Received: by 2002:a05:7412:e79e:b0:f3:1519:9f41 with SMTP id o30csp59179rdd; Wed, 22 Nov 2023 09:19:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IF6cZF7e4bwQIwcSyr77tQzwxWCK/qIEpsosrEIFX3QPXERWNuy30j0bNq8HMOPtryok6lJ X-Received: by 2002:a05:6a21:1208:b0:18a:e21e:51a9 with SMTP id oe8-20020a056a21120800b0018ae21e51a9mr2331772pzb.60.1700673581797; Wed, 22 Nov 2023 09:19:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700673581; cv=none; d=google.com; s=arc-20160816; b=UjWY2wudbBBn4gqhakVjt08/R7qNTPsSyJ9bilmYxzcje/NSumT7HC5wYR1nZHWHML p9o8KSe/EUN/WcQmefcFS3cFiy0MHiDqIOp1jJS3AN56gh2AebJPRTcdLwTn7KOs3H0t PyhEaINw0YNoMGQBTvfaOSEB0234sYJ1eAjfNGJUdIFLMiCOYGgvOMLqup0upsNhwTRU vSvkgS8ad/T1XEn4evF4ZHwAOo/yUyLEeOEYgH2R8aKY3cWte6vLz+0Ce+JNyOLyerrl vPwLn45LHOBXZg5A8N3xPlGOf5ke42y7Ezya6RojExJWSxMT/zG0KalhAdh5sgcS+tc2 pVIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-filter; bh=3LZ9zzeuLYlI71EPLuHTSgdCNU++nYBhxEZHJbsDSlY=; fh=TUzkTK21/UltQaSwblS2Zj3JNSnNRYOMz1OcqFsuKc0=; b=xGClMTJ0NBFGqooJnKgfeo9IhrnYLlOgxROQ5UxiDjZkx93bIpFVuisj/C/kSvzs0F arcE0lkE7oxU4gf3/69cWSPy04OT+X9cJ1tO3d4y5dROXbbszvVwQiR/7EuVE4zmHMIO cHGI6yTI+ntNQAkZFP3KScWvT2m8C9N/GVoEZw9QwgxFrexwVgc+6LSXNzU6EXG0T3g/ 5O5O9TtAwYnLS6dbYl7Px2cw4cXQybcCht4MiBEfWpYk3gq5NqGxcziRLKfELi+EtJnU 2nafoR4C4MtUO11AAL2PwzADBiJFcr07UzcgXy2GUT0iO5GjCOl9f+jhCzKawRp3TINz St3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=FNbbciuy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id f13-20020a056a001acd00b006cbaae6a06asi6555089pfv.384.2023.11.22.09.19.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Nov 2023 09:19:41 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=FNbbciuy; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 58F978266480; Wed, 22 Nov 2023 09:19:38 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232615AbjKVRTb (ORCPT + 99 others); Wed, 22 Nov 2023 12:19:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231793AbjKVRTa (ORCPT ); Wed, 22 Nov 2023 12:19:30 -0500 Received: from linux.microsoft.com (linux.microsoft.com [13.77.154.182]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4EA9C83; Wed, 22 Nov 2023 09:19:26 -0800 (PST) Received: from [192.168.2.39] (77-166-152-30.fixed.kpn.net [77.166.152.30]) by linux.microsoft.com (Postfix) with ESMTPSA id BF0E720B74C0; Wed, 22 Nov 2023 09:19:21 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com BF0E720B74C0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1700673565; bh=3LZ9zzeuLYlI71EPLuHTSgdCNU++nYBhxEZHJbsDSlY=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=FNbbciuyWCaA9TZyyEjX7d7DkZgEQKBFsmxLo1LiA3Jvi+6vHmrWZOH1gV+NeKDDb awySjemfomgKj1xLIpgE4rr02YE7Le1qQnjEgZqb1n9SSbtUzvywHYQp/Eh9EIIvna vUDSo7AuFhfJhv42JxDDyPmWaLsJVvg8qBnw4i+E= Message-ID: <0799b692-4b26-4e00-9cec-fdc4c929ea58@linux.microsoft.com> Date: Wed, 22 Nov 2023 18:19:20 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v1 1/3] x86/tdx: Check for TDX partitioning during early TDX init Content-Language: en-US To: Borislav Petkov Cc: linux-hyperv@vger.kernel.org, stefan.bader@canonical.com, tim.gardner@canonical.com, roxana.nicolescu@canonical.com, cascardo@canonical.com, kys@microsoft.com, haiyangz@microsoft.com, wei.liu@kernel.org, sashal@kernel.org, stable@vger.kernel.org, linux-kernel@vger.kernel.org, "H. Peter Anvin" , Dave Hansen , Ingo Molnar , "Kirill A. Shutemov" , Michael Kelley , Nikolay Borisov , Peter Zijlstra , Thomas Gleixner , Tom Lendacky , x86@kernel.org, Dexuan Cui References: <20231122170106.270266-1-jpiotrowski@linux.microsoft.com> From: Jeremi Piotrowski In-Reply-To: <20231122170106.270266-1-jpiotrowski@linux.microsoft.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-8.