Received: by 2002:a05:7412:5112:b0:fa:6e18:a558 with SMTP id fm18csp605914rdb; Tue, 23 Jan 2024 09:03:11 -0800 (PST) X-Google-Smtp-Source: AGHT+IHlLXfOSW3RF0gKgPeru2jalh8LWm1PojQUf0pxU0e25v9mwJEWOtLZP5/G8cb5l1kQDT4Y X-Received: by 2002:a17:903:124b:b0:1d4:fd84:bee2 with SMTP id u11-20020a170903124b00b001d4fd84bee2mr4433846plh.7.1706029391471; Tue, 23 Jan 2024 09:03:11 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1706029391; cv=pass; d=google.com; s=arc-20160816; b=0HiUNLxVuxiO5YHzAWgDLBuofqqD3O5fFgaI8OrUmshBMAoRE9BGZeRlbfDcgTsYpK 7byWaX6hIk2eAbXVuMYvFAZd0hdE5XfePg79WG48W7LsjJ8grzQSdU08joSduFDvF7uR DRpleauvHmjttErYry/4Nd9eFLENwM2x+FAG0wQW5DCai9kuF381FVzmcRzmdNn2AUX0 uwkBTfsekA0WoI4Es8EtB6IhmjTMgOfy/8x7m4urHCSw/roKSIvd8D8PHQY2Pdox5wTc r/qWNNETA9vrivi6X6nWSt56J4f7ifrCm/1FxBiI9DoJmSuZfGnvArE2vLdWZbVIjPa1 0PRA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:date:message-id:dkim-signature; bh=rOp9uGPw/vsbA5qpGsper8KL8yRFd+EtZstiP2EWKeE=; fh=8scsGQn+hJ1HvbMI23kGOdGh/wtWpH4wdCi8Q1zCFc4=; b=rP0kq+glFCx4TDPNTMKqUuNEbuowZf+0NIhEKvBZKQkJ/pa/1FH+m0pPjfquI/1vtY /iD6aBzZFGIS6gHQ8PZexiivXAwYnqY6uTLGG+36k5nX3LTjSj1PwQNlHvGjQX4dn6FB RLkpZ8856Rh8CJWo54zb9IhIIqs18JS5QhMfk9aQ1XL/PBSBmJb2eGiqJm3QAEzWCRYG ll1SUJC7Q27OOzno8dl/FOmsuSVmmXufcXW2/R00lxCMwAGK4mSDqmCqXNbekyDcfCMD h0FlOsZa4pYKTOYz+GkS7U3W2GQlEug437+WcewFpQZpJUnBEZ4JrU86UMJtpPCNuqyr WQlg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=PzIa2Ovf; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34993-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34993-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id c1-20020a630d01000000b005cf0309c21esi9829567pgl.269.2024.01.23.09.03.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Jan 2024 09:03:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-34993-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=PzIa2Ovf; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-34993-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-34993-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id A9A4CB226F6 for ; Tue, 23 Jan 2024 09:26:23 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3536B59B57; Tue, 23 Jan 2024 09:26:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="PzIa2Ovf" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3B7C458ABB; Tue, 23 Jan 2024 09:26:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.8 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706001972; cv=none; b=fV3iSjmUw15cYlFFj0dViPutoBC68BQ3/Ugm4+4/fmtqdBYeGpY2WOKtnp4o3JXLlhgsuQWPC8lr5nE93+ZCjynmfkr5W7qnuuKn6MmGGl9tsIkT1zc7RDiUYwsM/AjVAGRR6CsQUbGBX9vO+GXKeyUee8JSmSrzONfYjZiahkg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706001972; c=relaxed/simple; bh=FuJ3TFWqkwrEJ3h5NAnbltorQCrpxIgD0hjhe8TN+ys=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=EKvs2z14XBwanSu3BYBXRhU/KuW8YGNnQ7ycvQlBSpatTggjUCXvJxb+32V7eCvrbIqb9AjUBqNJOx5gZ1BPEEElW+X8EXPC2IocGc0bvs48mAyO/pdB27f0qPoZnyfJzmRAAAT/J8J6nJB1qPzzGkP1+8or3ouaMNI8TDriTWg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=PzIa2Ovf; arc=none smtp.client-ip=192.198.163.8 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706001970; x=1737537970; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=FuJ3TFWqkwrEJ3h5NAnbltorQCrpxIgD0hjhe8TN+ys=; b=PzIa2Ovf9Je3R2zUDF3qsMPmLN2oQKqu8Vik2z2k90oESdMO94Y70+JN BsYfenpL9B9oUV8jX1KGyA+01kjBuuvc39HnRkWhlmyz/Txy3z+KQSK03 GUqcpKnpXgbNige1nGTZAeZr8PW9vKxdkxDYQE/O3Djd78pfA7CHt1ztN DkFZ9TqbSXKXJ8B+YOPKZX5XtiwKmtXP0C6paIxDSI+2goG/NgnzVyBJX