Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp6391465rwd; Mon, 19 Jun 2023 06:43:52 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6x53mTAkpxXULwJ9JP72NrC2TsApy29GmxFsiBaKNe6FOHGY9IOk570kxRWNZEBCbLFER2 X-Received: by 2002:a05:6358:cc13:b0:12f:1fea:7118 with SMTP id gx19-20020a056358cc1300b0012f1fea7118mr6566213rwb.30.1687182231822; Mon, 19 Jun 2023 06:43:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687182231; cv=none; d=google.com; s=arc-20160816; b=FIAtaUExHnfqiA/wdSXb/r0bvKgs64zJD3f3dpRYu8kKt+SgAdk5Mz6HAsKRzPxyR+ WHNCBwUR+qBTn9fmK2qdfrIBTe3QupxoPnoyPYjd0q3gVEhTImVpE0LTFpgiXEVQVUFi VXtXwfbojxLxtYbgPpDI+/UZFyjLiGQ7IBWgjVdiakUOuwBlHi8ldR5oC0bmLeWUJZes BXMl0dq7TLTCKNVQgq3jgsNB3E+eD7cZYXCzkBFDVsB/HM9IdPRrS3n/69/WeLUa8aMC K4yGPscaU8sHZbZOTz7s2wsfCXIXbnQKkeA8sWcO7WCozs/hJD2lUm73L/I5o+urShn1 09Cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :organization:from:references:cc:to:content-language:user-agent :mime-version:date:message-id:dkim-signature; bh=ehDF1EfqVpL/EjIHvvHkOTz1CnikocCQsrKsBdK85Eg=; b=PnLmoQ4AGwm8Pf2ue4iAIlxUWGgCCmjq/CnHxatPG4i+SnIT2iM8ryYD8pANSAgRCA K/FodSX6LoUqQYOh48TDPn3eOR2KL/2Yu//KjeaoCLXYJKYh9zaM1bO9JrcH8R+/8JRA UKamnFqogheVRDEWD4okXUrw9pc89vthBj47qfq62KHVv4kjdngd7gpthWqo2njAlluF +X880ejX2au1+0J3eIxbk+/78c7+uFTGQkxUBr2xEbNe5GTOm2UJfA1IF72wDYBT3Gjf bBCMMvT6F0FRz2irlDUZAQNPtGjYGRljaqUraWO+Ie/h8ohdj0BD3Uo7UL1ZC0IQ/Emz KmSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=h2tGtxiC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k137-20020a636f8f000000b00543a6b76431si18268990pgc.326.2023.06.19.06.43.38; Mon, 19 Jun 2023 06:43:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=h2tGtxiC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231966AbjFSNau (ORCPT + 99 others); Mon, 19 Jun 2023 09:30:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231634AbjFSNas (ORCPT ); Mon, 19 Jun 2023 09:30:48 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13117E58 for ; Mon, 19 Jun 2023 06:29:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1687181393; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ehDF1EfqVpL/EjIHvvHkOTz1CnikocCQsrKsBdK85Eg=; b=h2tGtxiCS2dCo6r5V9C0KVV1SOLVxRiBvT1azW7z8U9TB/QeSakfSJc03v2HbcTdKKfhDN b6WxVynvAJ78YmgTYuacjfNS/XJm5d6cUrmByFPsgBWUInMM0CcpCMYOBV+r0ohx+Qwqoh Kkp1FOw81YENzMJPudZ6VFDQCKhyvgY= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-672-kXpb2veXOgCMQGKOF31ctA-1; Mon, 19 Jun 2023 09:29:50 -0400 X-MC-Unique: kXpb2veXOgCMQGKOF31ctA-1 Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-3112808cd0cso1119571f8f.0 for ; Mon, 19 Jun 2023 06:29:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687181389; x=1689773389; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ehDF1EfqVpL/EjIHvvHkOTz1CnikocCQsrKsBdK85Eg=; b=a8FM4BvNKHhhva4Cf8hfFkX2wYbdeQc3hyyCrdapZDpGHy/Fsr21VPHHcOM29mK8M0 FDRzcZ2YoBhf7t1rxGmqSRKmbp5oabizUkXJ0Qf4bF/S/RvGl9QmGuGSljCco2OxsXC4 bhOUhY21NCKTJ64pv6mo25jzqqzK4SKnQYXIG0KCqubAA+Ul4iDMO078xW5Nw2Loqpaw aX0osJUKbbfgH3r+syckBG+zvqgMM8zRKVqn0ap+PVZsMvb+XwIKn9w7J9kaX/cQLKhE EdnuEyubdsDYx7qMADs0/mni5ue3UpQIDH7JbaKZs277tHb5fwSlV6b5n5fT/kRYSFOZ EV+Q== X-Gm-Message-State: AC+VfDw9J8gesZPZgNEogxL11tWqNrq0WGXgAg0kAAL3AVoXhjm997uY +gyFKJ5wAZYJnZKbw8p0v1o7FwCI8HYkBrOrPCjbs+ALKrnAR39t7gqM3GqYJn0Y/g9oUrxAQUK wsusrGMUuu+kaVGH5XckKZs3z X-Received: by 2002:adf:de8a:0:b0:30f:bc8f:6d49 with SMTP id w10-20020adfde8a000000b0030fbc8f6d49mr7989118wrl.13.1687181389691; Mon, 19 Jun 2023 06:29:49 -0700 (PDT) X-Received: by 2002:adf:de8a:0:b0:30f:bc8f:6d49 with SMTP id