| Message ID | fec007c0193e5f0509450de78052346da1045b23.1668988357.git.kai.huang@intel.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1323185wrr;
Sun, 20 Nov 2022 16:31:20 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf5gBMkjWbLNgPSNeL56TmI5QRpcicE3d4ZA1tnMGf5ctlK4LtHR4oU5Jb/UpsRFdghXNPwV
X-Received: by 2002:a17:902:f80d:b0:186:5d84:604e with SMTP id
ix13-20020a170902f80d00b001865d84604emr9509525plb.85.1668990680618;
Sun, 20 Nov 2022 16:31:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668990680; cv=none;
d=google.com; s=arc-20160816;
b=TlbjCLZNsTV4vVhJ9vvucWx/FvuXOpFF/oh5e7Hw5/Av1ipFFycfWxKvxnhXpbnqrq
Vs4IIZ3y9HY4/UT4iluEwKEdmpauX0FxhbDm3s5nVM2nREB4YHtz1UWgAbpYFboTL8Uj
jXMKPcSM68QCNjmJ2IRXRPbVCSFOd04bSC7UaeG2y8eeWySmx7SFbA4UxApuJlzhdl96
WsYoZGcwo4o9fEi2d3xYyBrZGqYesY9PBZhqQa6pFizPvf2AAWonKTwcISH9KH0ReTFf
dKYen7Eo/O+DYQuTpinIctGoQcUrZlrAeri4uOGdMmkx88IJ3bPJ3yZ9rJcUthAgpEpA
t2Cw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=vxx245sjBvbQA8FPUJSVr1+bd2mG3rW5RI92nqB2fhk=;
b=IvDgyGTBojNmAgmy1ECXQNovdT3xzHychXuvdstzv5JXGBLRzLg3ZF7XvEcacrY0jr
XrG5aYA4TcnunJzDkdDJWZt1dtlFTplScFhHEfVD7C1rJQRWbvdMqANO7wlKkt2sk8F8
0gTnHJ2W3pBr6v8eCVaJJhEV17OpL3VPb1dzs/QHZa8urd6NIEUHt184pzVg+27iGEZy
jSOwlNFaUrlahV1woom7R9Q2Q9liluetmifY6cbBMq/lWdEMRuk1uLiZKzvXmPWR4im+
/FzssMclJUVQcWCT24QvA64MmExdjKM7brjmZw2ozrGriUOE/sW4sorhLYja/H8+AeEJ
sQyg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=ma7P+Uxg;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
j189-20020a636ec6000000b0046f5808167asi10387592pgc.812.2022.11.20.16.31.07;
Sun, 20 Nov 2022 16:31:20 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@intel.com header.s=Intel header.b=ma7P+Uxg;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229992AbiKUAag (ORCPT <rfc822;leviz.kernel.dev@gmail.com>
+ 99 others); Sun, 20 Nov 2022 19:30:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57302 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229969AbiKUAaR (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Sun, 20 Nov 2022 19:30:17 -0500
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 201F867F70;
Sun, 20 Nov 2022 16:28:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
t=1668990532; x=1700526532;
h=from:to:cc:subject:date:message-id:in-reply-to:
references:mime-version:content-transfer-encoding;
bh=p0XEmMAPhmR4juGNDpcaQB3QmsMbWYRHbmAUiytIe9Q=;
b=ma7P+Uxg39RKNUwrsWoY+bqQiG5MOmBc4gVwlymDrjwSynKviTHVM8Pe
2cd+JqzbPweC0mB0m8tZPB3baogCrTDYSIeHvkRQ1CV7BNIJi3TVhxkxa
11In/vaoaE913S3BTp4P5g8sHzUxuFxNt3gMZ8JbpuT8SYNEKwjBQo0hO
+zZf1FCDptI8PVK5+noakrN0TI9XlKpUVBJ3fEkF86WH7BV7SeVIntsSm
rTTewheaMf9ynHxtdOM3PyrMOkFCDJ5aVA9KNVxy1YgRR0I+lPQBF8p7Q
rJ1ieBHOxQ1/WI+qFGm9EH78+MeAoDyLnshym4d9O+eY9Fuh5VGEWLqPz
w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="377705750"
X-IronPort-AV: E=Sophos;i="5.96,180,1665471600";
d="scan'208";a="377705750"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
20 Nov 2022 16:28:00 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="729825498"
X-IronPort-AV: E=Sophos;i="5.96,180,1665471600";
d="scan'208";a="729825498"
Received: from tomnavar-mobl.amr.corp.intel.com (HELO
khuang2-desk.gar.corp.intel.com) ([10.209.176.15])
by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
20 Nov 2022 16:27:56 -0800
