Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1174804rbb; Mon, 26 Feb 2024 00:38:30 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWoM+IoS8liUpD2AqNnPNpStuOqOLw1f4knoqgZTwUfPhk5joige9xDlrNuDXfziorQr4npqnXTqJAD1S2WT+w94YKGxMEeqgpo6i1mfg== X-Google-Smtp-Source: AGHT+IHRW86BR/+x8yS3KWN6TI97Y+d3c/7VVm1Yog0jrI2zw5ZWxlSL4LHqa4hkoeM62dTqMKvP X-Received: by 2002:aa7:c60b:0:b0:565:b666:a663 with SMTP id h11-20020aa7c60b000000b00565b666a663mr2812693edq.3.1708936710418; Mon, 26 Feb 2024 00:38:30 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708936710; cv=pass; d=google.com; s=arc-20160816; b=eZewbcpyG2tSkCOlENLIq0y1FqD5eGDbSyD2N9mr7R7EBmqkq7lkKmPfWpN69j0egW 2WUKvmKRI5TiPSGhTIghB1PSULGAXyo/3Oh47IjaSbK/eLRPY1HOSbseqEfS2z7UKqg0 1WZQhvwgjksIcUQy3qDuHHlJxPD6ApZ3sMF4ykzdq7wK/ZTBk5yWgRaOObL3jpreZ9Mx BS+NFdOlenVoOV+UmZfZXHzngVCRzpQvSU8ILX+7MQxuMbdLcOepaGy0rYn11o3oeqyn oL0ZV+9rPcFW3/TA0og8JPAZV5Ss42BZRO7/LH8nYyhTyMKNGWfalYiQHUm3M3I0oq+W OaYg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=mhxv6f750yyBcCcP1OYhTpa+uLELGVy2hi6L3kJ18w0=; fh=Itbyk7CEvizIrzGEESCqq3I2tZgG1kc/GkVOa3S7Hsg=; b=C//qPx7Sf4Sve3FhsEHeil08gc4ijenCllu5HyIHuO5Xn6Z6VuQw5DnZecUz97lbvE ZthR0vO3IF48dfqDT8tKZAn2QK5KdNvBB0R6gHil6mlVBR04TDl/f+MFj7Z5vLJmQjef 0q2XMyIBjehLna8F7z5kkiumNp6ILCeHyC/7aNn8ykUJnhAbnoMyaWp/nHjoxBaMv/e3 bBXmVQp+JZdap1gnhBSvffv32ERCXDlU3VbzcsxcG2UI+otwn1GyIh2lCL/R2JXGC+4O 5jTpybeWSc9P0pEpRNnS7cuoIHXAz0IO+WhG5w4x+ZfHq8g/090MvdjghxO8D+6IIcvF JzPw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Fg19aK5I; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80793-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80793-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id g24-20020aa7d1d8000000b005643fc438besi1835119edp.189.2024.02.26.00.38.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 00:38:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-80793-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Fg19aK5I; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80793-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80793-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 301FE1F21267 for ; Mon, 26 Feb 2024 08:38:30 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 873835A7B5; Mon, 26 Feb 2024 08:28:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Fg19aK5I" Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B92358239; Mon, 26 Feb 2024 08:28:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.13 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936082; cv=none; b=tqG41N9tsw2jSUIWLHfRYZL2WmTDWgG/pAjd2O1+Drd/O9NuYly8YxFW4SI3eS/9HlWKReXFdnxMfH6tajjuEZSjQHOI2WZ/xjC9RIBIAkwO1anR94g1AoXYjrHTYv5cVCn1AU6tsquK65JO84gy59AYiWV2gWkRp51NO2NymC8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936082; c=relaxed/simple; bh=bjQSqSS3f2d0HbCCIxYTXagxQRR+xdW29IEToT0E4RY=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=feuEKfpSMyJwkf/F7oyK7iuOUu/sX3oYUut1U1UuFPZNiIsP4nIuT6GnZmFt6sw/8zlJOj0aLkTrCIbvcW22d2uxTqdeOvngSxEdCMTpgRf56EAMpOt8M4vcX+MXWV35infvsJ9g/an3rgLH00uugwr5XvmoGnpXeUebHkKhKz0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Fg19aK5I; arc=none smtp.client-ip=192.198.163.