Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp4720011iog; Wed, 22 Jun 2022 04:39:10 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tLfIZYzPMAMiUzPvpDV2JTw3/CCxX2v3mbPwtdL/zh9SSohoqrB+6EDztImGZg9yXlcn3N X-Received: by 2002:a05:6402:d5c:b0:435:6e2f:245b with SMTP id ec28-20020a0564020d5c00b004356e2f245bmr3667580edb.145.1655897950002; Wed, 22 Jun 2022 04:39:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655897949; cv=none; d=google.com; s=arc-20160816; b=sX3SSD719KEYZE9oWl+PRRGeDw0Ri64ZXWbJImCjF4XCqjFCRbvoE5SUH8QwhD8Df+ YZeXJa8P/0YQCaf1MB+vF1PigeUilBGCEC0H0tSPvYEf7TB26yql6PFko7AX5O9H10H7 O9O9U/CffFPRKvRElhN1rSYY5DgV15WUEIlCjzdrPaQ8aXrPq20vIpA1VnSljSM2jglb gXAAsvvqQ4aytMNZc+1g1PEdQxKDDMD3pCspzfoIww/ucSOP2FmshnnnUflD8Z5GCMme AdArxUVGH4lOC2HKZLQRUi+XYIF8UCgwZQRuNKgSdt4W5F6lhSMihfzJ++o3RhHnOmXp NM8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8SHmfik+w/nf+rfS/DiKuilitetsJtM5HiPLMcB2sqA=; b=NE+ap9ksNK5QUcbNRMG3GI4+cM//sIyxBHQzCEUcqkAijidclnQ8Mrw9xPNEz7936P tHRhD5QnqYll5czHSdvRCSiR4t8Vz4GzeZPmmYtpMUORPDCl78E8PCVmJXwGyTKgOax/ fVGHqUGbmGwJUaHXaMIUVdJKPmTb9aCCXRIJDDnKpFOclFjRtb5t9N74BreP0Ok4DqmP jxNLnLlG+xdiJxHqdPgiXwvYGCJ2e024qJ5fbmU/DQ8dSf3WKj7KgNfqqbkwXdKYfdue WqFZV3gsWrRp2pUv419U48I7FgeLcax0HPQ9xTiE8eNeNRxPCS9xVPBDoaIdybV6hVsN C7xQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DsLm1vjl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b13-20020a056402278d00b004359cc91e29si5046291ede.512.2022.06.22.04.38.40; Wed, 22 Jun 2022 04:39:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DsLm1vjl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357257AbiFVLRX (ORCPT + 99 others); Wed, 22 Jun 2022 07:17:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57348 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357361AbiFVLRC (ORCPT ); Wed, 22 Jun 2022 07:17:02 -0400 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6F01E3A73C; Wed, 22 Jun 2022 04:17:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655896621; x=1687432621; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=azk6eOlLWyY3qAb8HMa/IfCadnDkwXnmK4nwWuUEqaM=; b=DsLm1vjlYNGdKZkfLb9HDjGwSFGIiQHrw8Fb5Q2yv8YayFYvlK+73eSV 0LOQIOvoUNQPeARyemSECcsgTMaTDZ7+oDm5Tue98nxVo8ndILYG2Icop Y069vZjcPsoUxrDrEd3y6QPApS8bVYHG9AbaDauQytn3ebT8Azv2zpgrX em9N1gt50jTC8Fl3m5/XE/lOt8qF/XZT9AxuMeIcmcvry7qPtBxwg+Uax N5ly5+KdvhmZBPgT8FJxB4JSjr43CpXcPZZnDwMaTdoKjwm+ZxMkj2A+y yz0SbAxeNx/WBI72cVVO2aYnr9fn1q284CA3bA4ZAGuo+Ou1EwXPlQCE6 w==; X-IronPort-AV: E=McAfee;i="6400,9594,10385"; a="344379990" X-IronPort-AV: E=Sophos;i="5.92,212,1650956400"; d="scan'208";a="344379990" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2022 04:17:01 -0700 X-IronPort-AV: E=Sophos;i="5.92,212,1650956400"; d="scan'208";a="834065741" Received: from jmatsis-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.209.178.197]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2022 04:16:58 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, len.brown@intel.com, tony.luck@intel.com, rafael.j.wysocki@intel.com, reinette.chatre@intel.com, dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, isaku.yamahata@intel.com, kai.huang@intel.com Subject: [PATCH v5 07/22] x86/virt/tdx: Implement SEAMCALL function Date: Wed, 22 Jun 2022 23:16:30 +1200 Message-Id: <095e6bbc57b4470e1e9a9104059a5238c9775f00.1655894131.git.kai.huang@intel.