Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp4734179iog; Wed, 22 Jun 2022 04:59:39 -0700 (PDT) X-Google-Smtp-Source: AGRyM1tUdKQxBrWZKjy3i8igYOsyZ/Xq/TIIqQ6B4Ckna3nZsjmpkLjYwMAHns8lgCIMrzgk15rC X-Received: by 2002:a65:6bd4:0:b0:405:2d64:532c with SMTP id e20-20020a656bd4000000b004052d64532cmr2599857pgw.179.1655899179180; Wed, 22 Jun 2022 04:59:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655899179; cv=none; d=google.com; s=arc-20160816; b=b2LpsFejCKgJZLygNEILyidnyZwZHTXS5AdDIyzDbtC95NJ6NChOrq/Hu6Ehp4KNkz 5nnY6XsrYgeMEJ5ZIJ0NjMRUn4pqsxNia++HKRgcI2FB0jWLSm2ocEdTpKPY1vD7Doqs LuKKug67vdEvYgyGaDFAN5C3t1MR0aLjWigh02Aj6IKjwOIgKSNmd8kgD3ylPxth3ziz T5uEc5LEt224rlrZFQu0aO//oR63D6s9p7kXGrUkmCl5j4wTAUKWhRy0P1LQteljW2tP iAaf5xTTHZIaCAodhwahL316b65Oa7yiqG2W2RJs1P3X5vkrfeZ0jJLqstIuzUQoLJGc /6HQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5vkv4razVXUgC5GaHhLcr3aoFLwt9RTmFg827keNngc=; b=ifLSTu1udsXXl3RiXfamTJTAK1KNP2E+H+ZPZ5c62vBRcw1+lXKdwRWCx7vZ3viJJO ctIc7TF3t0FDpuWYE8zDMn1s6S8LTDLQZtn8seg6Gk/jXjTXy8CsaLrMB3Hyt4ETZ5/y g1ghgyllIBXfnSPjLB750leO6JDuybiAlgpsDnc8vI/pJxcCPbrmJjBZm8CsfbRgJLKD yNZhKjtuXNpA4ofOpRw4N4dnaR+bsdO2Nhc3zUL5fHAXJZe3QQecP3OiM0Qn1JCKLSBP euswuH4R6qtcxOqytkxCA9/rsBmwH0i8552CQExntz1uoV2UmyBpZhmGUs0dbvXGsjtH oDSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BSHoJECb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u3-20020a17090add4300b001e0552f722asi23511300pjv.87.2022.06.22.04.59.26; Wed, 22 Jun 2022 04:59:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=BSHoJECb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1357556AbiFVLTh (ORCPT + 99 others); Wed, 22 Jun 2022 07:19:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58210 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1357187AbiFVLTN (ORCPT ); Wed, 22 Jun 2022 07:19:13 -0400 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0FF32C640; Wed, 22 Jun 2022 04:18:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655896681; x=1687432681; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EU9UVN23kTwZDQsiPFFMtJVL0oXFbDaSRd4fV8w3EqE=; b=BSHoJECbbWIE3+Cx8n/OVyOTcdq7i0xMOcwKBVZGWE/F0WLpJvo+7qbs nTu9RLCHleJyrxXygYxsw8O+Ek1U5uFGA/qM9ALJ+eiLOPQHr8Cn69tJB BWF348VpHp+q6eOohWrBOgtB06lL02t6TOXb5VI4y665WHMyzRuEsHIZD 1t0YzmCF0HivDf5wkNv1VpByeKcdNIELRxzgsWP2KjiPlKM0ndNu1KUj9 OT/1DUsrUR2qIlgYAr2XudLW9EOr76KGQu8OMefCQD9on42hIrlEiUO3i /zVEAk5u2lnVkJRmqVn0J9+70GiWKHfzF7uIBuhj8O7YWc3mUAKnxRglx A==; X-IronPort-AV: E=McAfee;i="6400,9594,10385"; a="366713427" X-IronPort-AV: E=Sophos;i="5.92,212,1650956400"; d="scan'208";a="366713427" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2022 04:18:01 -0700 X-IronPort-AV: E=Sophos;i="5.92,212,1650956400"; d="scan'208";a="834065918" Received: from jmatsis-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.209.178.197]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2022 04:17:58 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, len.brown@intel.com, tony.luck@intel.com, rafael.j.wysocki@intel.com, reinette.chatre@intel.com, dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, isaku.yamahata@intel.com, kai.huang@intel.com Subject: [PATCH v5 20/22] x86/virt/tdx: Initialize all TDMRs Date: Wed, 22 Jun 2022 23:17:48 +1200 Message-Id: <58db9a30a179907aa9331e45900df7395d17c80c.1655894131.git.kai.huang@intel.com> X-Mailer: git-send-email 2.36.