Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp1577211pxb; Fri, 18 Feb 2022 10:35:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJxY+M2dten6XvutMxXIGMfxMC7r5rxB9Jl4J9kYP2Q162PndQDMxrfSsMByjLyxgPoAznI9 X-Received: by 2002:a17:90a:1548:b0:1b9:d1b7:bb1a with SMTP id y8-20020a17090a154800b001b9d1b7bb1amr9592195pja.125.1645209326144; Fri, 18 Feb 2022 10:35:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645209326; cv=none; d=google.com; s=arc-20160816; b=YItoMkeotvDqdrjWQV/sdJVfgptB8ZQdkjueyrwr5wCf+er9TC2hGKUHmDaS4uRxWk qH+OxZMjzYW9oxTPGYQMDJDFYhgZXCpvXjrb+izaqBQDaZYmqAPeo56NRMOoxk6Mbmvf j5/6DjVEoW7KQTwQ01Pw2xOm+3WdZtMO9g2AWm01MqAXG0jYbDCpKM8cp27FOjwuRrxC mbhIJ3a0ZmhNS/0V3Ll1/r/Olq50Ip3aDvujhJ3GhCo2c0okKhNY8nWAM3fgEK69Qfmw kI9qGCWc8y7JlzEpvX1MxwjE4iMzrNnbrwPCz6JNicP1cqPfIEjgcmn3FRNi8p7om+we ZrRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=y1blgn6nu3ACU7krc0zWRGpjdUSp7fotRLTeyNMrHdQ=; b=FjrS1kcF+pNzCt4CQphfShlGKlb0/OaB8Zp3iJ0yQjN1aH26IiNjMsCwrcqF9x6FpD XJtIfAA/xr0mtBtcpezWOKo5UrtzOkiYGBOiSV+acV76XelPWkGAKgLBw3o/EtyIYHfV w2DwsXS6l3B/x84hmJRmOMk4QugnTI2fuco1vVjQGcbVrvlsDVolzpYLvKVyhtfGCLMp z+vDNx0LF2QS6/h/HkYjC9dKiGP7L1kIdU/2wRWXUcd1N3tJeRPstsoEK8ffIqpnti8p xVfN3jxv+qWHV5jUQtMJ87vNKkhkWPz2/7vuLMDMsY3aPxTDXoGdAEPBkIKeb58OPa92 mHRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Z81+1g5U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u22si6953306plq.10.2022.02.18.10.35.09; Fri, 18 Feb 2022 10:35:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Z81+1g5U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237696AbiBRQS5 (ORCPT + 99 others); Fri, 18 Feb 2022 11:18:57 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:44100 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237659AbiBRQR5 (ORCPT ); Fri, 18 Feb 2022 11:17:57 -0500 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3FCA5C344 for ; Fri, 18 Feb 2022 08:17:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645201049; x=1676737049; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=DW9pAtssQrVzCNn2gqeVtI5pY8kVmDUWj3D0oTCwzJY=; b=Z81+1g5UdkDyANKnuCALxNNMtNyICPWcqehzXYtp5zU+T5/fgSJh+/4P CHxRyNYy5LFBgOpaLb1Q7xPpscwGwyqADF02KYed9E1exQHVAY70aM+wN ULvO2pRY55Lu63iar5VpwweDFmAKKPaUw8aztzB7okJpJRZ9dOelo2O9J oL0dy5tix+MzLSxaEBar9p0LEH7VBG7p7+eyftYOHNVeFa4f4H7Bana8B wdz09tmmNO/ENbkIajTq46niMYNyAtJoBVG4V1Wb84M/1i6EbRb8G205E oSiWg2xg0LPTqP3FXB8so3kcfGzTakzWZB8lC5pXLm8Ts1kbwiFsORRUn g==; X-IronPort-AV: E=McAfee;i="6200,9189,10261"; a="311897917" X-IronPort-AV: E=Sophos;i="5.88,379,1635231600"; d="scan'208";a="311897917" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2022 08:17:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.88,379,1635231600"; d="scan'208";a="775328290" Received: from black.fi.intel.com ([10.237.72.28]) by fmsmga006.fm.intel.com with ESMTP; 18 Feb 2022 08:17:20 -0800 Received: by black.fi.intel.com (Postfix, from userid 1000) id 8D2A8F67; Fri, 18 Feb 2022 18:17:23 +0200 (EET) From: "Kirill A. Shutemov" To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@intel.com, luto@kernel.org, peterz@infradead.org Cc: