Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp3845853pxy; Mon, 26 Apr 2021 11:06:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwZcgADhVT3qvMjON4gY3bCo+zrH7cErTsQVdfy8b70GQ9obbRODAL4B6NhXtOu0+qANpc4 X-Received: by 2002:a17:907:3f9f:: with SMTP id hr31mr19519199ejc.349.1619460391697; Mon, 26 Apr 2021 11:06:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619460391; cv=none; d=google.com; s=arc-20160816; b=Glftv8RqYXWU3nafpec5FMozumpqo4LWVeVKxIEIdKyV1zJqaJnH4pc2p85CWs/9sU 4vdrAz1zLMz2rJcfAbKCO4cZpbBbmzbmp+pH/MayhaNnI2Gp+KgrRGTBoPo7MF39qwit xSJ0Hb0iagiXtbYNyiKBHa/suD300IFNXgZTCMKgLsDxhDTixZuvQQCgxoJCkSPbJ+7Y l/znb1q2XU4MsfM3GAOr0bOf+niRTUtK5oAkDj+UH02bFjJRqdRnDmrKZQ+o1ICkF7eN 5dXxu6XVuXIOKRPejSk9J6paOsy67rnJvXtPcNPQovGC4lUKzyUCR+XoOekaPWtxNWTB 9I8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=rDDSjHn9nasBZ1mMU7GSCkoin7IV4QS4jwURuCkkFOk=; b=FdVxdUUqkoRPMqKdW4huf1s+ksheAdPZmWyWmOglVjLNZ8o46kSWL6Pd2g3nukfZ1D vjGPS/U9jZ/Mca7gNjl2zuxBb/SZr4wTYAIxDWpkFzgrsFhNEMQg+9C33cAKMblSPsgB wIlZ01OBUVV2fVDrvIjaUlbR1pCnsft2igFer/PzfB6xAgu92qkfOXLdY7bwzaad5u2v ln2ltDrHL1ffEaevAh0Aq+NGTCOKEakNDhmK7xZsuU94vbGHUx6LeLOnDxJj1w6xuTuN t/c+UnMGviuPhzaG3avMFIFOIuRLWIHEb1ssW4yVGYnbWiGB5pUbmeEVCGG/w+Czg4OR AjAg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hp6si14635881ejc.89.2021.04.26.11.06.07; Mon, 26 Apr 2021 11:06:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234348AbhDZSDf (ORCPT + 99 others); Mon, 26 Apr 2021 14:03:35 -0400 Received: from mga14.intel.com ([192.55.52.115]:31731 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234229AbhDZSDX (ORCPT ); Mon, 26 Apr 2021 14:03:23 -0400 IronPort-SDR: 8lZsYqTxRSm370B86JS5JLNLWWEifxXetjYEFj04ROmHW+P5zfiSkPLLBDJ5XGdtx7g0/23VoS FkujIG6Vev2A== X-IronPort-AV: E=McAfee;i="6200,9189,9966"; a="195934017" X-IronPort-AV: E=Sophos;i="5.82,252,1613462400"; d="scan'208";a="195934017" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Apr 2021 11:02:41 -0700 IronPort-SDR: x6QVM7lnkNoyNMFUDjkumWQ+KzXXFPW/ajapGAAuEbK8jIPYvfL8uBCAY4mtyJ069gDjoxXiXj wsMq2DAUraHA== X-IronPort-AV: E=Sophos;i="5.82,252,1613462400"; d="scan'208";a="447353335" Received: from ssumanpx-mobl.amr.corp.intel.com (HELO skuppusw-mobl5.amr.corp.intel.com) ([10.254.34.197]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Apr 2021 11:02:40 -0700 From: Kuppuswamy Sathyanarayanan To: Peter Zijlstra , Andy Lutomirski , Dave Hansen , Dan Williams , Tony Luck Cc: Andi Kleen , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Raj Ashok , Sean Christopherson , linux-kernel@vger.kernel.org, Kuppuswamy Sathyanarayanan Subject: [RFC v2 03/32] x86/cpufeatures: Add TDX Guest CPU feature Date: Mon, 26 Apr 2021 11:01:30 -0700 Message-Id: <129c3632ca422e81f6972eacb5cca97bc48a6aa9.1619458733.git.sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Add CPU feature detection for Trusted Domain Extensions support. TDX feature adds capabilities to keep guest register state and memory isolated from hypervisor. For TDX guest platforms, executing CPUID(0x21, 0) will return following values in EAX, EBX, ECX and EDX. EAX: Maximum sub-leaf number: 0 EBX/EDX/ECX: Vendor string: EBX = "Inte" EDX = "lTDX" ECX = " " So when above condition is true, set X86_FEATURE_TDX_GUEST