Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp4398358pxp;
        Tue, 15 Mar 2022 20:50:16 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxOFKi1bhB9PQ/kj1JtY2nKGs/XJjIweEBXcms1+SBOQ8WUtB6uutjUaZ8JpWJuaRR2QCiW
X-Received: by 2002:a63:708:0:b0:381:8213:bc59 with SMTP id 8-20020a630708000000b003818213bc59mr1978598pgh.432.1647402616252;
        Tue, 15 Mar 2022 20:50:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1647402616; cv=none;
        d=google.com; s=arc-20160816;
        b=VN2OKpx6hV7RXArxb3hwpocr1nbuMhmNf0DOOElHz4GF/4ILceWEd/5xOT7GWAYPOo
         dXGGnGEa9ibY86Bfbrgb1+qBwhrE21Lxe8KwNnZ3IkPoYrfq1u5EyDHTwNzENjA8H0e/
         Wa5fdAgwwFEK2vho8aetHChy59cGWhcqFLxebX27HULmH/oxtnEdWd3127NxfgTOXTpJ
         0ByMcDCzz+InikfVdjC38p7WuhZVrxWX/Z/JN0XTGWmUkcq6UjQIDSw9RUUftlBuSnML
         m5dh8yxmgqHnlGagzhJqL/5BD3bbGC3d/WSqmFNzOewEs9gHrC1E+O6h5VtrA51VBd4O
         rRaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=XxF7nL6yCzEqscdL3AzCESgR/UCJpVMM8YMD85A7vJw=;
        b=e/sZh0elPed7V7qg7dTdHmc3tZvONnplQVFGM2tIygibmMrdSppLNsEjJCm0o9pNr+
         mJXXo8w7l6wQ2zAm7L773c+YP1eI2OlfaL7vnzZ5bnqi5qG0dzj80iWKAq2NvbDJ5DW3
         cN7DRO1PL7Ty9zEPXAIK7DXDlqoX7oVaN8qG4yyxj2UevuO07+aO04HyXDv6+ugKKWsX
         GMEdXTEVGQBSgfVTcKYdBGfkjkTRfvz3Oo27wGFvH68emU1b0WlwfxfhGtVjsirNqtvy
         lr7p8TkJT+tIjQBKOXwIuqrc2RoOKMXI1ppLyxDaH077Rv9ILTWeyCZtTW/RUD7n+aKf
         0huQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=dlhG2nEV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id o9-20020a170902d4c900b001532d87e86csi725977plg.497.2022.03.15.20.49.58;
        Tue, 15 Mar 2022 20:50:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=dlhG2nEV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1353087AbiCPCMo (ORCPT <rfc822;vegard.nossum@gmail.com>
        + 99 others); Tue, 15 Mar 2022 22:12:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47406 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1352810AbiCPCL3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 15 Mar 2022 22:11:29 -0400
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E54A85E74B
        for <linux-kernel@vger.kernel.org>; Tue, 15 Mar 2022 19:10:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1647396613; x=1678932613;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=6Oaxs747oZm7o+vB43Al9cvm5dfSs5UrhNG5yyR2S6A=;
  b=dlhG2nEVLvmXV6/GglDLzrHtgswsDTAv9AUg8a9V+d3DIDxesp4+eosB
   lDZ1TR/DQGoXj3Qbv6wA7lniGGxNB1Qoat/32mrFNftOiLdDStjedp7VA
   aUqsOjKbzOCvhYvfVWydlFoBr34Qtg4nXKTdVv1daVHrWszUbqrrUabKa
   JUtps7NFltwZSuZ6Ra/4gD0thha1qzUR78WfP4yeczrFL1XxQmwb2bYuA
   zINWibtXD2Jla9jljdW5iSfV3NvQd19YnxBxVBLtGRa4U0Usc9MnwLM0V
   LfLqJxf/Jhv2ZhZedddJKCptUua73nhr/THTjGb8/bk9quYyYf2ld35Iw
   w==;
X-IronPort-AV: E=McAfee;i="6200,9189,10286"; a="237075946"
X-IronPort-AV: E=Sophos;i="5.90,185,1643702400"; 
   d="scan'208";a="237075946"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Mar 2022 19:10:12 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.90,185,1643702400"; 
   d="scan'208";a="690414244"
Received: from black.fi.intel.com ([10.237.72.28])
  by fmsmga001.fm.intel.com with ESMTP; 15 Mar 2022 19:10:05 -0700
Received: by black.fi.intel.com (Postfix, from userid 1000)
        id F4100DBD; Wed, 16 Mar 2022 04:10:10 +0200 (EET)
From:   "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To:     tglx@linutronix.de, mingo@redhat.com, bp@alien8.de,
        dave.hansen@intel.com, luto@kernel.org, peterz@infradead.org
Cc:     sathyanarayanan.kuppuswamy@linux.intel.com, aarcange@redhat.com,
        ak@linux.intel.com, dan.j.williams@intel.com, david@redhat.com,
        hpa@zytor.com, jgross@suse.com, jmattson@google.com,
        joro@8bytes.org, jpoimboe@redhat.com, knsathya@kernel.org,
        pbonzini@redhat.com, sdeep@vmware.com, seanjc@google.com,
        tony.luck@intel.com, vkuznets@redhat.com, wanpengli@tencent.com,
        thomas.lendacky@amd.com, brijesh.singh@amd.com, x86@kernel.org,
        linux-kernel@vger.kernel.org,
        Isaku Yamahata <isaku.yamahata@intel.com>,
        "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv6 28/30] x86/tdx: ioapic: Add shared bit for IOAPIC base address
Date:   Wed, 16 Mar 2022 05:08:54 +0300
Message-Id: <20220316020856.24435-29-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220316020856.24435-1-kirill.shutemov@linux.intel.com>
References: <20220316020856.24435-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Isaku Yamahata <isaku.yamahata@intel.com>