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org TDX introduces a new CPU mode: Secure Arbitration Mode (SEAM). This mode runs only the TDX module itself or other code to load the TDX module. The host kernel communicates with SEAM software via a new SEAMCALL instruction. This is conceptually similar to a guest->host hypercall, except it is made from the host to SEAM software instead. The TDX module defines SEAMCALL leaf functions to allow the host to initialize it, and to create and run protected VMs. SEAMCALL leaf functions use an ABI different from the x86-64 system-v ABI. Instead, they share the same ABI with the TDCALL leaf functions. Implement a function __seamcall() to allow the host to make SEAMCALL to SEAM software using the TDX_MODULE_CALL macro which is the common assembly for both SEAMCALL and TDCALL. SEAMCALL instruction causes #GP when SEAMRR isn't enabled, and #UD when CPU is not in VMX operation. The TDX_MODULE_CALL macro doesn't handle SEAMCALL exceptions. Leave to the caller to guarantee those conditions before calling __seamcall(). Signed-off-by: Kai Huang --- - v3 -> v5 (no feedback on v4): - Explicitly tell TDX_SEAMCALL_VMFAILINVALID is returned if the SEAMCALL itself fails. - Improve the changelog. --- arch/x86/virt/vmx/tdx/Makefile | 2 +- arch/x86/virt/vmx/tdx/seamcall.S | 52 ++++++++++++++++++++++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 11 +++++++ 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 arch/x86/virt/vmx/tdx/seamcall.S diff --git a/arch/x86/virt/vmx/tdx/Makefile b/arch/x86/virt/vmx/tdx/Makefile index 1bd688684716..fd577619620e 100644 --- a/arch/x86/virt/vmx/tdx/Makefile +++ b/arch/x86/virt/vmx/tdx/Makefile @@ -1,2 +1,2 @@ # SPDX-License-Identifier: GPL-2.0-only -obj-$(CONFIG_INTEL_TDX_HOST) += tdx.o +obj-$(CONFIG_INTEL_TDX_HOST) += tdx.o seamcall.o diff --git a/arch/x86/virt/vmx/tdx/seamcall.S b/arch/x86/virt/vmx/tdx/seamcall.S new file mode 100644 index 000000000000..f322427e48c3 --- /dev/null +++ b/arch/x86/virt/vmx/tdx/seamcall.S @@ -0,0 +1,52 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#include +#include + +#include "tdxcall.S" + +/* + * __seamcall() - Host-side interface functions to SEAM software module + * (the P-SEAMLDR or the TDX module). + * + * Transform function call register arguments into the SEAMCALL register + * ABI. Return TDX_SEAMCALL_VMFAILINVALID if the SEAMCALL itself fails, + * or the completion status of the SEAMCALL leaf function. Additional + * output operands are saved in @out (if it is provided by caller). + * + *------------------------------------------------------------------------- + * SEAMCALL ABI: + *------------------------------------------------------------------------- + * Input Registers: + * + * RAX - SEAMCALL Leaf number. + * RCX,RDX,R8-R9 - SEAMCALL Leaf specific input registers. + * + * Output Registers: + * + * RAX - SEAMCALL completion status code. + * RCX,RDX,R8-R11 - SEAMCALL Leaf specific output registers. + * + *------------------------------------------------------------------------- + * + * __seamcall() function ABI: + * + * @fn (RDI) - SEAMCALL Leaf number, moved to RAX + * @rcx (RSI) - Input parameter 1, moved to RCX + * @rdx (RDX) - Input parameter 2, moved to RDX + * @r8 (RCX) - Input parameter 3, moved to R8 + * @r9 (R8) - Input parameter 4, moved to R9 + * + * @out (R9) - struct tdx_module_output pointer + * stored temporarily in R12 (not + * used by the P-SEAMLDR or the TDX + * module). It can be NULL. + * + * Return (via RAX) the completion status of the SEAMCALL, or + * TDX_SEAMCALL_VMFAILINVALID. + */ +SYM_FUNC_START(__seamcall) + FRAME_BEGIN + TDX_MODULE_CALL host=1 + FRAME_END + RET +SYM_FUNC_END(__seamcall) diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index f16055cc25f4..f1a2dfb978b1 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -2,6 +2,7 @@ #ifndef _X86_VIRT_TDX_H #define _X86_VIRT_TDX_H +#include #include /* @@ -44,4 +45,14 @@ ((u32)(((_keyid_part) & 0xffffffffull) + 1)) #define TDX_KEYID_NUM(_keyid_part) ((u32)((_keyid_part) >> 32)) + +/* + * Do not put any hardware-defined TDX structure representations below this + * comment! + */ + +struct tdx_module_output; +u64 __seamcall(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, + struct tdx_module_output *out); + #endif -- 2.36.1