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708936080; x=1740472080; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=bjQSqSS3f2d0HbCCIxYTXagxQRR+xdW29IEToT0E4RY=; b=Fg19aK5IOsXnC4P+SqqkVq/wb937vNbcCD3NzyuDLNcfmmVgtm7QU/73 sza7BszFdYgwWUoGo069Ogr1NdlQZ3gpAQQyNHP9ysyVa9l5yzsSjVOvL 8r//3hhV6GeSjyWiYKQAAT0HcVwpF19uRn4kxDKJgzjjz/CzriGy7HWIg aJQuSrwZ0hDasGKt7Q+9x3yMzeXigbFj4RRaTvKMGz4E6xAFDSNH2T5ZA Uz/YikiBSw/wh065o6w/qvEdZIBm1nDmKeWuacB2eLenihcjihW+g1+bz WyQNw9qnfp5NY1sM2Aajm/3fu6HMtWRV40WmygmsTqmQXsxpjTQiwNp5Y g==; X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="6155281" X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="6155281" Received: from orviesa009.jf.intel.com ([10.64.159.149]) by fmvoesa107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:27:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="6615557" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orviesa009-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:27:58 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com Subject: [PATCH v19 032/130] KVM: TDX: Add helper functions to allocate/free TDX private host key id Date: Mon, 26 Feb 2024 00:25:34 -0800 Message-Id: <7348e22ba8d0eeab7ba093f3e83bfa7ee4da1928.1708933498.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: Isaku Yamahata Add helper functions to allocate/free TDX private host key id (HKID). The memory controller encrypts TDX memory with the assigned TDX HKIDs. The global TDX HKID is to encrypt the TDX module, its memory, and some dynamic data (TDR). The private TDX HKID is assigned to guest TD to encrypt guest memory and the related data. When VMM releases an encrypted page for reuse, the page needs a cache flush with the used HKID. VMM needs the global TDX HKID and the private TDX HKIDs to flush encrypted pages. Signed-off-by: Isaku Yamahata --- v19: - Removed stale comment in tdx_guest_keyid_alloc() by Binbin - Update sanity check in tdx_guest_keyid_free() by Binbin v18: - Moved the functions to kvm tdx from arch/x86/virt/vmx/tdx/ - Drop exporting symbols as the host tdx does. Signed-off-by: Isaku Yamahata --- arch/x86/kvm/vmx/tdx.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index a7e096fd8361..cde971122c1e 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -11,6 +11,34 @@ #undef pr_fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt +/* + * Key id globally used by TDX module: TDX module maps TDR with this TDX global + * key id. TDR includes key id assigned to the TD. Then TDX module maps other + * TD-related pages with the assigned key id. TDR requires this TDX global key + * id for cache flush unlike other TD-related pages. + */ +/* TDX KeyID pool */ +static DEFINE_IDA(tdx_guest_keyid_pool); + +static int __used tdx_guest_keyid_alloc(void) +{ + if (WARN_ON_ONCE(!tdx_guest_keyid_start || !tdx_nr_guest_keyids)) + return -EINVAL; + + return ida_alloc_range(&tdx_guest_keyid_pool, tdx_guest_keyid_start, + tdx_guest_keyid_start + tdx_nr_guest_keyids - 1, + GFP_KERNEL); +} + +static void __used tdx_guest_keyid_free(int keyid) +{ + if (WARN_ON_ONCE(keyid < tdx_guest_keyid_start || + keyid > tdx_guest_keyid_start + tdx_nr_guest_keyids - 1)) + return; + + ida_free(&tdx_guest_keyid_pool, keyid); +} + static int __init tdx_module_setup(void) { int ret; -- 2.25.1