Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.33 as permitted sender) client-ip=23.128.96.33;
Message-ID: <35cd1aad-87b6-4606-9811-ab56530cf896@intel.com>
Date:   Wed, 15 Nov 2023 15:35:11 +0800
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v17 015/116] x86/cpu: Add helper functions to
 allocate/free TDX private host key id
To:     <isaku.yamahata@intel.com>, <kvm@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
CC:     <isaku.yamahata@gmail.com>, Paolo Bonzini <pbonzini@redhat.com>,
        <erdemaktas@google.com>, Sean Christopherson <seanjc@google.com>,
        Sagi Shahar <sagis@google.com>,
        David Matlack <dmatlack@google.com>,
        Kai Huang <kai.huang@intel.com>,
        Zhi Wang <zhi.wang.linux@gmail.com>, <chen.bo@intel.com>,
        <hang.yuan@intel.com>, <tina.zhang@intel.com>
References: <cover.1699368322.git.isaku.yamahata@intel.com>
 <69281f4f2e4d2c3c906518d83bc6ec9c0debda16.1699368322.git.isaku.yamahata@intel.com>
Content-Language: en-US
From:   Chenyi Qiang <chenyi.qiang@intel.com>
In-Reply-To: <69281f4f2e4d2c3c906518d83bc6ec9c0debda16.1699368322.git.isaku.yamahata@intel.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?T1BNakpLdk96NVZoZXFnT014Y1BzeVQvb1d6TUxFSEVKWVNVbzh1dzV3aE9N?=
 =?utf-8?B?aW56c20wa1ZCMHkzeEQ4VWdmTExYYVFKU0dyckZTUWxoeVdCNWxucXYrVWlq?=
 =?utf-8?B?cGlTN3JoQUx2bDhtTjl2YkNmNmpTYWZaYTJQTXV5MWdMa2I4VnhCMWliRGk0?=
 =?utf-8?B?bjVxcjQ3OWJrUnhnaWxuZTVpSi83V3Y3UTlKbG9oR3dQcWVIU2x3aWU3bjVn?=
 =?utf-8?B?Vm91V0pIMzFXKzdDTHF2NWI2TzZNZG82RkhZazVlbU5jR1JRSFVlNDBiV2Zp?=
 =?utf-8?B?QTgrQXB3aytZVmE4NnhHQklkNkVEUlNoNDJob240WkNPdGtPQ0hDNTZvYXZ6?=
 =?utf-8?B?MGdURDJUbUN0bmVKWExIQ2VqNGhRSnpuSkc1TGhUdTJRR2dUaXY2WjdLODcv?=
 =?utf-8?B?QW1VcGlQUllSeXJFOWlCS3lJWHk3Sml4Tk94WlpqdU9mK3VNbldtQ00yYUhU?=
 =?utf-8?B?VFUwY1daYkliUkRIQ2twdDNzdi8rbE02eUo4TGxCMVNsUE5WOSt1WDZmdHZK?=
 =?utf-8?B?Mmpqeno1OVVFQzBlM09EUmEyVHdoaGgvamdMajkwczN3ZVVYYUIrZWZ1cE5z?=
 =?utf-8?B?ZnJrWmJsQURwRDZtdjgxN1FoZ1RwZFNVM1BBb2JWUGxTeVBiT1FsS1pIVndt?=
 =?utf-8?B?dFdlbjUva1VHN3ZzcmIwQXd1NjR0amNtVkRLQWNTOW1MUkxsbEtURFZrTEE3?=
 =?utf-8?B?THNKTlUrbExZS3orb0lNSTlnYno2UmhXbnpLWkM3c3hPcHBOQmlkSEhsVW1L?=
 =?utf-8?B?ZlZQT243cEgwRlgycmFGU0FtT1NQV1lubVQxZDJWb1plMXRWVS9OYi92M0ox?=
 =?utf-8?B?d2h2KysyVVlqdDVDWlU4ZURoUzNJbmlEOHdZYkxadDdVdGxrVEh3QW8vWTRT?=
