Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp3527230pxb; Mon, 24 Jan 2022 11:26:38 -0800 (PST) X-Google-Smtp-Source: ABdhPJxCluPHZWnMrLW/OG8nYqzXnjatCYnYlNRjdnQYnD+9/YQQHU+vU5OLFFrCMCFhFb/uj3Hr X-Received: by 2002:a63:8c09:: with SMTP id m9mr12792569pgd.138.1643052398224; Mon, 24 Jan 2022 11:26:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643052398; cv=none; d=google.com; s=arc-20160816; b=ToEk760WDxxv+KwJrp42xzyls2ABw1VakYhpt7UwqR4cftCLjge8LuTVBUblz0AoBr eLqDWweEzrPyAohDE49GHNOaSwY0CxQuyKw+QIjyv04cqGfo++4C6Ursl9yK48SA3qLB d+OXwwMGon/H48B/dxhInQUHeYoAXD4+jCVpBBhdAsTAB5zw1tokJMYaY/u/hlCR/0h/ Ztd/psv1I8DK73+hYbhzDrlo2eB1X/WQeMEVTub2jrZUczKQNOYAVDijViXTIO+u5p0z 9eor/RoaxyZPCzIDsY1L38sHoRBMcK6haXDL8a6hd/noe6qqXl9LvqTAkSNWvuvhZIhq FvOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CoPbXtcfaUmsjwxFaqqo2ydVxuhK6rVPFqiu+ftBbKM=; b=QPkCtoWBqyknyiQbSxsS9VVcqQ0KhxJWHrTqu5pebFV6dYpc0aCVX9TjTJlqdMVxjg edIl/zaU1dsPWvqxO3YW13YP6bt01YgIAU6npWnr3uYbWqFMBGwciHAMiOrA8QXudigy 5qFuy75FMD5NAhdGvVtowJNHpyF9JvesO0fNSgq5C+llOxMPFMrzoWUBPPlKAIj6u2oq JF4qeV7K4bG2gzB4BIex5ikPBmvM8GNpmCWuiT60OZIFdzCcDcK26okAJ7BhsiN0VeKg GXh8KLSW9WJWZu94Tql7Y2DA3LXP1eksUbjkJd9NNweWzv6KwyyJjuPsOiZKw8Roc8vW 5tFQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DveB9u0r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id na11si212021pjb.180.2022.01.24.11.26.22; Mon, 24 Jan 2022 11:26:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DveB9u0r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240574AbiAXPDV (ORCPT + 99 others); Mon, 24 Jan 2022 10:03:21 -0500 Received: from mga09.intel.com ([134.134.136.24]:24570 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240178AbiAXPCa (ORCPT ); Mon, 24 Jan 2022 10:02:30 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1643036550; x=1674572550; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6U2oeDtFWUqMQn6DVvOOEWiJP1jJ+wjAZGt0rG0H/Pg=; b=DveB9u0rpReyJSfiztnR05JsVwZgmgh8klf35FTwzyoj1bPhk/hktRtz ODvS/YkeSRP7E5XgZ5KSZcwAX8RVzQ9eTrH520Qi0+G+kRWtJCrCvqqfQ dzlmVugpqvsTtZexoP1zyK5R8ihIlr5Izr+2qWf1eO6+pXtdxjUcfjU1C LXJDkAuGPzuWQzakR6yG+202ju5L1KmHsSuFqwZIutRwzHvdowCSopGUo ynMM4+fe7KpxE2WaDgpqAHKQuOyMQh0bUULoTd+sHV2so4FfZn6rD18qm zXAAIuh82rrUMvXDg27A7mP1PMdGtPHec9Ap8vuMkO6wOlA/+Ouyhq/a9 Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10236"; a="245843912" X-IronPort-AV: E=Sophos;i="5.88,311,1635231600"; d="scan'208";a="245843912" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2022 07:02:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,311,1635231600"; d="scan'208";a="766422605" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga006.fm.intel.com with ESMTP; 24 Jan 2022 07:02:21 -0800 Received: by black.fi.intel.com (Postfix, from userid 1000) id 91276D99; Mon, 24 Jan 2022 17:02:20 +0200 (EET) From: "Kirill A. Shutemov" To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@intel.com, luto@kernel.org, peterz@infradead.org Cc: sathyanarayanan.kuppuswamy@linux.intel.com, aarcange@redhat.com, ak@linux.intel.com, dan.j.williams@intel.com, david@redhat.com, hpa@zytor.com, jgross@suse.com, jmattson@google.com, joro@8bytes.org, jpoimboe@redhat.com, knsathya@kernel.org, pbonzini@redhat.com, sdeep@vmware.com, seanjc@google.com, tony.luck@intel.com, vkuznets@redhat.com, wanpengli@tencent.com, x86@kernel.org, linux-kernel@vger.kernel.org, Isaku Yamahata , "Kirill A . Shutemov" Subject: [PATCHv2 26/29] x86/tdx: ioapic: Add shared bit for IOAPIC base address Date: Mon, 24 Jan 2022 18:02:12 +0300 Message-Id: <20220124150215.36893-27-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220124150215.36893-1-kirill.shutemov@linux.intel.com> References: <20220124150215.36893-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata The kernel interacts with each bare-metal IOAPIC with a special MMIO page. When running under KVM, the guest's IOAPICs are emulated by KVM. When running as a TDX guest, the guest needs to mark each IOAPIC mapping as "shared" with the host. This ensures that TDX private protections are not applied to the page, which allows the TDX host emulation to work. Earlier patches in this series modified ioremap() so that ioremap()-created mappings such as virtio will be marked as shared. However, the IOAPIC code does not use ioremap() and instead uses the fixmap mechanism. Introduce a special fixmap helper just for the IOAPIC code. Ensure that it marks IOAPIC pages as "shared". This replaces set_fixmap_nocache() with __set_fixmap() since __set_fixmap() allows custom 'prot' values. Signed-off-by: Isaku Yamahata Reviewed-by: Andi Kleen Reviewed-by: Tony Luck Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/apic/io_apic.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c index c1bb384935b0..d2fef5893e41 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -49,6 +49,7 @@ #include #include #include +#include #include #include @@ -65,6 +66,7 @@ #include #include #include +#include #define for_each_ioapic(idx) \ for ((idx) = 0; (idx) < nr_ioapics; (idx)++) @@ -2677,6 +2679,18 @@ static struct resource * __init ioapic_setup_resources(void) return res; } +static void io_apic_set_fixmap_nocache(enum fixed_addresses idx, + phys_addr_t phys) +{ + pgprot_t flags = FIXMAP_PAGE_NOCACHE; + + /* Set TDX guest shared bit in pgprot flags */ + if (cc_platform_has(CC_ATTR_GUEST_TDX)) + flags = pgprot_decrypted(flags); + + __set_fixmap(idx, phys, flags); +} + void __init io_apic_init_mappings(void) { unsigned long ioapic_phys, idx = FIX_IO_APIC_BASE_0; @@ -2709,7 +2723,7 @@ void __init io_apic_init_mappings(void) __func__, PAGE_SIZE, PAGE_SIZE); ioapic_phys = __pa(ioapic_phys); } - set_fixmap_nocache(idx, ioapic_phys); + io_apic_set_fixmap_nocache(idx, ioapic_phys); apic_printk(APIC_VERBOSE, "mapped IOAPIC to %08lx (%08lx)\n", __fix_to_virt(idx) + (ioapic_phys & ~PAGE_MASK), ioapic_phys); @@ -2838,7 +2852,7 @@ int mp_register_ioapic(int id, u32 address, u32 gsi_base, ioapics[idx].mp_config.flags = MPC_APIC_USABLE; ioapics[idx].mp_config.apicaddr = address; - set_fixmap_nocache(FIX_IO_APIC_BASE_0 + idx, address); + io_apic_set_fixmap_nocache(FIX_IO_APIC_BASE_0 + idx, address); if (bad_ioapic_register(idx)) { clear_fixmap(FIX_IO_APIC_BASE_0 + idx); return -ENODEV; -- 2.34.1