Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2313688rwd; Fri, 2 Jun 2023 07:49:51 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6AfKPEyZyXW+NABfsuR9EZdD4MMltxN/SXgVGQwrVvVeSJdppz/hp5j0p/cWqHrqcy2v2A X-Received: by 2002:a05:6a20:12c4:b0:10e:786c:821c with SMTP id v4-20020a056a2012c400b0010e786c821cmr10439261pzg.51.1685717390767; Fri, 02 Jun 2023 07:49:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685717390; cv=none; d=google.com; s=arc-20160816; b=ww2A8oAc0LR8IqeNzEEPNhzj8Ruf0VKjvgV/sd74Slp2DwRWN/2xQwUs3KmPk4Cmr9 LP4l8EkOxmRAvgSc7LRkep5qX0EM7GWfLsBjNYdeGfGL2KcgYSpn3wZ7gC61uD2ZvdpS 3aezTqw4frZL6yIEXgDwfKM3YrCFYZM9WxMV881VUszaYJh0BdZ6oudxKgCCF4i+qB3r 1ag9jh9rzCfQpf92pymSq/k2R0HBNrt2GmQolpluA6buhWDFtt9F3DhWbdSgvjf2rXaX lwKOzmJPO4g9UwejNneh+tacF7eDlXrY49EzPjND+6JpNbYU6qd11jvubt7a2HBfmmgp AXRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=x/orWrMvkXgfJNX9gR/RxlBvF82CPQY+0wWIQwmO95c=; b=s6Kbfn5ma2xQ89eMFkSjDrkOnPEJFqrLAp37RzcpXI6e6IEzRzbefgPOwLvb51pnjn ro8oiMO7Qz8W3JDRcelmDxb4QTaiPbQd7O5DjvnFCWLHPOYwZrm0rqUiEv+qvvZA0gxt oVwFolxWCewuseUmixlaA3/bYsJcPuNygaxiKR6Ir6gJHrFBNZu2hmXJ+m4XLOihEcRA dqKC9UfdG5V0OrvfyhQFCzpk33PAYdOsO6nI4w16ZoIaPZnFGxeSuKIU6cDziYZsGhAF oG0DH6OjuTS+pDs+a/1L8oeBPSuiUgNI4cPjhmt/GcRHyViE6qS9E4W+LZeW0nKToz1/ EJww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Z8Ox5sTw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t191-20020a6381c8000000b00536b4c4b695si1085766pgd.136.2023.06.02.07.49.36; Fri, 02 Jun 2023 07:49:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Z8Ox5sTw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235824AbjFBOfp (ORCPT + 99 others); Fri, 2 Jun 2023 10:35:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232240AbjFBOfo (ORCPT ); Fri, 2 Jun 2023 10:35:44 -0400 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 881D619B; Fri, 2 Jun 2023 07:35:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685716542; x=1717252542; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=ulFJ71WOjgzbfiC929YmWPFNrl2PajqvLUVCcU9XxmA=; b=Z8Ox5sTwzq3w0EHtr3hg7o7dBsVo8tzBNfNi6YN4I0f6nQNDmkrnzomq 1rBPcBlK6/PyWA3+ZZg7XensdqDVReexlCT3h/JaiN7epPL71w1iCfQMy Cp1uOo9wN2I8BcLD0O467Z4GYmLMmOvJ6BleJqSe/407q+VnK3zucBzb1 ikB8dGYrMoibLBaEyUa8udFSHvKOGoCshhbzzsXxMA0qBu0EkITI7Ot0C c0WnPRWccZbzdG5eI8dOlmxTHDuUuvk0LJBmnZ3GgNOnCYIJcIKoZCHTn 2QLg4xE7tMKS5GNR8TVNYVzZKKVJ2kU6jfTZF+8vjXTHSekVbfWeI0MwE A==; X-IronPort-AV: E=McAfee;i="6600,9927,10729"; a="340509247" X-IronPort-AV: E=Sophos;i="6.00,213,1681196400"; d="scan'208";a="340509247" Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2023 07:35:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10729"; a="710983956" X-IronPort-AV: E=Sophos;i="6.00,213,1681196400"; d="scan'208";a="710983956" Received: from sovanbis-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.46.229]) by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Jun 2023 07:35:34 -0700 Received: by box.shutemov.name (Postfix, from userid 1000) id 52AF710E1DE; Fri, 2 Jun 2023 17:35:32 +0300 (+03) Date: Fri, 2 Jun 2023 17:35:32 +0300 From: "Kirill A. Shutemov" To: Tom Lendacky Cc: Borislav Petkov , Andy Lutomirski , Dave Hansen , Sean Christopherson , Andrew Morton , Joerg Roedel , Ard Biesheuvel , Andi Kleen , Kuppuswamy Sathyanarayanan , David Rientjes , Vlastimil Babka , Thomas Gleixner , Peter Zijlstra , Paolo Bonzini , Ingo Molnar , Dario Faggioli , Mike Rapoport , David Hildenbrand , Mel Gorman , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, aarcange@redhat.com, peterx@redhat.com, x86@kernel.org, linux-mm@kvack.org, linux-coco@lists.linux.dev, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCHv13 