Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4779930iob; Mon, 9 May 2022 01:09:10 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxc14bkPfqUoPdr0l5a3yNIfPTlh3FQ5/A4QaGbSUNXBmNAO7j09SkGSXC2hn3B4/SFyn1V X-Received: by 2002:a17:90b:3ec2:b0:1dc:db97:9424 with SMTP id rm2-20020a17090b3ec200b001dcdb979424mr15954867pjb.153.1652083750429; Mon, 09 May 2022 01:09:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652083750; cv=none; d=google.com; s=arc-20160816; b=hS4yPaE/9kWSxeJjgbJBKuceRKk/G5qJEAvF+VTW0/V6z7b75MacKjWoUaVzptP8Yu NO3pD6cDR/zGkHKg7SEs8T5CAd/Upx+UGc0TufcjdXhP7U68WRXhzfPH3Z8BggLW6wgE vdhJ8CtGY8STBNNeGcvnLMFDJzBt2j5ftxSZEjSuDINZNa/PdeA931hj0IfMw4h+XG3f HGbwOU53nIqzEHumXW2WTgIvzoqj7y5nXrVQb3XGws8bmYcF2EMKkrlR/VTa8ZNk0ZLq 4e/E89Sl81cqyRp9XS7YYLR2rzlUJopkLBS8Iyeb8WClw3If0FSXVBLpyVi03nAuBpMg c66A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xpxX+cRh8PxDgfftwBwugrDFPMoedNCHRPRgaDQ1izQ=; b=zLlTYKWnQxtI4teQoDgNKFAN3VNZZIIVGFRaC3/LcsqbZuXYjETU1agIQXMOKPyhAG 5kusD6tm1FysxMmvSxJj5Q7KeAcFgvh9MZ9VoTS476Oxs0XYebFCFHFbDXOMQNcp4Hgf XJBxXCGW2tf16XWGkwqMbSXteW3PX05B0E0sUYhufUwIGkhjY8gKk65/sZGTDMq5MIlw KNuw6TfPZrfTPMybFAyuiGKgGEod5+tjekq/cfV4PTUWIS/ANUNG+rJudihvu8hG+B/f qtyQo+2cV2womaK2c5A9b5+14EgY3rknf7SAsY/KE6S82GcmfcihX8fV134M5P43D2bi 5tpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="kgS7AS/y"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id p19-20020a63e653000000b003c1afabdb9esi14111942pgj.296.2022.05.09.01.09.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 May 2022 01:09:10 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="kgS7AS/y"; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 6C05D19593B; Mon, 9 May 2022 00:58:42 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1383293AbiEESUS (ORCPT + 99 others); Thu, 5 May 2022 14:20:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1383091AbiEEST3 (ORCPT ); Thu, 5 May 2022 14:19:29 -0400 Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33DB515709; Thu, 5 May 2022 11:15:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1651774545; x=1683310545; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JDuR99zvML4Df4RzY+/b69Zxf0RiAF2K0Jup441XziI=; b=kgS7AS/yHAjKvYWpoCkmy9Pol57T03tgH/NwaCScAZsqrn0iVabIu7ci vD4Hp7iqlCL0hMt/lYFX3edQfvVvsMNTNdHHP5P/wSu2eqhuGmELizBMg VqbdVS05I+Qol/8pRZHA78nFKo57DQKJtnnuWZD/M0I9AsAGULeSMrxPq pcNat/63vW1fJBNiAOEUT8oaWPEQtNPGx1BhVAph7ZrFBN4EoiWbHzOQt 85mfoC90bEn7uflPO36ao0c4o+Q2cWHqNv2lqmwAgEI3+bYgYapwlylF2 9JVBdCFrd92qrELQIkhOVrGp8tnyOZGdhbcbsMGvJ3ax+rhRtDDYAN2Ye Q==; X-IronPort-AV: E=McAfee;i="6400,9594,10338"; a="255683944" X-IronPort-AV: E=Sophos;i="5.91,202,1647327600"; d="scan'208";a="255683944" Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 May 2022 11:15:44 -0700 X-IronPort-AV: E=Sophos;i="5.91,202,1647327600"; d="scan'208";a="665083231" Received: from ls.sc.intel.com (HELO localhost) ([143.183.96.54]) by fmsmga002-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 05 May 2022 11:15:43 -0700 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar Subject: [RFC PATCH v6 029/104] KVM: TDX: allocate/free TDX vcpu structure Date: Thu, 5 May 2022 11:14:23 -0700 Message-Id: <1fc6f3157deeaa0f6dfe12feecade8d0c99d2509.1651774250.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Isaku Yamahata The next step of TDX guest creation is to create vcpu. Allocate TDX vcpu structures, initialize it. Allocate pages of TDX vcpu for the TDX module. In the case of the conventional case, cpuid is empty at the initialization. and cpuid is configured after the vcpu initialization. Because TDX supports only X2APIC mode, cpuid is forcibly initialized to support X2APIC on the vcpu initialization. Signed-off-by: Isaku Yamahata --- arch/x86/kvm/vmx/tdx.c | 133 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 095ca7952114..eb4fd31bc369 