From: Kai Huang <kai.huang@intel.com>
To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Cc: linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com,
dave.hansen@intel.com, dan.j.williams@intel.com,
rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com,
ying.huang@intel.com, reinette.chatre@intel.com,
len.brown@intel.com, tony.luck@intel.com, peterz@infradead.org,
ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com,
sagis@google.com, imammedo@redhat.com, kai.huang@intel.com
Subject: [PATCH v7 15/20] x86/virt/tdx: Reserve TDX module global KeyID
Date: Mon, 21 Nov 2022 13:26:37 +1300
Message-Id:
<fec007c0193e5f0509450de78052346da1045b23.1668988357.git.kai.huang@intel.com>
X-Mailer: git-send-email 2.38.1
In-Reply-To: <cover.1668988357.git.kai.huang@intel.com>
References: <cover.1668988357.git.kai.huang@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750063572387192963?=
X-GMAIL-MSGID: =?utf-8?q?1750063572387192963?=
|
| Series |
TDX host kernel support
|
|
Commit Message
Kai Huang
Nov. 21, 2022, 12:26 a.m. UTC
TDX module initialization requires to use one TDX private KeyID as the global KeyID to protect the TDX module metadata. The global KeyID is configured to the TDX module along with TDMRs. Just reserve the first TDX private KeyID as the global KeyID. Keep the global KeyID as a static variable as KVM will need to use it too. Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com> Signed-off-by: Kai Huang <kai.huang@intel.com> --- arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+)
Comments
On 11/20/22 16:26, Kai Huang wrote: > @@ -1053,6 +1056,12 @@ static int init_tdx_module(void) > if (ret) > goto out_free_tdmrs; > > + /* > + * Reserve the first TDX KeyID as global KeyID to protect > + * TDX module metadata. > + */ > + tdx_global_keyid = tdx_keyid_start; This doesn't "reserve" squat. You could argue that it "picks", "chooses", or "designates" the 'tdx_global_keyid', but where is the "reservation"?
On Wed, 2022-11-23 at 15:40 -0800, Dave Hansen wrote: > On 11/20/22 16:26, Kai Huang wrote: > > @@ -1053,6 +1056,12 @@ static int init_tdx_module(void) > > if (ret) > > goto out_free_tdmrs; > > > > + /* > > + * Reserve the first TDX KeyID as global KeyID to protect > > + * TDX module metadata. > > + */ > > + tdx_global_keyid = tdx_keyid_start; > > This doesn't "reserve" squat. > > You could argue that it "picks", "chooses", or "designates" the > 'tdx_global_keyid', but where is the "reservation"? Right. I'll change to use "choose".
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 1fbf33f2f210..e2cbeeb7f0dc 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -62,6 +62,9 @@ static int tdx_cmr_num; /* All TDX-usable memory regions */ static LIST_HEAD(tdx_memlist); +/* TDX module global KeyID. Used in TDH.SYS.CONFIG ABI. */ +static u32 tdx_global_keyid; + /* * Detect TDX private KeyIDs to see whether TDX has been enabled by the * BIOS. Both initializing the TDX module and running TDX guest require @@ -1053,6 +1056,12 @@ static int init_tdx_module(void) if (ret) goto out_free_tdmrs; + /* + * Reserve the first TDX KeyID as global KeyID to protect + * TDX module metadata. + */ + tdx_global_keyid = tdx_keyid_start; + /* * Return -EINVAL until all steps of TDX module initialization * process are done.