Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp177865rdb; Mon, 22 Jan 2024 16:33:22 -0800 (PST) X-Google-Smtp-Source: AGHT+IFDjsGs+CLGwtQaGHrkwEOrMD2OhysZeVRA8jbh2W0uhgeDXuuBLWq3IyUjd7Cx2UuXscTx X-Received: by 2002:a19:7518:0:b0:50f:e83:cadf with SMTP id y24-20020a197518000000b0050f0e83cadfmr729376lfe.231.1705970002611; Mon, 22 Jan 2024 16:33:22 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705970002; cv=pass; d=google.com; s=arc-20160816; b=oSmf0NN7ioAwzPh9YyN6qhtzQB5UCHIahHn2xDz+8GRkZw+iwIQQQLLFfPITRNGlqc 6R1dcmJAmHJQRczqs/ZP20DD6P9dU7ujzHaQitS0FuD1KtR8sWaF0uqmUdx7+7Q5B77E DC7hztxljdG9sBumMoC8oBGZ0H17HSU0yZMwRAkGtkPuNiFpKDjeGPzzeO06OOoEjVpT S7EYJFmtkCuPMPfMITzAsqP2YKXxWsv7eSVXJA2kR4DSfoxwjFbT1ymyM++nuHvO0Cjj Zudd8uung5XsurkIzUi4hs3GfX2E7DfdPlTQ1NEMPRHsc9scCNfzD0UNgi5ApvPkl2Uz TVyw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=3o0rIL2aD3NH8pUNKZZbumlzNK/9YDXyFq0k44oHJ6k=; fh=Itbyk7CEvizIrzGEESCqq3I2tZgG1kc/GkVOa3S7Hsg=; b=DkrQeIXPjUqB/UKM4cb9/rK7c0cmaGSzN2qFecBYsWYFqTwAwe3PIZ1yifYHhvja3j Cvddcbzqzk5bXNP/4A0vx7gYuPm27krRdYQIu7R5Mq5CBXFC0iV3NBjQl5oPG0lwXLS4 dqiRD2ZVQQV5DYdlqhycRFpu38i7UJTixBO2SOTNYQYsg/RrVLw1mf7C61fwoE14Xfv5 c1syfK5AMxGaHzaLeNJ5CAGiebbzxYn1wsYf8BnRdTyOX8c3sFwQYOEGopz8Vboxwh2I LqKvC69EtMSrTouKE6yr3fZwuHSj6GmX4/5bKUSc3pqkaNLlYXu4UikJJ3xaTnP6ZhpF PGjA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QPdcS5+2; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34318-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34318-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id sd18-20020a170906ce3200b00a235a0716b8si11021783ejb.879.2024.01.22.16.33.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 16:33:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34318-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QPdcS5+2; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34318-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34318-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 3389C1F27AFD for ; Tue, 23 Jan 2024 00:33:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E632C52F92; Mon, 22 Jan 2024 23:55:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="QPdcS5+2" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DADEF50A62; Mon, 22 Jan 2024 23:54:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.12 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967700; cv=none; b=Ic+qFV4r1+mw5M2CcNX+cQCErOl8qdXBt3y29HaFsRoU9PJP5w3M44H9/5ypKNDM7kVyZbdnHsflCRCpSKiiR6Ph+soGUaHv0ZOQiBXwrsk/c3BZeXsg8STltsCiLLUacY8p4aFAVl1Da2PxH85R0DXp2eIHeCHuVR3NvH05bgQ= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967700; c=relaxed/simple; bh=A7ezAzNW+x3LYZ1OfRN3x39U1CeFY05u8ohC5GQp9qA=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=DRBIjcraYau9zVCch3DbT/wIxDVDAbIRlqwjUtKr9rXQUrIVdmsEwPCn0bH8IMjcOrxzhd3/Pf4+TxcosErdS+FFSdmbvP4axPDOo2Le9tTkh9OIylzg/71KquHCDAdqfQBwX3EUz5pQqEM+1L3OBmE0RcDZzih0FaOy6zr4sZU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=QPdcS5+2; arc=none smtp.client-ip=192.198.163.12 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1705967699; x=1737503699; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=A7ezAzNW+x3LYZ1OfRN3x39U1CeFY05u8ohC5GQp9qA=; b=QPdcS5+2Tvxm/9DDpjLdfAJbZMzSQl/bkXstXiMOcJqHM6se0abeSGQD ZEUehi8h3qb9rcqXXutw8Wvlw5pvEpmSuKAYNRw9v3ovi1TetmlVOzv49 F4aGtrwH5Fyksh1n1sX1WAVztctI/z6SvQAPAf9ZSb+/iqfsCPt92hGr3 AazqnjRgie1dTOkLaeLHB+pgB/Mh1tb6S4NpTYL6b+Xmwb1slUccHXK6e EUkEX8KnuwvnOrMOx+kEq8L28ct++eFwM103S/rF4cLIRoOWYegNkv2W0 tQjtWpcLw574GguZULe+PIQApIwtsZAH9snRMQkSBhhcAFf1YsNFC3vs5 w==; X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="1217841" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="1217841" Received: from orviesa005.jf.intel.com ([10.64.159.145]) by fmvoesa106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:54:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="1350147" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orviesa005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:54:58 