Received: by 2002:a6b:fb09:0:0:0:0:0 with SMTP id h9csp5663307iog; Thu, 23 Jun 2022 02:53:15 -0700 (PDT) X-Google-Smtp-Source: AGRyM1v2VDqDFz3tAq99bI2ntR7S7EdCwkGzpMj60Ene7yf5fDcVQTmFCLw3CoTdPpNQ18lXyLEA X-Received: by 2002:a17:90a:9408:b0:1ec:9453:2ebc with SMTP id r8-20020a17090a940800b001ec94532ebcmr3155047pjo.150.1655977995436; Thu, 23 Jun 2022 02:53:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1655977995; cv=none; d=google.com; s=arc-20160816; b=D0O9IaNPnMa6jUl8+M3ws8DRaHV41+7V1ggr0SwgnGNPUQRamAuYJwXXHadZAJSsTE aFQS29EXXCZu/2Jq5u8GZ+VcOsnQipqEFCcUsnIDzot1wJV1kyag3wm6JvuM9m4EjPF+ pJfilDcgbRQmL4kQHzLirXw71lUSwKv8w0nTc/xxF9KsLxacRZzZpTK1gI1If+Bg0Gms z8atalkh/HsLOtSw1kyyLwcZBdCK5HgvEdM1eDzmLCxPxNHlV74XeBihV4pjpjNnS7Kq rS0NUyzJ/8uY9h7nk/C2xXIGrl/qyuO51kJWfCZfB2m6d0k5WDQpbMGBGzkqJCJ59EEI h2kA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id:dkim-signature; bh=rmAF7zyXT0Z9UGT+4I9gUT6rGAS9pZpWdXgz5CtyiwE=; b=rtvPYUixNewv1ZpAh7oRbTH/jcT/+i1fiPhpCuHHMoo/l9Znfo4Q0RCYVRiZm2izaU CqaBBNNDmRdwfl5EuP8vvmMux6y/FH6DBH84mG2+RrZxKbdc1qB0T9QartnMdfTb1tBs 5Cl5EkWB21GqF4GJbFcoKdXY+YkFwglC6T2Qk5HEe6Ml+syVljPnpWOF4uaVz8t4vpxC uPfh3e4vGQGcPejKDBS9C4+YNev5k3L+kN22kK7VFL0IUy5Is2Ec/DeYfLDOd8/KOO75 OGEare4rhGAJ5wI6Cm1bS+zZxP1VERbeqG3Q28Rui4uJ+mfuQangwuBOlMugxQANthzV wzjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=nVcdfs1N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p35-20020a634f63000000b00401b6bc63c7si27847830pgl.452.2022.06.23.02.53.01; Thu, 23 Jun 2022 02:53:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=nVcdfs1N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230308AbiFWJXt (ORCPT + 99 others); Thu, 23 Jun 2022 05:23:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230222AbiFWJXr (ORCPT ); Thu, 23 Jun 2022 05:23:47 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E1561FCC7; Thu, 23 Jun 2022 02:23:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1655976227; x=1687512227; h=message-id:subject:from:to:cc:date:in-reply-to: references:content-transfer-encoding:mime-version; bh=QDlGykX9O0/coZOraXMV7FheH9yMt2KDusOcdgjN3go=; b=nVcdfs1NIeVz+iySynOaGgAJNTlMjyWLtup03oaODlb5MeMBCAYQC/Qp bE1zI9QEIYXMcOi1uduWbcB+/prJIreznE75AGdFPhRcnFOEnznajNZNi Pg0qlrpj9hJMjrG6R97vy3TFtMXAPOUjVnHoYL/jrGHeyHgg/8q3SndUi mQxzJaR/XljszRyeLIZ1c1DrKM5azeugDavzAkGXpdFPya34QBn6aSV6K 3JPKZzX3c98fmF6kX6gW8xTLogh7LFRwCo7sbGmBAPxO7Ych9uRsNj1// 55IY2IBJEoPgIdqFxiLybQYZKbIOzNzkRBI1wP/tTz0zt3PyaL/fHZoWY A==; X-IronPort-AV: E=McAfee;i="6400,9594,10386"; a="261102373" X-IronPort-AV: E=Sophos;i="5.92,215,1650956400"; d="scan'208";a="261102373" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2022 02:23:46 -0700 X-IronPort-AV: E=Sophos;i="5.92,215,1650956400"; d="scan'208";a="834556443" Received: from mjalmada-desk.