 =?utf-8?B?RHNPMk9QZ3V0YXJrQU5sWEJRT0hvM2s1V0p6Uk1NM1puRjVjV3UvbmhCaG5S?=
 =?utf-8?B?cTRNTGExOU5iU3JEYkliNnI3cFFldjZHa0xpaDF6YUtBK1AwNmlxbWRZUEhR?=
 =?utf-8?B?S3dBM1hkcGxwQ1RCc1h3clo5MVA2RnJMMTNFaElCTmJ0TVAxQmJqQVZKbEpk?=
 =?utf-8?B?VUdXVCtrYXEzV1ZLWG01ZHBuZ0IrSEt5bkVtRGVRVVJTMkNRY2kvWGVISDJE?=
 =?utf-8?B?cU1jTWNxcWlqTjJOZGxUbkJIckR4WkhOUWZabDk3SEUvNVJHN0FnMXgxa1RI?=
 =?utf-8?B?dVpoeC9Obis0dUgzTUg2QkVSd0FQM095SmlnN05UWURrL2hKNXh0N01qTUk4?=
 =?utf-8?B?NTB0UmJRT0NFVG5SYXRlaEhkMEhMUTNONHBOY1JwdGRTY2lvK1Y3UUV3RkZk?=
 =?utf-8?B?TzJkMDZaS0M0VGdneFppVlZ3dEk2ZWZKbjExTHVPRTVrbTA0a2hQWXp5YTNv?=
 =?utf-8?B?RStlR2ZvTyt2Nzkrd1hFck56QmtPd2V4M0RGM1o5NmlqNnp3MEJubmNBSmhN?=
 =?utf-8?B?MmNpbmRTL00ralBSZlU3V2tGei8rKzhmcUUyZHpLbXl6cHVMcDVGanFzWnZM?=
 =?utf-8?B?dEFqNStDSW1CMGVmMXNEVFpsOGRibnFpS0RwUGFLV0tXODBUaXNmU29OOXhm?=
 =?utf-8?B?TzVKMnRFV3VTaHhzcDVjS3lzeXlBWnZrZHJ5Z09ZOVdHNENNWDAxWnFreDBa?=
 =?utf-8?B?Nk1GNG1yemZCZStNaWpuR3BqVHpRTUh3MU13NXpWOTlMYUV2NVBnRkUzcTVq?=
 =?utf-8?B?Y1pvNC8rVlJlRGx0NzhhRkp0b0FJeUdSeVZnc1RPcXJlQnVrT2p1Vmw1ZWlw?=
 =?utf-8?B?aXdrRnM0WkVCUWo5d1ZtZkhWTFRqRC9hUW5mOVZWdTVndG4xNWF2OHEzT1dB?=
 =?utf-8?B?SUVVelF0OWpMZzFDTjR5MEIwa2ZrT1J6SmJadHJmVEt6ZEdTNmV0KytUMkZk?=
 =?utf-8?B?SS9DY1pMdHh2NlhjUmlZaEp6YWdZNUhoSS9sbHl1VENlRFNkU2RvZkNPVHpH?=
 =?utf-8?B?T25Ibk9FQTg2VEdiek5PS2lZREkyNVFoN1B2K3BoSmZSWlVDbFFpRzltSXIv?=
 =?utf-8?B?VmJFSEU5MU16QXBSZkpLUi9HSkJlYTVleVo0ejZHc29UUEFCZWwrTW9QRlZ5?=
 =?utf-8?B?Sm9KbUZybFZ6dVRVZ0o2MnNOa05IUVFJL3pkeUZXM0x4MGJGbWRmdVF3NTFF?=
 =?utf-8?B?L2JjRE1kTFEvdUl0NGFDV2FZM2Y4aG9oeThhcmp6eFJhSXBOQ3haWE9GdUZO?=
 =?utf-8?B?U2c9PQ==?=
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b285f70-6cff-4ed1-0398-08dbe5ad6ce1
X-MS-Exchange-CrossTenant-AuthSource: SA2PR11MB5052.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Nov 2023 07:35:22.8163
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 1EEmexRy33MjrsycrOdPJom9fj8H07ym+b8mOJRcz1bICqGlUuOj2YbY+I/H3B9Pd7xBtY40heT8lw1UvL0Zww==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB8573
X-OriginatorOrg: intel.com
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 14 Nov 2023 23:35:45 -0800 (PST)


On 11/7/2023 10:55 PM, isaku.yamahata@intel.com wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
> 
> Add helper functions to allocate/free TDX private host key id (HKID), and
> export the global TDX HKID.