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v18 010/121] KVM: TDX: Make TDX VM type supported Date: Mon, 22 Jan 2024 15:52:46 -0800 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata NOTE: This patch is in position of the patch series for developers to be able to test codes during the middle of the patch series although this patch series doesn't provide functional features until the all the patches of this patch series. When merging this patch series, this patch can be moved to the end. As first step TDX VM support, return that TDX VM type supported to device model, e.g. qemu. The callback to create guest TD is vm_init callback for KVM_CREATE_VM. Signed-off-by: Isaku Yamahata --- arch/x86/kvm/vmx/main.c | 18 ++++++++++++++++-- arch/x86/kvm/vmx/tdx.c | 6 ++++++ arch/x86/kvm/vmx/vmx.c | 6 ------ arch/x86/kvm/vmx/x86_ops.h | 3 ++- 4 files changed, 24 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index f6b66f18c070..62236bde3779 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -10,6 +10,12 @@ static bool enable_tdx __ro_after_init; module_param_named(tdx, enable_tdx, bool, 0444); +static bool vt_is_vm_type_supported(unsigned long type) +{ + return __kvm_is_vm_type_supported(type) || + (enable_tdx && tdx_is_vm_type_supported(type)); +} + static int vt_hardware_enable(void) { int ret; @@ -41,6 +47,14 @@ static __init int vt_hardware_setup(void) return 0; } +static int vt_vm_init(struct kvm *kvm) +{ + if (is_td(kvm)) + return -EOPNOTSUPP; /* Not ready to create guest TD yet. */ + + return vmx_vm_init(kvm); +} + #define VMX_REQUIRED_APICV_INHIBITS \ (BIT(APICV_INHIBIT_REASON_DISABLE)| \ BIT(APICV_INHIBIT_REASON_ABSENT) | \ @@ -61,9 +75,9 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .hardware_disable = vmx_hardware_disable, .has_emulated_msr = vmx_has_emulated_msr, - .is_vm_type_supported = vmx_is_vm_type_supported, + .is_vm_type_supported = vt_is_vm_type_supported, .vm_size = sizeof(struct kvm_vmx), - .vm_init = vmx_vm_init, + .vm_init = vt_vm_init, .vm_destroy = vmx_vm_destroy, .vcpu_precreate = vmx_vcpu_precreate, diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 1c9884164566..9d3f593eacb8 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -24,6 +24,12 @@ static int __init tdx_module_setup(void) return 0; } +bool tdx_is_vm_type_supported(unsigned long type) +{ + /* enable_tdx check is done by the caller. */ + return type == KVM_X86_TDX_VM; +} + struct vmx_tdx_enabled { cpumask_var_t vmx_enabled; atomic_t err; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 3f4dad3acb13..69f5e0597534 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -7531,12 +7531,6 @@ int vmx_vcpu_create(struct kvm_vcpu *vcpu) return err; } -bool vmx_is_vm_type_supported(unsigned long type) -{ - /* TODO: Check if TDX is supported. */ - return __kvm_is_vm_type_supported(type); -} - #define L1TF_MSG_SMT "L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n" #define L1TF_MSG_L1D "L1TF CPU bug present and virtualization mitigation disabled, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.\n" diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index b44cb681f74d..5da7a5fd91cb 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -28,7 +28,6 @@ void vmx_hardware_unsetup(void); int vmx_check_processor_compat(void); int vmx_hardware_enable(void); void vmx_hardware_disable(void); -bool vmx_is_vm_type_supported(unsigned long type); int vmx_vm_init(struct kvm *kvm); void vmx_vm_destroy(struct kvm *kvm); int vmx_vcpu_precreate(struct kvm *kvm); @@ -137,8 +136,10 @@ void vmx_setup_mce(struct kvm_vcpu *vcpu); #ifdef CONFIG_INTEL_TDX_HOST int __init tdx_hardware_setup(struct kvm_x86_ops *x86_ops); +bool tdx_is_vm_type_supported(unsigned long type); #else static inline int tdx_hardware_setup(struct kvm_x86_ops *x86_ops) { return -EOPNOTSUPP; } +static inline bool tdx_is_vm_type_supported(unsigned long type) { return false; } #endif #endif /* __KVM_X86_VMX_X86_OPS_H */ -- 2.25.1