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -6,6 +6,7 @@ #include "capabilities.h" #include "x86_ops.h" #include "tdx.h" +#include "x86.h" #undef pr_fmt #define pr_fmt(fmt) "tdx: " fmt @@ -61,6 +62,11 @@ static __always_inline hpa_t set_hkid_to_hpa(hpa_t pa, u16 hkid) return pa; } +static inline bool is_td_vcpu_created(struct vcpu_tdx *tdx) +{ + return tdx->tdvpr.added; +} + static inline bool is_td_created(struct kvm_tdx *kvm_tdx) { return kvm_tdx->tdr.added; @@ -392,6 +398,133 @@ int tdx_vm_init(struct kvm *kvm) return ret; } +int tdx_vcpu_create(struct kvm_vcpu *vcpu) +{ + struct vcpu_tdx *tdx = to_tdx(vcpu); + int ret, i; + + /* TDX only supports x2APIC, which requires an in-kernel local APIC. */ + if (!vcpu->arch.apic) + return -EINVAL; + + ret = tdx_alloc_td_page(&tdx->tdvpr); + if (ret) + return ret; + + tdx->tdvpx = kcalloc(tdx_caps.tdvpx_nr_pages, sizeof(*tdx->tdvpx), + GFP_KERNEL_ACCOUNT); + if (!tdx->tdvpx) { + ret = -ENOMEM; + goto free_tdvpr; + } + for (i = 0; i < tdx_caps.tdvpx_nr_pages; i++) { + ret = tdx_alloc_td_page(&tdx->tdvpx[i]); + if (ret) + goto free_tdvpx; + } + + vcpu->arch.efer = EFER_SCE | EFER_LME | EFER_LMA | EFER_NX; + + vcpu->arch.cr0_guest_owned_bits = -1ul; + vcpu->arch.cr4_guest_owned_bits = -1ul; + + vcpu->arch.tsc_offset = to_kvm_tdx(vcpu->kvm)->tsc_offset; + vcpu->arch.l1_tsc_offset = vcpu->arch.tsc_offset; + vcpu->arch.guest_state_protected = + !(to_kvm_tdx(vcpu->kvm)->attributes & TDX_TD_ATTRIBUTE_DEBUG); + + return 0; + +free_tdvpx: + /* @i points at the TDVPX page that failed allocation. */ + for (--i; i >= 0; i--) + free_page(tdx->tdvpx[i].va); + kfree(tdx->tdvpx); +free_tdvpr: + free_page(tdx->tdvpr.va); + + return ret; +} + +void tdx_vcpu_free(struct kvm_vcpu *vcpu) +{ + struct vcpu_tdx *tdx = to_tdx(vcpu); + int i; + + /* Can't reclaim or free pages if teardown failed. */ + if (is_hkid_assigned(to_kvm_tdx(vcpu->kvm))) + return; + + for (i = 0; i < tdx_caps.tdvpx_nr_pages; i++) + tdx_reclaim_td_page(&tdx->tdvpx[i]); + kfree(tdx->tdvpx); + tdx_reclaim_td_page(&tdx->tdvpr); +} + +void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) +{ + struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm); + struct vcpu_tdx *tdx = to_tdx(vcpu); + struct msr_data apic_base_msr; + u64 err; + int i; + + /* TDX doesn't support INIT event. */ + if (WARN_ON(init_event)) + goto td_bugged; + if (WARN_ON(is_td_vcpu_created(tdx))) + goto td_bugged; + + err = tdh_vp_create(kvm_tdx->tdr.pa, tdx->tdvpr.pa); + if (WARN_ON_ONCE(err)) { + pr_tdx_error(TDH_VP_CREATE, err, NULL); + goto td_bugged; + } + tdx_mark_td_page_added(&tdx->tdvpr); + + for (i = 0; i < tdx_caps.tdvpx_nr_pages; i++) { + err = tdh_vp_addcx(tdx->tdvpr.pa, tdx->tdvpx[i].pa); + if (WARN_ON_ONCE(err)) { + pr_tdx_error(TDH_VP_ADDCX, err, NULL); + goto td_bugged; + } + tdx_mark_td_page_added(&tdx->tdvpx[i]); + } + + if (!vcpu->arch.cpuid_entries) { + /* + * On cpu creation, cpuid entry is blank. Forcibly enable + * X2APIC feature to allow X2APIC. + */ + struct kvm_cpuid_entry2 *e; + + e = kvmalloc_array(1, sizeof(*e), GFP_KERNEL_ACCOUNT); + *e = (struct kvm_cpuid_entry2) { + .function = 1, /* Features for X2APIC */ + .index = 0, + .eax = 0, + .ebx = 0, + .ecx = 1ULL << 21, /* X2APIC */ + .edx = 0, + }; + vcpu->arch.cpuid_entries = e; + vcpu->arch.cpuid_nent = 1; + } + apic_base_msr.data = APIC_DEFAULT_PHYS_BASE | LAPIC_MODE_X2APIC; + if (kvm_vcpu_is_reset_bsp(vcpu)) + apic_base_msr.data |= MSR_IA32_APICBASE_BSP; + apic_base_msr.host_initiated = true; + if (WARN_ON(kvm_set_apic_base(vcpu, &apic_base_msr))) + goto td_bugged; + + vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE; + + return; + +td_bugged: + vcpu->kvm->vm_bugged = true; +} + int tdx_dev_ioctl(void __user *argp) { struct kvm_tdx_capabilities __user *user_caps; -- 2.25.1