb kufjUPxylkicPC5zgVhSS+dBvyfwgdvwvQZzEUIQ6IenyuvNVLhqFGtoaCMV9F6ttRpV /3PfViC0FZo2amrvS51coLIIPkKJC1c9wWMvb6NckfVjur03SKXNyOllb0cPv73OpXgI 2sb981HnRXm1zFWap3gFXbENG5Wcp7Obo6EwhADuPKIkZF2T3YwZZdZehagDdp6BUDnw GuXVKPoXJYaupJPYD8zGKnFrSK2TpHOOrbcXWDxlgdJDlq69HYvB5qdVhvapXEnBfiBs HFDg== X-Gm-Message-State: AC+VfDxjaXYdumW6KUnjNOFnmgU0TMbzaAe+gnvQSIgCeNHQOD5ljxGQ iQ/PPhowjwibYEwtz2arj3sJTR6bcQ7r4SHRm7YfDjktColtfE6bUiCcHielu8BAuTMmH17+fSW VbeEb06Y0uCs= X-Received: by 2002:adf:de8a:0:b0:30f:bc8f:6d49 with SMTP id w10-20020adfde8a000000b0030fbc8f6d49mr7989109wrl.13.1687181389690; Mon, 19 Jun 2023 06:29:49 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5gkXts3fBcO0DhPEqkdGGOMRJbBKr7VX2UJB4CAxFPZSuJglE6lxSJb6gTUvuXnBPXMkfpiA== X-Received: by 2002:adf:de8a:0:b0:30f:bc8f:6d49 with SMTP id w10-20020adfde8a000000b0030fbc8f6d49mr7989087wrl.13.1687181389229; Mon, 19 Jun 2023 06:29:49 -0700 (PDT) Received: from ?IPV6:2003:cb:c72f:7100:cede:6433:a77b:41e9? (p200300cbc72f7100cede6433a77b41e9.dip0.t-ipconnect.de. [2003:cb:c72f:7100:cede:6433:a77b:41e9]) by smtp.gmail.com with ESMTPSA id h14-20020a5d6e0e000000b003078354f774sm31386031wrz.36.2023.06.19.06.29.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Jun 2023 06:29:48 -0700 (PDT) Message-ID: <0d5d75ec-c7db-7546-80cb-e8755fc7cae0@redhat.com> Date: Mon, 19 Jun 2023 15:29:47 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 To: Kai Huang , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, dave.hansen@intel.com, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com References: <50386eddbb8046b0b222d385e56e8115ed566526.1685887183.git.kai.huang@intel.com> From: David Hildenbrand Organization: Red Hat Subject: Re: [PATCH v11 08/20] x86/virt/tdx: Get information about TDX module and TDX-capable memory In-Reply-To: <50386eddbb8046b0b222d385e56e8115ed566526.1685887183.git.kai.huang@intel.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 17BD040009 X-Stat-Signature: c7xmj6zk55rxmg6mm7dnbyc46oefooy5 X-HE-Tag: 1687181395-481829 X-HE-Meta: U2FsdGVkX18lPel3ek7FPf/Ugx9hqiIgXaogZH/JxZV/UoqH89wwAf84xC+57ssG8eVvrz8HzwzQGLEVV6c+imgnXwLwGz98sI/LT9dmB0pQDnnHlPq1bUaCxT3SPPgOjOlmrtgMmAJ8FVRSOBafYaaZ6NfDtNQjqEpPvOaderBp72c3/pe/62jYYPys94Vuv1TjruQHuu4THsiu45O51JsrNreuBkNbBCk0TEo4NaCg/QFEgf+1SvpDd/2mYk7gxSlUOHyLu+/2jizE3wz6GS0R9ObnlFFYuJvfFxVttpUh7t11dBucxaVs+3vW2Nj8aVHOiHWQBvQKl78eTA5mcRSi39cB9XU0DLykhktt0AinCAE1AOZZA4TLL5MNnVwadJKX9ADvMRj35os79r7nb1pwRz6yL2u/sXQjB8STyohCfIa/KfXVB1z1ti0O3xiNRfExC09jEzmXJFSw/U0rneUksztsZbcpCbQM4ifVbjXfNVB+g9Cu/fpZA7NJbNRNjabh6hmoHpXmVqC4I9H7TZqgW15ocd5gCqVQjRkt/wDH7Jf46R6mRDJSc7ba0EqhMaULFAPZNIovmbApr6Mv6dL/cWYTzyGkhBqqiV++TGinfCmkgahofVUDW97ni5lrtiZkGjEoK7iTzdEneAro6hASvSxhQmFX1q2TH2KRt8msaQGMHBviYEbGN13XBJ8BbHDrzIBbMOgP1PwbclTn4wQ3hDUaBpSs/c4TkwnNE9AyS/EY9LKT/+ZAMYbtocXzxh34gN4yWbXPdWW0FtLnVtUOxQozGZ6c6EhvTkY39yqMspf/o7afoQDcJ4z0l6f+wpBkB7b8XvU5Qlf0zAFimH42WsUtpeJ8zJP3fmeoYENajvKnL/lGi6Aqo/rBRiOb4KS5jSsojciW+lU+5/k8cZ9/HdVGSC3LB7EboP0GJMITKQMfhEIfoZbGcl2YU0K97FXuLGFqOKu7bO60Vcn ncRyt8Qi