9/9] x86/tdx: Add unaccepted memory support Message-ID: <20230602143532.wiki7tpqzjlydjjv@box.shutemov.name> References: <20230601182543.19036-1-kirill.shutemov@linux.intel.com> <20230601182543.19036-10-kirill.shutemov@linux.intel.com> <4d8d6fc4-99b5-29ba-7f81-12e7d57907ea@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4d8d6fc4-99b5-29ba-7f81-12e7d57907ea@amd.com> X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 02, 2023 at 08:22:35AM -0500, Tom Lendacky wrote: > On 6/1/23 13:25, Kirill A. Shutemov wrote: > > Hookup TDX-specific code to accept memory. > > > > Accepting the memory is done with ACCEPT_PAGE module call on every page > > in the range. MAP_GPA hypercall is not required as the unaccepted memory > > is considered private already. > > > > Extract the part of tdx_enc_status_changed() that does memory acceptance > > in a new helper. Move the helper tdx-shared.c. It is going to be used by > > both main kernel and decompressor. > > > > Signed-off-by: Kirill A. Shutemov > > --- > > arch/x86/Kconfig | 2 + > > arch/x86/boot/compressed/Makefile | 2 +- > > arch/x86/boot/compressed/error.c | 19 +++++++ > > arch/x86/boot/compressed/error.h | 1 + > > arch/x86/boot/compressed/mem.c | 35 +++++++++++- > > arch/x86/boot/compressed/tdx-shared.c | 2 + > > arch/x86/coco/tdx/Makefile | 2 +- > > arch/x86/coco/tdx/tdx-shared.c | 71 ++++++++++++++++++++++++ > > arch/x86/coco/tdx/tdx.c | 70 +---------------------- > > arch/x86/include/asm/shared/tdx.h | 2 + > > arch/x86/include/asm/unaccepted_memory.h | 24 ++++++++ > > 11 files changed, 160 insertions(+), 70 deletions(-) > > create mode 100644 arch/x86/boot/compressed/tdx-shared.c > > create mode 100644 arch/x86/coco/tdx/tdx-shared.c > > create mode 100644 arch/x86/include/asm/unaccepted_memory.h > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > index 53bab123a8ee..5c72067c06d4 100644 > > --- a/arch/x86/Kconfig > > +++ b/arch/x86/Kconfig > > @@ -884,9 +884,11 @@ config INTEL_TDX_GUEST > > bool "Intel TDX (Trust Domain Extensions) - Guest Support" > > depends on X86_64 && CPU_SUP_INTEL > > depends on X86_X2APIC > > + depends on EFI_STUB > > select ARCH_HAS_CC_PLATFORM > > select X86_MEM_ENCRYPT > > select X86_MCE > > + select UNACCEPTED_MEMORY > > help > > Support running as a guest under Intel TDX. Without this support, > > the guest kernel can not boot or run under TDX. > > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > > index cc4978123c30..b13a58021086 100644 > > --- a/arch/x86/boot/compressed/Makefile > > +++ b/arch/x86/boot/compressed/Makefile > > @@ -106,7 +106,7 @@ ifdef CONFIG_X86_64 > > endif > > vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o > > -vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o > > +vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o $(obj)/tdx-shared.o > > vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/mem.o > > vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o > > diff --git a/arch/x86/boot/compressed/error.c b/arch/x86/boot/compressed/error.c > > index c881878e56d3..5313c5cb2b80 100644 > > --- a/arch/x86/boot/compressed/error.c > > +++ b/arch/x86/boot/compressed/error.c > > @@ -22,3 +22,22 @@ void error(char *m) > > while (1) > > asm("hlt"); > > } > > + > > +/* EFI libstub provides vsnprintf() */ > > +#ifdef CONFIG_EFI_STUB > > +void panic(const char *fmt, ...) > > +{ > > + static char buf[1024]; > > + va_list args; > > + int len; > > + > > + va_start(args, fmt); > > + len = vsnprintf(buf, sizeof(buf), fmt, args); > > + va_end(args); > > + > > + if (len && buf[len - 1] == '\n') > > + buf[len - 1] = '\0'; > > + > > + error(buf); > > +} > > +#endif > > diff --git a/arch/x86/boot/compressed/error.h b/arch/x86/boot/compressed/error.h > > index 1de5821184f1..86fe33b93715 100644 > > --- a/arch/x86/boot/compressed/error.h > > +++ b/arch/x86/boot/compressed/error.h > > @@ -6,5 +6,6 @@ > > void warn(char *m); > > void error(char *m) __noreturn; > > +void panic(const char *fmt, ...) __noreturn __cold; > > #endif /* BOOT_COMPRESSED_ERROR_H */ > > diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c > > index 4ecf26576a77..d2b6948a7801 100644 > > --- a/arch/x86/boot/compressed/mem.c > > +++ b/arch/x86/boot/compressed/mem.c > > @@ -2,11 +2,44 @@ > > #include "error.h" > > #include "misc.h" > > +#include "tdx.h" > > +#include > > + > > +/* > > + * accept_memory() and process_unaccepted_memory() called from EFI stub which > > + * runs before decompresser and its early_tdx_detect(). > > + * > > + * Enumerate TDX directly from the early users. > > + */ > > +static bool early_is_tdx_guest(void) > > +{ > > + static bool once; > > + static bool is_tdx; > > + > > + if (!IS_ENABLED(CONFIG_INTEL_TDX_GUEST)) > > + return false; > > + > > + if (!once) { > > + u32 eax, sig[3]; > > + > > + cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, > > + &sig[0], &sig[2], &sig[1]); > > + is_tdx = !memcmp(TDX_IDENT, sig, sizeof(sig)); > > + once = true; > > + } > > + > > + return is_tdx; > > +} > > void arch_accept_memory(phys_addr_t start, phys_addr_t end) > > { > > /* Platform-specific memory-acceptance call goes here */ > > - error("Cannot accept memory"); > > + if (early_is_tdx_guest()) { > > + if (tdx_accept_memory(start, end)) > > + return; > > + } > > + > > + error("Cannot accept memory: unknown platform\n"); > > So this is a change in this version. If tdx_accept_memory() fails, you'll > report unknown platform. Wouldn't it be better to have an error message that > indicates a failure in the accept path? Urgh.. Didn't read the error message on the rework. diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c index d2b6948a7801..a0d24df1004d 100644 --- a/arch/x86/boot/compressed/mem.c +++ b/arch/x86/boot/compressed/mem.c @@ -35,11 +35,11 @@ void arch_accept_memory(phys_addr_t start, phys_addr_t end) { /* Platform-specific memory-acceptance call goes here */ if (early_is_tdx_guest()) { - if (tdx_accept_memory(start, end)) - return; + if (!tdx_accept_memory(start, end)) + panic("TDX: Failed to accept memory\n"); + } else { + error("Cannot accept memory: unknown platform\n"); } - - error("Cannot accept memory: unknown platform\n"); } void init_unaccepted_memory(void) diff --git a/arch/x86/include/asm/unaccepted_memory.h b/arch/x86/include/asm/unaccepted_memory.h index f0ab217b566f..572514e36fde 100644 --- a/arch/x86/include/asm/unaccepted_memory.h +++ b/arch/x86/include/asm/unaccepted_memory.h @@ -8,11 +8,11 @@ static inline void arch_accept_memory(phys_addr_t start, phys_addr_t end) { /* Platform-specific memory-acceptance call goes here */ if (cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) { - if (tdx_accept_memory(start, end)) - return; + if (!tdx_accept_memory(start, end)) + panic("TDX: Failed to accept memory\n"); + } else { + panic("Cannot accept memory: unknown platform\n"); } - - panic("Cannot accept memory: unknown platform\n"); } static inline struct efi_unaccepted_memory *efi_get_unaccepted_table(void) -- Kiryl Shutsemau / Kirill A. Shutemov