The kernel interacts with each bare-metal IOAPIC with a special
MMIO page. When running under KVM, the guest's IOAPICs are
emulated by KVM.

When running as a TDX guest, the guest needs to mark each IOAPIC
mapping as "shared" with the host.  This ensures that TDX private
protections are not applied to the page, which allows the TDX host
emulation to work.

ioremap()-created mappings such as virtio will be marked as
shared by default. However, the IOAPIC code does not use ioremap() and
instead uses the fixmap mechanism.

Introduce a special fixmap helper just for the IOAPIC code.  Ensure
that it marks IOAPIC pages as "shared".  This replaces
set_fixmap_nocache() with __set_fixmap() since __set_fixmap()
allows custom 'prot' values.

AMD SEV gets IOAPIC pages shared because FIXMAP_PAGE_NOCACHE has _ENC
bit clear. TDX has to set bit to share the page with the host.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/kernel/apic/io_apic.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c
index c1bb384935b0..a868b76cd3d4 100644
--- a/arch/x86/kernel/apic/io_apic.c
+++ b/arch/x86/kernel/apic/io_apic.c
@@ -65,6 +65,7 @@
 #include <asm/irq_remapping.h>
 #include <asm/hw_irq.h>
 #include <asm/apic.h>
+#include <asm/pgtable.h>
 
 #define	for_each_ioapic(idx)		\
 	for ((idx) = 0; (idx) < nr_ioapics; (idx)++)
@@ -2677,6 +2678,19 @@ static struct resource * __init ioapic_setup_resources(void)
 	return res;
 }
 
+static void io_apic_set_fixmap(enum fixed_addresses idx, phys_addr_t phys)
+{
+	pgprot_t flags = FIXMAP_PAGE_NOCACHE;
+
+	/*
+	 * Ensure fixmaps for IOAPIC MMIO respect memory encryption pgprot
+	 * bits, just like normal ioremap():
+	 */
+	flags = pgprot_decrypted(flags);
+
+	__set_fixmap(idx, phys, flags);
+}
+
 void __init io_apic_init_mappings(void)
 {
 	unsigned long ioapic_phys, idx = FIX_IO_APIC_BASE_0;
@@ -2709,7 +2723,7 @@ void __init io_apic_init_mappings(void)
 				      __func__, PAGE_SIZE, PAGE_SIZE);
 			ioapic_phys = __pa(ioapic_phys);
 		}
-		set_fixmap_nocache(idx, ioapic_phys);
+		io_apic_set_fixmap(idx, ioapic_phys);
 		apic_printk(APIC_VERBOSE, "mapped IOAPIC to %08lx (%08lx)\n",
 			__fix_to_virt(idx) + (ioapic_phys & ~PAGE_MASK),
 			ioapic_phys);
@@ -2838,7 +2852,7 @@ int mp_register_ioapic(int id, u32 address, u32 gsi_base,
 	ioapics[idx].mp_config.flags = MPC_APIC_USABLE;
 	ioapics[idx].mp_config.apicaddr = address;
 
-	set_fixmap_nocache(FIX_IO_APIC_BASE_0 + idx, address);
+	io_apic_set_fixmap(FIX_IO_APIC_BASE_0 + idx, address);
 	if (bad_ioapic_register(idx)) {
 		clear_fixmap(FIX_IO_APIC_BASE_0 + idx);
 		return -ENODEV;
-- 
2.34.1