d03blc5o1ydd/0/q5DGI06bQ7x72RPXdXMvqq2YBIhLaZfy/HeCapB09pXFqkBaEYtwYq3A41KMuVchKaj/UFf11Ui09SmgyhGEIoreP4TeXYAJvk5nINyH0+sDaGilm2dx1cH4Difec9FrgBkRD2HBAHDrUBG1SV6y5KmqLaS/rEwk2VrY2jQHAaCWb+bNxcJuQH4O6RUOmkGBjnzb9QYHmHnmR3LKmCWWgaPMK6Ni0W+n+ZP8UqXMwXwX74p+9m9BtNDGgvcsn82iXV/G9cp7GJrWEunN0C4bsZ7VOFErtFy1Bjc9Ou7Whp2m+VsokIkyYqNWtLJfoXX93hetlCa/qxs4KPvPQgbbDbH8PrdEJxoPDjqrbUPcUV5gE7kxDfgqk4IEhr52YzdcsL+n+wO8hmnG7IK0URJPXe+cHIxdduKZDRirtwlKEYZqCH3vKT4dF5sAxgB+L64PdFunJw3nXV2g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 04.06.23 16:27, Kai Huang wrote: > Start to transit out the "multi-steps" to initialize the TDX module. > > TDX provides increased levels of memory confidentiality and integrity. > This requires special hardware support for features like memory > encryption and storage of memory integrity checksums. Not all memory > satisfies these requirements. > > As a result, TDX introduced the concept of a "Convertible Memory Region" > (CMR). During boot, the firmware builds a list of all of the memory > ranges which can provide the TDX security guarantees. > > CMRs tell the kernel which memory is TDX compatible. The kernel takes > CMRs (plus a little more metadata) and constructs "TD Memory Regions" > (TDMRs). TDMRs let the kernel grant TDX protections to some or all of > the CMR areas. > > The TDX module also reports necessary information to let the kernel > build TDMRs and run TDX guests in structure 'tdsysinfo_struct'. The > list of CMRs, along with the TDX module information, is available to > the kernel by querying the TDX module. > > As a preparation to construct TDMRs, get the TDX module information and > the list of CMRs. Print out CMRs to help user to decode which memory > regions are TDX convertible. > > The 'tdsysinfo_struct' is fairly large (1024 bytes) and contains a lot > of info about the TDX module. Fully define the entire structure, but > only use the fields necessary to build the TDMRs and pr_info() some > basics about the module. The rest of the fields will get used by KVM. > > For now both 'tdsysinfo_struct' and CMRs are only used during the module > initialization. But because they are both relatively big, declare them > inside the module initialization function but as static variables. > > Signed-off-by: Kai Huang > Reviewed-by: Isaku Yamahata > --- [...] > --- > arch/x86/virt/vmx/tdx/tdx.c | 67 +++++++++++++++++++++++++++++++++- > arch/x86/virt/vmx/tdx/tdx.h | 72 +++++++++++++++++++++++++++++++++++++ > 2 files changed, 138 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c > index bcf2b2d15a2e..9fde0f71dd8b 100644 > --- a/arch/x86/virt/vmx/tdx/tdx.c > +++ b/arch/x86/virt/vmx/tdx/tdx.c > @@ -20,6 +20,7 @@ > #include > #include > #include > +#include > #include > #include "tdx.h" > > @@ -191,12 +192,76 @@ int tdx_cpu_enable(void) > } > EXPORT_SYMBOL_GPL(tdx_cpu_enable); > > +static inline bool is_cmr_empty(struct cmr_info *cmr) > +{ > + return !cmr->size; > +} > + Nit: maybe it's just me, but this function seems unnecessary. If "!cmr->size" is not expressive, then I don't know why "is_cmr_empty" should be. Just inline that into the single user. .. after all the single caller also uses/prints cmr->size ... > +static void print_cmrs(struct cmr_info *cmr_array, int nr_cmrs) > +{ > + int i; > + > + for (i = 0; i < nr_cmrs; i++) { > + struct cmr_info *cmr = &cmr_array[i]; > + > + /* > + * The array of CMRs reported via TDH.SYS.INFO can > + * contain tail empty CMRs. Don't print them. > + */ > + if (is_cmr_empty(cmr)) > + break; > + > + pr_info("CMR: [0x%llx, 0x%llx)\n", cmr->base, > + cmr->base + cmr->size); > + } > +} > + > +/* > + * Get the TDX module information (TDSYSINFO_STRUCT) and the array of > + * CMRs, and save them to @sysinfo and @cmr_array. @sysinfo must have > + * been padded to have enough room to save the TDSYSINFO_STRUCT. > + */ > +static int tdx_get_sysinfo(struct tdsysinfo_struct *sysinfo, > + struct cmr_info *cmr_array) > +{ > + struct tdx_module_output out; > + u64 sysinfo_pa, cmr_array_pa; > + int ret; > + > + sysinfo_pa = __pa(sysinfo); > + cmr_array_pa = __pa(cmr_array); > + ret = seamcall(TDH_SYS_INFO, sysinfo_pa, TDSYSINFO_STRUCT_SIZE, > + cmr_array_pa, MAX_CMRS, NULL, &out); > + if (ret) > + return ret; > + > + pr_info("TDX module: atributes 0x%x, vendor_id 0x%x, major_version %u, minor_version %u, build_date %u, build_num %u", "attributes" ? > + sysinfo->attributes, sysinfo->vendor_id, > + sysinfo->major_version, sysinfo->minor_version, > + sysinfo->build_date, sysinfo->build_num); > + > + /* R9 contains the actual entries written to the CMR array. */ > + print_cmrs(cmr_array, out.r9); > + > + return 0; > +} > + > static int init_tdx_module(void) > { > + static DECLARE_PADDED_STRUCT(tdsysinfo_struct, tdsysinfo, > + TDSYSINFO_STRUCT_SIZE, TDSYSINFO_STRUCT_ALIGNMENT); > + static struct cmr_info cmr_array[MAX_CMRS] > + __aligned(CMR_INFO_ARRAY_ALIGNMENT); > + struct tdsysinfo_struct *sysinfo = &PADDED_STRUCT(tdsysinfo); > + int ret; > + > + ret = tdx_get_sysinfo(sysinfo, cmr_array); > + if (ret) > + return ret; > + > /* > * TODO: > * > - * - Get TDX module information and TDX-capable memory regions. > * - Build the list of TDX-usable memory regions. > * - Construct a list of "TD Memory Regions" (TDMRs) to cover > * all TDX-usable memory regions. > diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h > index 9fb46033c852..97f4d7e7f1a4 100644 > --- a/arch/x86/virt/vmx/tdx/tdx.h > +++ b/arch/x86/virt/vmx/tdx/tdx.h > @@ -3,6 +3,8 @@ > #define _X86_VIRT_TDX_H > > #include > +#include > +#include > > /* > * This file contains both macros and data structures defined by the TDX > @@ -21,6 +23,76 @@ > */ > #define TDH_SYS_INIT 33 > #define TDH_SYS_LP_INIT 35 > +#define TDH_SYS_INFO 32 > + > +struct cmr_info { > + u64 base; > + u64 size; > +} __packed; > + > +#define MAX_CMRS 32 > +#define CMR_INFO_ARRAY_ALIGNMENT 512 > + > +struct cpuid_config { > + u32 leaf; > + u32 sub_leaf; > + u32 eax; > + u32 ebx; > + u32 ecx; > + u32 edx; > +} __packed; > + > +#define DECLARE_PADDED_STRUCT(type, name, size, alignment) \ > + struct type##_padded { \ > + union { \ > + struct type name; \ > + u8 padding[size]; \ > + }; \ > + } name##_padded __aligned(alignment) > + > +#define PADDED_STRUCT(name) (name##_padded.name) > + > +#define TDSYSINFO_STRUCT_SIZE 1024 So, it can never be larger than 1024 bytes? Not even with many cpuid configs? > +#define TDSYSINFO_STRUCT_ALIGNMENT 1024 > + -- Cheers, David / dhildenb