Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp189562rdb; Mon, 22 Jan 2024 17:03:52 -0800 (PST) X-Google-Smtp-Source: AGHT+IFRdVWZzfRnz+xtPRt8W0QBZys55SfKHfmTmOuQFtps9d7Bi9oDL6WZALzkqrkLHFBQL+l2 X-Received: by 2002:a05:6870:c155:b0:210:a6b5:2864 with SMTP id g21-20020a056870c15500b00210a6b52864mr757134oad.42.1705971832176; Mon, 22 Jan 2024 17:03:52 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705971832; cv=pass; d=google.com; s=arc-20160816; b=EWpJBjQiD1cGYCUhZHsfK6bddXiRHvBHYXDLKyECs4HVcLhyYjoxrisl4MBtcXerV4 q4E2O2ISdcH/HHsYnPnsCRexA95w0PlXScQrBmV2fuwepnObaHZoGHmI7Io/BEUGaHh/ t677ihDNWfwedZrozAfwqXQ53BA4EJoMx2pb7N2eelGzPTc1uiLajT445m/atuaGJrga GSpaPl1vtYtlC6v2y3G1eMvhJNhZbY3ufJcJjqdazf3slwUQYPFGKceA7WEfgqCJsjTr HLVrKaSEwj0hYeXScr3RqaFnFmFXuBSj2PoNrRqN8rNHlQGF76P8A76OBQzL8rGipmqs RnNQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=dVxd2Z3D9ZH6/WZqVnxLuPBGA3TvO4nZp2J7bLs9aW0=; fh=Itbyk7CEvizIrzGEESCqq3I2tZgG1kc/GkVOa3S7Hsg=; b=BgZrGyf3i/VlktgVw+Uo60q4DtwsooWhrTkz1K3pGRRNzpXpGy5UtVTbbbE/8L3kez jQ1zyp5XcIKgJJfwiIPGJqDumM6HQfiud91jEkY+4wX+BYIoyV9llZ87bxv/DhQHV/nR Ih8Bj6TpytabG4XuCVTyNcF1BI1KPI14bO0rx5eybl2ggQR7JErPfXOR9k09Z9ixB+b0 eOZhhN+o3opUgPAKuBCD+OC3O/qLrqrdXqbd0I0KAntzoyHDdQzZ6pKtbSOnOZbqtbq7 1366kot6dRrNk+ZnW5s75RcHz/rtqT8ZkJfTzp2AXaucI6MJyuol3VLpVpr2JJ8MmCon BdKA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=b5T81TQ5; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34327-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34327-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id h4-20020a654804000000b005cdf7387492si8788841pgs.263.2024.01.22.17.03.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Jan 2024 17:03:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34327-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=b5T81TQ5; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34327-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34327-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 82EAEB28C98 for ; Tue, 23 Jan 2024 00:38:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8B8FE58AC1; Mon, 22 Jan 2024 23:55:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="b5T81TQ5" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C8BD5786E; Mon, 22 Jan 2024 23:55:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.15 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967708; cv=none; b=avcCjyiBa4V1hnmm6WLTfeWHnafrooJ11Nsg7BkI4/QKIDAikxmSr+uQVR92GIiDp2vIPywdLy6f3RGvZnZG3nAqZD8wSOYhKxww9OaIcGrxlAahXSVv0bE9Sv6YWHnnmvNACkiWGUN7i07ovAz/tkDKRgvKoj5FhT01XyGE8HI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705967708; c=relaxed/simple; bh=EDYr4lgdW6JFMZ6HyRGabbtWHlxR2mkb0WVmf9cbOE4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=paEANL54imSb3F4RSCoGpA/u3Nqjw892+j0NXbWVRGzv4YMWkfa8aLiNuKc7UdFR7q/+AArj9fP3RiE5lU2UupteIGCnJSVyozDe5ePZ5teELG0ui8QoTrqhHja+gNuNGGcIpFhyfDHpj2gEr3hNKjLtkntpsoldZiOZPiD42gM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=b5T81TQ5; arc=none smtp.client-ip=198.175.65.15 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1705967707; x=1737503707; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=EDYr4lgdW6JFMZ6HyRGabbtWHlxR2mkb0WVmf9cbOE4=; b=b5T81TQ5e5oyZqYFKvnDG9mx7fwadzajbPvy2aJ1rXqDSPqBEsZtzVqT ELAo36AAwhZhP3M/OtYroS7IlkfmU2PvKiwrfeylAqy7367NUQZ1qX9kT Zkk6CnLpXcl1jVPyEKuT6NrbbE+KDpxASGhakw+i+OwKVujwkMgv3MxQg yn4eF4CvgmL1Xq63/9Kl4ti5OrHyROppRxHHwywcZ1XeMZLh0L9alSVvt eCr7OfXCoSpXShOgGO8S42UpNGPNLtK46Jirf2hgVCxb5bR1WkpWY3zXv rPbMGrCIbkSXBp0h6tXphKCenyrAL+CvEQQ5fDRgMIyiDtwrQEfoKNwvI g==; X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="1243769" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="1243769" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:05 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="819888425" X-IronPort-AV: E=Sophos;i="6.05,212,1701158400"; d="scan'208";a="819888425" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jan 2024 15:55:04 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v18 018/121] KVM: TDX: Add helper functions to allocate/free TDX private host key id Date: Mon, 22 Jan 2024 15:52:54 -0800 Message-Id: <16ebf3b34cf1a2346ac6a58f4dc720abf74daab4.1705965634.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata Add helper functions to allocate/free TDX private host key id (HKID). The memory controller encrypts TDX memory with the assigned TDX HKIDs. The global TDX HKID is to encrypt the TDX module, its memory, and some dynamic data (TDR). The private TDX HKID is assigned to guest TD to encrypt guest memory and the related data. When VMM releases an encrypted page for reuse, the page needs a cache flush with the used HKID. VMM needs the global TDX HKID and the private TDX HKIDs to flush encrypted pages. Signed-off-by: Isaku Yamahata --- v18: - Moved the functions to kvm tdx from arch/x86/virt/vmx/tdx/ - Drop exporting symbols as the host tdx does. --- arch/x86/kvm/vmx/tdx.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 9d3f593eacb8..ee9d6a687d93 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -11,6 +11,35 @@ #undef pr_fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +/* + * Key id globally used by TDX module: TDX module maps TDR with this TDX global + * key id. TDR includes key id assigned to the TD. Then TDX module maps other + * TD-related pages with the assigned key id. TDR requires this TDX global key + * id for cache flush unlike other TD-related pages. + */ +/* TDX KeyID pool */ +static DEFINE_IDA(tdx_guest_keyid_pool); + +static int __used tdx_guest_keyid_alloc(void) +{ + if (WARN_ON_ONCE(!tdx_guest_keyid_start || !tdx_nr_guest_keyids)) + return -EINVAL; + + /* The first keyID is reserved for the global key. */ + return ida_alloc_range(&tdx_guest_keyid_pool, tdx_guest_keyid_start, + tdx_guest_keyid_start + tdx_nr_guest_keyids - 1, + GFP_KERNEL); +} + +static void __used tdx_guest_keyid_free(int keyid) +{ + /* keyid = 0 is reserved. */ + if (WARN_ON_ONCE(keyid <= 0)) + return; + + ida_free(&tdx_guest_keyid_pool, keyid); +} + static int __init tdx_module_setup(void) { int ret; -- 2.25.1