w10-20020adfde8a000000b0030fbc8f6d49mr7989087wrl.13.1687181389229; Mon, 19 Jun 2023 06:29:49 -0700 (PDT) Received: from ?IPV6:2003:cb:c72f:7100:cede:6433:a77b:41e9? (p200300cbc72f7100cede6433a77b41e9.dip0.t-ipconnect.de. [2003:cb:c72f:7100:cede:6433:a77b:41e9]) by smtp.gmail.com with ESMTPSA id h14-20020a5d6e0e000000b003078354f774sm31386031wrz.36.2023.06.19.06.29.47 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 19 Jun 2023 06:29:48 -0700 (PDT) Message-ID: <0d5d75ec-c7db-7546-80cb-e8755fc7cae0@redhat.com> Date: Mon, 19 Jun 2023 15:29:47 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Content-Language: en-US To: Kai Huang , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, dave.hansen@intel.com, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com References: <50386eddbb8046b0b222d385e56e8115ed566526.1685887183.git.kai.huang@intel.com> From: David Hildenbrand Organization: Red Hat Subject: Re: [PATCH v11 08/20] x86/virt/tdx: Get information about TDX module and TDX-capable memory In-Reply-To: <50386eddbb8046b0b222d385e56e8115ed566526.1685887183.git.kai.huang@intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 04.06.23 16:27, Kai Huang wrote: > Start to transit out the "multi-steps" to initialize the TDX module. > > TDX provides increased levels of memory confidentiality and integrity. > This requires special hardware support for features like memory > encryption and storage of memory integrity checksums. Not all memory > satisfies these requirements. > > As a result, TDX introduced the concept of a "Convertible Memory Region" > (CMR). During boot, the firmware builds a list of all of the memory > ranges which can provide the TDX security guarantees. > > CMRs tell the kernel which memory is TDX compatible. The kernel takes > CMRs (plus a little more metadata) and constructs "TD Memory Regions" > (TDMRs). TDMRs let the kernel grant TDX protections to some or all of > the CMR areas. > > The TDX module also reports necessary information to let the kernel > build TDMRs and run TDX guests in structure 'tdsysinfo_struct'. The > list of CMRs, along with the TDX module information, is available to > the kernel by querying the TDX module. > > As a preparation to construct TDMRs, get the TDX module information and > the list of CMRs. Print out CMRs to help user to decode which memory > regions are TDX convertible. > > The 'tdsysinfo_struct' is fairly large (1024 bytes) and contains a lot > of info about the TDX module. Fully define the entire structure, but > only use the fields necessary to build the TDMRs and pr_info() some > basics about the module. The rest of the fields will get used by KVM. > > For now both 'tdsysinfo_struct' and CMRs are only used during the module > initialization. But because they are both relatively big, declare them > inside the module initialization function but as static variables. > > Signed-off-by: Kai Huang > Reviewed-by: Isaku Yamahata > --- [...] > --- > arch/x86/virt/vmx/tdx/tdx.c | 67 +++++++++++++++++++++++++++++++++- > arch/x86/virt/vmx/tdx/tdx.h | 72 +++++++++++++++++++++++++++++++++++++ > 2 files changed, 138 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c > index bcf2b2d15a2e..9fde0f71dd8b 100644 > --- a/arch/x86/virt/vmx/tdx/tdx.c > +++ b/arch/x86/virt/vmx/tdx/tdx.c > @@ -20,6 +20,7 @@ > #include > #include > #include > +#include > #include > #include "tdx.h" > > @@ -191,12 +192,76 @@ int tdx_cpu_enable(void) > } > EXPORT_SYMBOL_GPL(tdx_cpu_enable); > > +static inline bool is_cmr_empty(struct cmr_info *cmr) > +{ > + return !cmr->size; > +} > + Nit: maybe it's just me, but this function seems unnecessary. If "!cmr->size" is not expressive, then I don't know why "is_cmr_empty" should be. Just inline that into the single user. .. after all the single caller also uses/prints cmr->size ... > +static void print_cmrs(struct cmr_info *cmr_array, int nr_cmrs) > +{ > + int i; > + > + for (i = 0; i < nr_cmrs; i++) { > + struct cmr_info *cmr = &cmr_array[i]; > + > + /* > + * The array of CMRs reported via TDH.SYS.INFO can > + * contain tail empty CMRs. Don't print them. > + */ > + if (is_cmr_empty(cmr)) > + break; > + > + pr_info("CMR: [0x%llx, 0x%llx)\n", cmr->base, > + cmr->base + cmr->size); > + } > +} > + > +/* > + * Get the TDX module information (TDSYSINFO_STRUCT) and the array of > + * CMRs, and save them to @sysinfo and @cmr_array. @sysinfo must have > + * been padded to have enough room to save the TDSYSINFO_STRUCT. > + */ > +static int tdx_get_sysinfo(struct tdsysinfo_struct *sysinfo, > + struct cmr_info *cmr_array) > +{ > + struct tdx_module_output out; > + u64 sysinfo_pa, cmr_array_pa; > + int ret; > + > + sysinfo_pa = __pa(sysinfo); > + cmr_array_pa = __pa(cmr_array); > + ret = seamcall(TDH_SYS_INFO, sysinfo_pa, TDSYSINFO_STRUCT_SIZE, > + cmr_array_pa, MAX_CMRS, NULL, &out); > + if (ret) > + return ret; > + > + pr_info("TDX module: atributes 0x%x, vendor_id 0x%x, major_version %u, minor_version %u, build_date %u, build_num %u", "attributes" ? > + sysinfo->attributes, sysinfo->vendor_id, > + sysinfo->major_version, sysinfo->minor_version, > + sysinfo->build_date, sysinfo->build_num); > + > + /* R9 contains the actual entries written to the CMR array. */ > + print_cmrs(cmr_array, out.r9); > + > + return 0; > +} > + > static int init_tdx_module(void) > { > + static DECLARE_PADDED_STRUCT(tdsysinfo_struct, tdsysinfo, > + TDSYSINFO_STRUCT_SIZE, TDSYSINFO_STRUCT_ALIGNMENT); > + static struct cmr_info cmr_array[MAX_CMRS] > + __aligned(CMR_INFO_ARRAY_ALIGNMENT); > + struct tdsysinfo_struct *sysinfo = &PADDED_STRUCT(tdsysinfo); > + int ret; > + > + ret = tdx_get_sysinfo(sysinfo, cmr_array); > + if (ret) > + return ret; > + > /* > * TODO: > * > - * - Get TDX module information and TDX-capable memory regions. > * - Build the list of TDX-usable memory regions. > * - Construct a list of "TD Memory Regions" (TDMRs) to cover > * all TDX-usable memory regions. > diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h > index 9fb46033c852..97f4d7e7f1a4 100644 > --- a/arch/x86/virt/vmx/tdx/tdx.h > +++ b/arch/x86/virt/vmx/tdx/tdx.h > @@ -3,6 +3,8 @@ > #define _X86_VIRT_TDX_H > > #include > +#include > +#include > > /* > * This file contains both macros and data structures defined by the TDX > @@ -21,6 +23,76 @@ > */ > #define TDH_SYS_INIT 33 > #define TDH_SYS_LP_INIT 35 > +#define TDH_SYS_INFO 32 > + > +struct cmr_info { > + u64 base; > + u64 size; > +} __packed; > + > +#define MAX_CMRS 32 > +#define CMR_INFO_ARRAY_ALIGNMENT 512 > + > +struct cpuid_config { > + u32 leaf; > + u32 sub_leaf; > + u32 eax; > + u32 ebx; > + u32 ecx; > + u32 edx; > +} __packed; > + > +#define DECLARE_PADDED_STRUCT(type, name, size, alignment) \ > + struct type##_padded { \ > + union { \ > + struct type name; \ > + u8 padding[size]; \ > + }; \ > + } name##_padded __aligned(alignment) > + > +#define PADDED_STRUCT(name) (name##_padded.name) > + > +#define TDSYSINFO_STRUCT_SIZE 1024 So, it can never be larger than 1024 bytes? Not even with many cpuid configs? > +#define TDSYSINFO_STRUCT_ALIGNMENT 1024 > + -- Cheers, David / dhildenb