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Initialize TDMRs via TDH.SYS.TDMR.INIT as the last step to complete the TDX initialization. All TDMRs need to be initialized using TDH.SYS.TDMR.INIT SEAMCALL before the memory pages can be used by the TDX module. The time to initialize TDMR is proportional to the size of the TDMR because TDH.SYS.TDMR.INIT internally initializes the PAMT entries using the global KeyID. To avoid long latency caused in one SEAMCALL, TDH.SYS.TDMR.INIT only initializes an (implementation-specific) subset of PAMT entries of one TDMR in one invocation. The caller needs to call TDH.SYS.TDMR.INIT iteratively until all PAMT entries of the given TDMR are initialized. TDH.SYS.TDMR.INITs can run concurrently on multiple CPUs as long as they are initializing different TDMRs. To keep it simple, just initialize all TDMRs one by one. On a 2-socket machine with 2.2G CPUs and 64GB memory, each TDH.SYS.TDMR.INIT roughly takes ~7us on average, and it takes roughly ~100ms to complete initializing all TDMRs while system is idle. Signed-off-by: Kai Huang --- arch/x86/virt/vmx/tdx/tdx.c | 70 ++++++++++++++++++++++++++++++++++--- arch/x86/virt/vmx/tdx/tdx.h | 1 + 2 files changed, 66 insertions(+), 5 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index b9777a353835..da1af1b60c35 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1019,6 +1019,65 @@ static int config_global_keyid(void) return seamcall_on_each_package_serialized(&sc); } +/* Initialize one TDMR */ +static int init_tdmr(struct tdmr_info *tdmr) +{ + u64 next; + + /* + * Initializing PAMT entries might be time-consuming (in + * proportion to the size of the requested TDMR). To avoid long + * latency in one SEAMCALL, TDH.SYS.TDMR.INIT only initializes + * an (implementation-defined) subset of PAMT entries in one + * invocation. + * + * Call TDH.SYS.TDMR.INIT iteratively until all PAMT entries + * of the requested TDMR are initialized (if next-to-initialize + * address matches the end address of the TDMR). + */ + do { + struct tdx_module_output out; + u64 ret; + + ret = seamcall(TDH_SYS_TDMR_INIT, tdmr->base, 0, 0, 0, &out); + if (ret) + return -EFAULT; + /* + * RDX contains 'next-to-initialize' address if + * TDH.SYS.TDMR.INT succeeded. + */ + next = out.rdx; + /* Allow scheduling when needed */ + if (need_resched()) + cond_resched(); + } while (next < tdmr->base + tdmr->size); + + return 0; +} + +/* Initialize all TDMRs */ +static int init_tdmrs(struct tdmr_info *tdmr_array, int tdmr_num) +{ + int i; + + /* + * Initialize TDMRs one-by-one for simplicity, though the TDX + * architecture does allow different TDMRs to be initialized in + * parallel on multiple CPUs. Parallel initialization could + * be added later when the time spent in the serialized scheme + * becomes a real concern. + */ + for (i = 0; i < tdmr_num; i++) { + int ret; + + ret = init_tdmr(tdmr_array_entry(tdmr_array, i)); + if (ret) + return ret; + } + + return 0; +} + /* * Detect and initialize the TDX module. * @@ -1109,11 +1168,12 @@ static int init_tdx_module(void) if (ret) goto out_free_pamts; - /* - * Return -EINVAL until all steps of TDX module initialization - * process are done. - */ - ret = -EINVAL; + /* Initialize TDMRs to complete the TDX module initialization */ + ret = init_tdmrs(tdmr_array, tdmr_num); + if (ret) + goto out_free_pamts; + + tdx_module_status = TDX_MODULE_INITIALIZED; out_free_pamts: if (ret) { /* diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 2d25a93b89ef..e0309558be13 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -53,6 +53,7 @@ #define TDH_SYS_INFO 32 #define TDH_SYS_INIT 33 #define TDH_SYS_LP_INIT 35 +#define TDH_SYS_TDMR_INIT 36 #define TDH_SYS_LP_SHUTDOWN 44 #define TDH_SYS_CONFIG 45 -- 2.36.1