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 22 Nov 2023 09:19:38 -0800 (PST) On 22/11/2023 18:01, Jeremi Piotrowski wrote: > Check for additional CPUID bits to identify TDX guests running with Trust > Domain (TD) partitioning enabled. TD partitioning is like nested virtualization > inside the Trust Domain so there is a L1 TD VM(M) and there can be L2 TD VM(s). > > In this arrangement we are not guaranteed that the TDX_CPUID_LEAF_ID is visible > to Linux running as an L2 TD VM. This is because a majority of TDX facilities > are controlled by the L1 VMM and the L2 TDX guest needs to use TD partitioning > aware mechanisms for what's left. So currently such guests do not have > X86_FEATURE_TDX_GUEST set. > > We want the kernel to have X86_FEATURE_TDX_GUEST set for all TDX guests so we > need to check these additional CPUID bits, but we skip further initialization > in the function as we aren't guaranteed access to TDX module calls. > > Cc: # v6.5+ > Signed-off-by: Jeremi Piotrowski > --- > arch/x86/coco/tdx/tdx.c | 29 ++++++++++++++++++++++++++--- > arch/x86/include/asm/tdx.h | 3 +++ > 2 files changed, 29 insertions(+), 3 deletions(-) > > diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c > index 1d6b863c42b0..c7bbbaaf654d 100644 > --- a/arch/x86/coco/tdx/tdx.c > +++ b/arch/x86/coco/tdx/tdx.c > @@ -8,6 +8,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -37,6 +38,8 @@ > > #define TDREPORT_SUBTYPE_0 0 > > +bool tdx_partitioning_active; > + > /* Called from __tdx_hypercall() for unrecoverable failure */ > noinstr void __tdx_hypercall_failed(void) > { > @@ -757,19 +760,38 @@ static bool tdx_enc_status_change_finish(unsigned long vaddr, int numpages, > return true; > } > > + > +static bool early_is_hv_tdx_partitioning(void) > +{ > + u32 eax, ebx, ecx, edx; > + cpuid(HYPERV_CPUID_ISOLATION_CONFIG, &eax, &ebx, &ecx, &edx); > + return eax & HV_PARAVISOR_PRESENT && > + (ebx & HV_ISOLATION_TYPE) == HV_ISOLATION_TYPE_TDX; > +} > + > void __init tdx_early_init(void) > { > u64 cc_mask; > u32 eax, sig[3]; > > cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &sig[0], &sig[2], &sig[1]); > - > - if (memcmp(TDX_IDENT, sig, sizeof(sig))) > - return; > + if (memcmp(TDX_IDENT, sig, sizeof(sig))) { > + tdx_partitioning_active = early_is_hv_tdx_partitioning(); > + if (!tdx_partitioning_active) > + return; > + } Hi Borislav, Just wanted to run another option by you. Instead of checking the CPUID here we could accomplish the same result by doing _this_ in the hyperv cc init: diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index 8c6bf07f7d2b..705794642d34 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -595,6 +595,8 @@ void __init hv_vtom_init(void) #endif case HV_ISOLATION_TYPE_TDX: + setup_force_cpu_cap(X86_FEATURE_TDX_GUEST); + tdx_partitioning_active = true; cc_vendor = CC_VENDOR_INTEL; break; Which approach do you prefer? Thanks, Jeremi > > setup_force_cpu_cap(X86_FEATURE_TDX_GUEST); > > cc_vendor = CC_VENDOR_INTEL; > + > + /* > + * Need to defer cc_mask and page visibility callback initializations > + * to a TD-partitioning aware implementation. > + */ > + if (tdx_partitioning_active) > + goto exit; > + > tdx_parse_tdinfo(&cc_mask); > cc_set_mask(cc_mask); > > @@ -820,5 +842,6 @@ void __init tdx_early_init(void) > */ > x86_cpuinit.parallel_bringup = false; > > +exit: > pr_info("Guest detected\n"); > } > diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h > index 603e6d1e9d4a..fe22f8675859 100644 > --- a/arch/x86/include/asm/tdx.h > +++ b/arch/x86/include/asm/tdx.h > @@ -52,6 +52,7 @@ bool tdx_early_handle_ve(struct pt_regs *regs); > > int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport); > > +extern bool tdx_partitioning_active; > #else > > static inline void tdx_early_init(void) { }; > @@ -71,6 +72,8 @@ static inline long tdx_kvm_hypercall(unsigned int nr, unsigned long p1, > { > return -ENODEV; > } > + > +#define tdx_partitioning_active false > #endif /* CONFIG_INTEL_TDX_GUEST && CONFIG_KVM_GUEST */ > #endif /* !__ASSEMBLY__ */ > #endif /* _ASM_X86_TDX_H */