F24YeeDqJHYyyT/8zM/u8zjjgx3g759i996ENwM8zuViuCIz2ngNARhEE YcFrWae3AzR5FOXs0SClQ5YuClt+QE7PXrqEzQeW+R/f7tv83J7zqm3LJ g==; X-IronPort-AV: E=McAfee;i="6600,9927,10961"; a="14981139" X-IronPort-AV: E=Sophos;i="6.05,214,1701158400"; d="scan'208";a="14981139" Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by fmvoesa102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 01:26:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,214,1701158400"; d="scan'208";a="1482521" Received: from binbinwu-mobl.ccr.corp.intel.com (HELO [10.93.8.92]) ([10.93.8.92]) by fmviesa005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2024 01:26:05 -0800 Message-ID: <09439dc1-1d07-4412-a0b5-1cded40ee40a@linux.intel.com> Date: Tue, 23 Jan 2024 17:26:02 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v18 018/121] KVM: TDX: Add helper functions to allocate/free TDX private host key id To: isaku.yamahata@intel.com Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com References: <16ebf3b34cf1a2346ac6a58f4dc720abf74daab4.1705965634.git.isaku.yamahata@intel.com> From: Binbin Wu In-Reply-To: <16ebf3b34cf1a2346ac6a58f4dc720abf74daab4.1705965634.git.isaku.yamahata@intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/23/2024 7:52 AM, isaku.yamahata@intel.com wrote: > From: Isaku Yamahata > > Add helper functions to allocate/free TDX private host key id (HKID). > > The memory controller encrypts TDX memory with the assigned TDX HKIDs. The > global TDX HKID is to encrypt the TDX module, its memory, and some dynamic > data (TDR). The private TDX HKID is assigned to guest TD to encrypt guest > memory and the related data. When VMM releases an encrypted page for > reuse, the page needs a cache flush with the used HKID. VMM needs the > global TDX HKID and the private TDX HKIDs to flush encrypted pages. > > Signed-off-by: Isaku Yamahata > --- > v18: > - Moved the functions to kvm tdx from arch/x86/virt/vmx/tdx/ > - Drop exporting symbols as the host tdx does. > --- > arch/x86/kvm/vmx/tdx.c | 29 +++++++++++++++++++++++++++++ > 1 file changed, 29 insertions(+) > > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c > index 9d3f593eacb8..ee9d6a687d93 100644 > --- a/arch/x86/kvm/vmx/tdx.c > +++ b/arch/x86/kvm/vmx/tdx.c > @@ -11,6 +11,35 @@ > #undef pr_fmt > #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt > > +/* > + * Key id globally used by TDX module: TDX module maps TDR with this TDX global > + * key id. TDR includes key id assigned to the TD. Then TDX module maps other > + * TD-related pages with the assigned key id. TDR requires this TDX global key > + * id for cache flush unlike other TD-related pages. > + */ > +/* TDX KeyID pool */ > +static DEFINE_IDA(tdx_guest_keyid_pool); > + > +static int __used tdx_guest_keyid_alloc(void) > +{ > + if (WARN_ON_ONCE(!tdx_guest_keyid_start || !tdx_nr_guest_keyids)) > + return -EINVAL; > + > + /* The first keyID is reserved for the global key. */ Seems no need to add the comment here any more. > + return ida_alloc_range(&tdx_guest_keyid_pool, tdx_guest_keyid_start, > + tdx_guest_keyid_start + tdx_nr_guest_keyids - 1, > + GFP_KERNEL); > +} > + > +static void __used tdx_guest_keyid_free(int keyid) > +{ > + /* keyid = 0 is reserved. */ > + if (WARN_ON_ONCE(keyid <= 0)) Why not use tdx_guest_keyid_start and its range directly for the check? > + return; > + > + ida_free(&tdx_guest_keyid_pool, keyid); > +} > + > static int __init tdx_module_setup(void) > { > int ret;