sathyanarayanan.kuppuswamy@linux.intel.com, aarcange@redhat.com, ak@linux.intel.com, dan.j.williams@intel.com, david@redhat.com, hpa@zytor.com, jgross@suse.com, jmattson@google.com, joro@8bytes.org, jpoimboe@redhat.com, knsathya@kernel.org, pbonzini@redhat.com, sdeep@vmware.com, seanjc@google.com, tony.luck@intel.com, vkuznets@redhat.com, wanpengli@tencent.com, x86@kernel.org, linux-kernel@vger.kernel.org, Isaku Yamahata , "Kirill A . Shutemov" Subject: [PATCHv3 30/32] x86/tdx: ioapic: Add shared bit for IOAPIC base address Date: Fri, 18 Feb 2022 19:17:16 +0300 Message-Id: <20220218161718.67148-31-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220218161718.67148-1-kirill.shutemov@linux.intel.com> References: <20220218161718.67148-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata The kernel interacts with each bare-metal IOAPIC with a special MMIO page. When running under KVM, the guest's IOAPICs are emulated by KVM. When running as a TDX guest, the guest needs to mark each IOAPIC mapping as "shared" with the host. This ensures that TDX private protections are not applied to the page, which allows the TDX host emulation to work. ioremap()-created mappings such as virtio will be marked as shared by default. However, the IOAPIC code does not use ioremap() and instead uses the fixmap mechanism. Introduce a special fixmap helper just for the IOAPIC code. Ensure that it marks IOAPIC pages as "shared". This replaces set_fixmap_nocache() with __set_fixmap() since __set_fixmap() allows custom 'prot' values. AMD SEV gets IOAPIC pages shared because FIXMAP_PAGE_NOCACHE has _ENC bit clear. TDX has to set bit to share the page with the host. Signed-off-by: Isaku Yamahata Reviewed-by: Andi Kleen Reviewed-by: Tony Luck Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Kirill A. Shutemov --- arch/x86/kernel/apic/io_apic.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c index c1bb384935b0..d775f58a3c3e 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -49,6 +49,7 @@ #include #include #include +#include #include #include @@ -65,6 +66,7 @@ #include #include #include +#include #define for_each_ioapic(idx) \ for ((idx) = 0; (idx) < nr_ioapics; (idx)++) @@ -2677,6 +2679,15 @@ static struct resource * __init ioapic_setup_resources(void) return res; } +static void io_apic_set_fixmap_nocache(enum fixed_addresses idx, + phys_addr_t phys) +{ + pgprot_t flags = FIXMAP_PAGE_NOCACHE; + + flags = pgprot_decrypted(flags); + __set_fixmap(idx, phys, flags); +} + void __init io_apic_init_mappings(void) { unsigned long ioapic_phys, idx = FIX_IO_APIC_BASE_0; @@ -2709,7 +2720,7 @@ void __init io_apic_init_mappings(void) __func__, PAGE_SIZE, PAGE_SIZE); ioapic_phys = __pa(ioapic_phys); } - set_fixmap_nocache(idx, ioapic_phys); + io_apic_set_fixmap_nocache(idx, ioapic_phys); apic_printk(APIC_VERBOSE, "mapped IOAPIC to %08lx (%08lx)\n", __fix_to_virt(idx) + (ioapic_phys & ~PAGE_MASK), ioapic_phys); @@ -2838,7 +2849,7 @@ int mp_register_ioapic(int id, u32 address, u32 gsi_base, ioapics[idx].mp_config.flags = MPC_APIC_USABLE; ioapics[idx].mp_config.apicaddr = address; - set_fixmap_nocache(FIX_IO_APIC_BASE_0 + idx, address); + io_apic_set_fixmap_nocache(FIX_IO_APIC_BASE_0 + idx, address); if (bad_ioapic_register(idx)) { clear_fixmap(FIX_IO_APIC_BASE_0 + idx); return -ENODEV; -- 2.34.1