feature cap bit Signed-off-by: Kuppuswamy Sathyanarayanan Reviewed-by: Andi Kleen Reviewed-by: Tony Luck --- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/tdx.h | 20 ++++++++++++++++++++ arch/x86/kernel/Makefile | 1 + arch/x86/kernel/head64.c | 3 +++ arch/x86/kernel/tdx.c | 30 ++++++++++++++++++++++++++++++ 5 files changed, 55 insertions(+) create mode 100644 arch/x86/include/asm/tdx.h create mode 100644 arch/x86/kernel/tdx.c diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h index cc96e26d69f7..d883df70c27b 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -236,6 +236,7 @@ #define X86_FEATURE_EPT_AD ( 8*32+17) /* Intel Extended Page Table access-dirty bit */ #define X86_FEATURE_VMCALL ( 8*32+18) /* "" Hypervisor supports the VMCALL instruction */ #define X86_FEATURE_VMW_VMMCALL ( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */ +#define X86_FEATURE_TDX_GUEST ( 8*32+20) /* Trusted Domain Extensions Guest */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */ #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/ diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h new file mode 100644 index 000000000000..679500e807f3 --- /dev/null +++ b/arch/x86/include/asm/tdx.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (C) 2020 Intel Corporation */ +#ifndef _ASM_X86_TDX_H +#define _ASM_X86_TDX_H + +#define TDX_CPUID_LEAF_ID 0x21 + +#ifdef CONFIG_INTEL_TDX_GUEST + +#include + +void __init tdx_early_init(void); + +#else // !CONFIG_INTEL_TDX_GUEST + +static inline void tdx_early_init(void) { }; + +#endif /* CONFIG_INTEL_TDX_GUEST */ + +#endif /* _ASM_X86_TDX_H */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile index 2ddf08351f0b..ea111bf50691 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -127,6 +127,7 @@ obj-$(CONFIG_PARAVIRT_CLOCK) += pvclock.o obj-$(CONFIG_X86_PMEM_LEGACY_DEVICE) += pmem.o obj-$(CONFIG_JAILHOUSE_GUEST) += jailhouse.o +obj-$(CONFIG_INTEL_TDX_GUEST) += tdx.o obj-$(CONFIG_EISA) += eisa.o obj-$(CONFIG_PCSPKR_PLATFORM) += pcspeaker.o diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c index 5e9beb77cafd..75f2401cb5db 100644 --- a/arch/x86/kernel/head64.c +++ b/arch/x86/kernel/head64.c @@ -40,6 +40,7 @@ #include #include #include +#include /* * Manage page tables very early on. @@ -491,6 +492,8 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data) kasan_early_init(); + tdx_early_init(); + idt_setup_early_handler(); copy_bootdata(__va(real_mode_data)); diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c new file mode 100644 index 000000000000..f927e36769d5 --- /dev/null +++ b/arch/x86/kernel/tdx.c @@ -0,0 +1,30 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2020 Intel Corporation */ + +#include + +static inline bool cpuid_has_tdx_guest(void) +{ + u32 eax, signature[3]; + + if (cpuid_eax(0) < TDX_CPUID_LEAF_ID) + return false; + + cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &signature[0], + &signature[1], &signature[2]); + + if (memcmp("IntelTDX ", signature, 12)) + return false; + + return true; +} + +void __init tdx_early_init(void) +{ + if (!cpuid_has_tdx_guest()) + return; + + setup_force_cpu_cap(X86_FEATURE_TDX_GUEST); + + pr_info("TDX guest is initialized\n"); +} -- 2.25.1