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.209.144.88]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jun 2022 02:23:43 -0700 Message-ID: Subject: Re: [PATCH v5 01/22] x86/virt/tdx: Detect TDX during kernel boot From: Kai Huang To: Chao Gao Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, len.brown@intel.com, tony.luck@intel.com, rafael.j.wysocki@intel.com, reinette.chatre@intel.com, dan.j.williams@intel.com, peterz@infradead.org, ak@linux.intel.com, kirill.shutemov@linux.intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, isaku.yamahata@intel.com Date: Thu, 23 Jun 2022 21:23:41 +1200 In-Reply-To: <20220623055658.GA2934@gao-cwp> References: <062075b36150b119bf2d0a1262de973b0a2b11a7.1655894131.git.kai.huang@intel.com> <20220623055658.GA2934@gao-cwp> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.44.2 (3.44.2-1.fc36) MIME-Version: 1.0 X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2022-06-23 at 13:57 +0800, Chao Gao wrote: > On Wed, Jun 22, 2022 at 11:15:30PM +1200, Kai Huang wrote: > > Intel Trust Domain Extensions (TDX) protects guest VMs from malicious > > host and certain physical attacks. TDX introduces a new CPU mode calle= d > > Secure Arbitration Mode (SEAM) and a new isolated range pointed by the > ^ perhaps, range of memory OK. The spec indeed says "execute out of memory defined by SEAM ranger reg= ister (SEAMRR)". >=20 > > +static int detect_tdx_keyids(void) > > +{ > > + u64 keyid_part; > > + > > + rdmsrl(MSR_IA32_MKTME_KEYID_PARTITIONING, keyid_part); >=20 > how about: > rdmsr(MSR_IA32_MKTME_KEYID_PARTITIONING, tdx_keyid_start, tdx_keyid_num)= ; > tdx_keyid_start++; >=20 > Then TDX_KEYID_NUM/START can be dropped. OK will do. >=20 > > + > > + tdx_keyid_num =3D TDX_KEYID_NUM(keyid_part); > > + tdx_keyid_start =3D TDX_KEYID_START(keyid_part); > > + > > + pr_info("TDX private KeyID range: [%u, %u).\n", > > + tdx_keyid_start, tdx_keyid_start + tdx_keyid_num); > > + > > + /* > > + * TDX guarantees at least two TDX KeyIDs are configured by > > + * BIOS, otherwise SEAMRR is disabled. Invalid TDX private > > + * range means kernel bug (TDX is broken). >=20 > Maybe it is better to have a comment for why TDX/kernel guarantees > there should be at least 2 TDX keyIDs. "TDX guarantees" means it is architectural behaviour. Perhaps I can change= to "TDX architecture guarantee" to be more explicit. This part is currently not in the public spec, but I am working with others= to add this to the public spec. >=20 > > + > > +/* > > + * This file contains both macros and data structures defined by the T= DX > > + * architecture and Linux defined software data structures and functio= ns. > > + * The two should not be mixed together for better readability. The > > + * architectural definitions come first. > > + */ > > + > > +/* > > + * Intel Trusted Domain CPU Architecture Extension spec: > > + * > > + * IA32_MTRRCAP: > > + * Bit 15: The support of SEAMRR > > + * > > + * IA32_SEAMRR_PHYS_MASK (core-scope): > > + * Bit 10: Lock bit > > + * Bit 11: Enable bit > > + */ > > +#define MTRR_CAP_SEAMRR BIT_ULL(15) >=20 > Can you move this bit definition to arch/x86/include/asm/msr-index.h > right after MSR_MTRRcap definition there? The comment at the beginning of this file says: /* * CPU model specific register (MSR) numbers. * * Do not add new entries to this file unless the definitions are shared * between multiple compilation units. */ I am not sure whether adding a new bit of one MSR (which is already defined= ) is adding a "new entry". Perhaps it is not. But I'd like to leave to maintai= ners. --=20 Thanks, -Kai