> 
> The memory controller encrypts TDX memory with the assigned TDX HKIDs.  The
> global TDX HKID is to encrypt the TDX module, its memory, and some dynamic
> data (TDR).  The private TDX HKID is assigned to guest TD to encrypt guest
> memory and the related data.  When VMM releases an encrypted page for
> reuse, the page needs a cache flush with the used HKID.  VMM needs the
> global TDX HKID and the private TDX HKIDs to flush encrypted pages.
> 
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> ---
>  arch/x86/include/asm/tdx.h  | 12 ++++++++++++
>  arch/x86/virt/vmx/tdx/tdx.c | 28 +++++++++++++++++++++++++++-
>  2 files changed, 39 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index b7cfdf084860..3b648f290af3 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -114,6 +114,16 @@ int tdx_cpu_enable(void);
>  int tdx_enable(void);
>  void tdx_reset_memory(void);
>  bool tdx_is_private_mem(unsigned long phys);
> +
> +/*
> + * Key id globally used by TDX module: TDX module maps TDR with this TDX global
> + * key id.  TDR includes key id assigned to the TD.  Then TDX module maps other
> + * TD-related pages with the assigned key id.  TDR requires this TDX global key
> + * id for cache flush unlike other TD-related pages.
> + */
> +extern u32 tdx_global_keyid;
> +int tdx_guest_keyid_alloc(void);
> +void tdx_guest_keyid_free(int keyid);
>  #else
>  static inline u64 __seamcall(u64 fn, struct tdx_module_args *args)
>  {
> @@ -132,6 +142,8 @@ static inline int tdx_cpu_enable(void) { return -ENODEV; }
>  static inline int tdx_enable(void)  { return -ENODEV; }
>  static inline void tdx_reset_memory(void) { }
>  static inline bool tdx_is_private_mem(unsigned long phys) { return false; }
> +static inline int tdx_guest_keyid_alloc(void) { return -EOPNOTSUPP; }
> +static inline void tdx_guest_keyid_free(int keyid) { }
>  #endif	/* CONFIG_INTEL_TDX_HOST */
>  
>  #endif /* !__ASSEMBLY__ */
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index 38ec6815a42a..c01cbfc81fbb 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -37,7 +37,8 @@
>  #include <asm/tdx.h>
>  #include "tdx.h"
>  
> -static u32 tdx_global_keyid __ro_after_init;
> +u32 tdx_global_keyid __ro_after_init;
> +EXPORT_SYMBOL_GPL(tdx_global_keyid);
>  static u32 tdx_guest_keyid_start __ro_after_init;
>  static u32 tdx_nr_guest_keyids __ro_after_init;
>  
> @@ -105,6 +106,31 @@ static inline int sc_retry_prerr(sc_func_t func, sc_err_func_t err_func,
>  #define seamcall_prerr_ret(__fn, __args)					\
>  	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
>  
> +/* TDX KeyID pool */
> +static DEFINE_IDA(tdx_guest_keyid_pool);
> +
> +int tdx_guest_keyid_alloc(void)
> +{
> +	if (WARN_ON_ONCE(!tdx_guest_keyid_start || !tdx_nr_guest_keyids))
> +		return -EINVAL;
> +
> +	/* The first keyID is reserved for the global key. */
> +	return ida_alloc_range(&tdx_guest_keyid_pool, tdx_guest_keyid_start + 1,

Per
https://lore.kernel.org/all/121aab11b48b4e6550cfe6d23b4daab744ee2076.1697532085.git.kai.huang@intel.com/
tdx_guest_keyid_start has already reserved the first keyID for global
key, I think we don't need to reserve another one here.

> +			       tdx_guest_keyid_start + tdx_nr_guest_keyids - 1,
> +			       GFP_KERNEL);
> +}
> +EXPORT_SYMBOL_GPL(tdx_guest_keyid_alloc);
> +
> +void tdx_guest_keyid_free(int keyid)
> +{
> +	/* keyid = 0 is reserved. */
> +	if (WARN_ON_ONCE(keyid <= 0))
> +		return;
> +
> +	ida_free(&tdx_guest_keyid_pool, keyid);
> +}
> +EXPORT_SYMBOL_GPL(tdx_guest_keyid_free);
> +
>  /*
>   * Do the module global initialization once and return its result.
>   * It can be done on any cpu.  It's always called with interrupts