Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2870383lqp; Mon, 25 Mar 2024 11:32:27 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWPhE4tDCJCgjy5pLD3e2PwtWJXGspzbeGL0Q7XZcqwHKNNkyGbp7iQzZChYmlqKTfvP9H5e2eEfayqRJR8FNs4GvkbqPYYe5r9x7ROEw== X-Google-Smtp-Source: AGHT+IETgy2+g0p7FBbXD42FzomYxgXCwC+Kstb1IuWIhTXUUxsi3qlpChE9DBCWwGaHSrdcGgKV X-Received: by 2002:a05:6a20:9f88:b0:1a3:c63a:c6f8 with SMTP id mm8-20020a056a209f8800b001a3c63ac6f8mr5547453pzb.56.1711391547212; Mon, 25 Mar 2024 11:32:27 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711391547; cv=pass; d=google.com; s=arc-20160816; b=kYvb/TucCAqbR+DaJqci5NhN0WYLe0CgrdUOilVWQirfKDCXWVJGlCkL5gEvrFfUqd 9xEfnNSBqQdGWzubvtbPeJDyaNDAJqPb8yPrGDxIS0fvNR9loz28jzYUYBFrR7ORowX3 ozQgE0GTLiSTtTrQ67Re6YN+iABTrHZ2nI7oR9yQdCtT5Ek3g0LNnPh8Rd5SYaHgAPdE lbwzVz+9dR0GKVnQJeftBF05Sv7r8Ew8kzy9P421alcVEJu4JaT8XKbyTqso+LuSFK5t hS0BEBdWCndCtEYHHkVDXe6o0v4mx9426IJGJpfLMUO0czJ92MIy3eBHUCl9N5/2+Lc6 bOKQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to:subject :user-agent:mime-version:list-unsubscribe:list-subscribe:list-id :precedence:date:message-id:dkim-signature; bh=N3ZwEFsuoV7pSxpwK9+WUSltUp4ChEjmDiESmf+/Vmw=; fh=EIee8CzZD92nOFt2BViAL39aXSnRmeUprq6zkqqTptE=; b=VZsBmL1Af0OvW4KNNh/Z8pRAGhxel0VpeC/3jeBcpnauCDSNfrfjVi3YB3uXhz6GsJ ijMtgMWse+w6E0DrhSQ59EgkjRKjfwbwP3nU5eJgEH4p/XKoJOInTsuFIEaueMI/zJWN 0/1s78vxixtznK1Jz+9kc+LekdrkNIu9lMOj1dtdR3Q2DXNtCWSk8fIBAb2uVFPaP/eW 9RfzujI+4yHzsz4NcgcS0kBlILp2mDe5igqTWGlAP0xkdvLo/HaVc0Spz/44WA0L86u5 4rM4OwC0am8kL3vzIz3Hn/yypys6ruXJ1XSbBzwr53B43s5pOZt1bBiOgE00Kg7AEzMw 8Cnw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eOdHQFDX; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-116779-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116779-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id f17-20020a63dc51000000b005dc500d9af0si904574pgj.450.2024.03.25.11.32.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 11:32:27 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-116779-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eOdHQFDX; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-kernel+bounces-116779-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-116779-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 501522C2575 for ; Mon, 25 Mar 2024 14:13:15 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A6E98170EA5; Mon, 25 Mar 2024 10:47:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="eOdHQFDX" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 498B018E0E4; Mon, 25 Mar 2024 09:58:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711360736; cv=none; b=psLAYzFt3wkJr9IfXigVM1P5tPYXmmtpA9R4oxNx/7+gqQBBAt4r3s/J7aPmyxmiA8DNeW+w71KdgMG1+2W6XSEGC5iOmAET8iQ6BTxYOlIq1/VwY7zc24MDyseDizLInUNKMKYYiiGkO8eAPJWBnAilih6UojV06o4ABx5Pxb4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711360736; c=relaxed/simple; bh=ugri9IdhvbgQiiHtwIt5j6DpjMT2Yzmc1v7CVG2wUZ4=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=f6dtJp4sHKO51rIZxp+BS+93YFM/VUQ8sxvzF0ykxh7JkGbEYul2mPXlh/dyD1+kJzgYQu9e6dAlbZtO+ziqn7HIiZtDG6DlOB3m8iGmfPJCtI4R5GijKD2JmLYWZjG4+SVnK1MQgu5MTXWVG+ReU0UkjjgN+6H+HNNNlaMi8PQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=eOdHQFDX; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1711360734; x=1742896734; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=ugri9IdhvbgQiiHtwIt5j6DpjMT2Yzmc1v7CVG2wUZ4=; b=eOdHQFDXog4groP9nRZdrc8aNErbnvUgXYXySMs4X/MPK/zcjL5mNWvJ MM9jFWSQJt4xl0B+dOUcQuE3mVIYLo6RxoAJqEg29QhRQ46Wfyd04wzCt zjQP78GDFbmkD69Bsm3gfGIiysptVItdkf1nIXuAnB4OmTi2QP6ZiEW0b Q9OB5jtTPVbNcgpS2+zCx1VE53DN6GBo+ssgIRmFiYlrm6LZ0qhj3gwdR 8bsp8fknD2x92OOdOYMte0i6WiRP5ZOKOU88uks0lad6afeEMjWO7qocj BZDgC29ABv9E8vamfnUMA9nvRo5ZyT7+MpE1+VhhCXVji0ebCm5WCskou Q==; X-IronPort-AV: E=McAfee;i="6600,9927,11023"; a="17495130" X-IronPort-AV: E=Sophos;i="6.07,152,1708416000"; d="scan'208";a="17495130" Received: from orviesa007.jf.intel.com ([10.64.159.147]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2024 02:58:53 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,152,1708416000"; d="scan'208";a="15969992" Received: from binbinwu-mobl.ccr.corp.intel.com (HELO [10.238.0.234]) ([10.238.0.234]) by orviesa007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Mar 2024 02:58:50 -0700 Message-ID: Date: Mon, 25 Mar 2024 17:58:47 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v19 038/130] KVM: TDX: create/destroy VM structure To: isaku.yamahata@intel.com Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, Sean Christopherson References: <7a508f88e8c8b5199da85b7a9959882ddf390796.1708933498.git.isaku.yamahata@intel.com> From: Binbin Wu In-Reply-To: <7a508f88e8c8b5199da85b7a9959882ddf390796.1708933498.git.isaku.yamahata@intel.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 2/26/2024 4:25 PM, isaku.yamahata@intel.com wrote: > From: Isaku Yamahata > > As the first step to create TDX guest, create/destroy VM struct. Assign > TDX private Host Key ID (HKID) to the TDX guest for memory encryption and > allocate extra pages for the TDX guest. On destruction, free allocated > pages, and HKID. > > Before tearing down private page tables, TDX requires some resources of the > guest TD to be destroyed (i.e. HKID must have been reclaimed, etc). Add > mmu notifier release callback It seems not accurate to say "Add mmu notifier release callback", since the interface has already been there. This patch extends the cache flush function, i.e, kvm_flush_shadow_all() to do TDX specific thing. > before tearing down private page tables for > it. > > Add vm_free() of kvm_x86_ops hook at the end of kvm_arch_destroy_vm() > because some per-VM TDX resources, e.g. TDR, need to be freed after other > TDX resources, e.g. HKID, were freed. > > Co-developed-by: Kai Huang > Signed-off-by: Kai Huang > Signed-off-by: Sean Christopherson > Signed-off-by: Isaku Yamahata > > --- > v19: > - fix check error code of TDH.PHYMEM.PAGE.RECLAIM. RCX and TDR. > > v18: > - Use TDH.SYS.RD() instead of struct tdsysinfo_struct. > - Rename tdx_reclaim_td_page() to tdx_reclaim_control_page() > - return -EAGAIN on TDX_RND_NO_ENTROPY of TDH.MNG.CREATE(), TDH.MNG.ADDCX() > - fix comment to remove extra the. > - use true instead of 1 for boolean. > - remove an extra white line. > > v16: > - Simplified tdx_reclaim_page() > - Reorganize the locking of tdx_release_hkid(), and use smp_call_mask() > instead of smp_call_on_cpu() to hold spinlock to race with invalidation > on releasing guest memfd > > Signed-off-by: Isaku Yamahata > --- > arch/x86/include/asm/kvm-x86-ops.h | 2 + > arch/x86/include/asm/kvm_host.h | 2 + > arch/x86/kvm/Kconfig | 3 +- > arch/x86/kvm/mmu/mmu.c | 7 + > arch/x86/kvm/vmx/main.c | 26 +- > arch/x86/kvm/vmx/tdx.c | 475 ++++++++++++++++++++++++++++- > arch/x86/kvm/vmx/tdx.h | 6 +- > arch/x86/kvm/vmx/x86_ops.h | 6 + > arch/x86/kvm/x86.c | 1 + > 9 files changed, 520 insertions(+), 8 deletions(-) > [...] > + > +static void tdx_clear_page(unsigned long page_pa) > +{ > + const void *zero_page = (const void *) __va(page_to_phys(ZERO_PAGE(0))); > + void *page = __va(page_pa); > + unsigned long i; > + > + /* > + * When re-assign one page from old keyid to a new keyid, MOVDIR64B is > + * required to clear/write the page with new keyid to prevent integrity > + * error when read on the page with new keyid. > + * > + * clflush doesn't flush cache with HKID set. The cache line could be > + * poisoned (even without MKTME-i), clear the poison bit. > + */ > + for (i = 0; i < PAGE_SIZE; i += 64) > + movdir64b(page + i, zero_page); > + /* > + * MOVDIR64B store uses WC buffer. Prevent following memory reads > + * from seeing potentially poisoned cache. > + */ > + __mb(); Is __wmb() sufficient for this case? > +} > + [...] > + > +static int tdx_do_tdh_mng_key_config(void *param) > +{ > + hpa_t *tdr_p = param; > + u64 err; > + > + do { > + err = tdh_mng_key_config(*tdr_p); > + > + /* > + * If it failed to generate a random key, retry it because this > + * is typically caused by an entropy error of the CPU's random Here you say "typically", is there other cause and is it safe to loop on retry? > + * number generator. > + */ > + } while (err == TDX_KEY_GENERATION_FAILED); > + > + if (WARN_ON_ONCE(err)) { > + pr_tdx_error(TDH_MNG_KEY_CONFIG, err, NULL); > + return -EIO; > + } > + > + return 0; > +} > + [...]