diff mbox series

[v6,16/21] x86/virt/tdx: Reserve TDX module global KeyID

Message ID	7558961d3dff6311c7872f57ac5bd6727f21e140.1666824663.git.kai.huang@intel.com
State	New
Headers	Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; From: Kai Huang <kai.huang@intel.com> To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, peterz@infradead.org, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v6 16/21] x86/virt/tdx: Reserve TDX module global KeyID Date: Thu, 27 Oct 2022 12:16:15 +1300 Message-Id: <7558961d3dff6311c7872f57ac5bd6727f21e140.1666824663.git.kai.huang@intel.com> In-Reply-To: <cover.1666824663.git.kai.huang@intel.com> References: <cover.1666824663.git.kai.huang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	TDX host kernel support \| [v6,00/21] TDX host kernel support [v6,01/21] x86/tdx: Use enum to define page level of TDX supported page sizes [v6,02/21] x86/virt/tdx: Detect TDX during kernel boot [v6,03/21] x86/virt/tdx: Disable TDX if X2APIC is not enabled [v6,04/21] x86/virt/tdx: Use all boot-time system memory as TDX memory [v6,05/21] x86/virt/tdx: Add skeleton to initialize TDX on demand [v6,06/21] x86/virt/tdx: Implement functions to make SEAMCALL [v6,07/21] x86/virt/tdx: Shut down TDX module in case of error [v6,08/21] x86/virt/tdx: Do TDX module global initialization [v6,09/21] x86/virt/tdx: Do logical-cpu scope TDX module initialization [v6,10/21] x86/virt/tdx: Get information about TDX module and TDX-capable memory [v6,11/21] x86/virt/tdx: Sanity check all TDX memory ranges are convertible memory [v6,12/21] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions [v6,13/21] x86/virt/tdx: Create TDMRs to cover all TDX memory regions [v6,14/21] x86/virt/tdx: Allocate and set up PAMTs for TDMRs [v6,15/21] x86/virt/tdx: Set up reserved areas for all TDMRs [v6,16/21] x86/virt/tdx: Reserve TDX module global KeyID [v6,17/21] x86/virt/tdx: Configure TDX module with TDMRs and global KeyID [v6,18/21] x86/virt/tdx: Configure global KeyID on all packages [v6,19/21] x86/virt/tdx: Initialize all TDMRs [v6,20/21] x86/virt/tdx: Flush cache in kexec() when TDX is enabled [v6,21/21] Documentation/x86: Add documentation for TDX host support

Commit Message

Kai Huang Oct. 26, 2022, 11:16 p.m. UTC

  TDX module initialization requires to use one TDX private KeyID as the
global KeyID to protect the TDX module metadata.  The global KeyID is
configured to the TDX module along with TDMRs.

Just reserve the first TDX private KeyID as the global KeyID.  Keep the
global KeyID as a static variable as KVM will need to use it too.

Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Kai Huang <kai.huang@intel.com>
---
 arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++
 1 file changed, 9 insertions(+)

Comments

Andi Kleen Oct. 27, 2022, 12:40 p.m. UTC | #1

On 10/26/2022 4:16 PM, Kai Huang wrote:
> TDX module initialization requires to use one TDX private KeyID as the
> global KeyID to protect the TDX module metadata.  The global KeyID is
> configured to the TDX module along with TDMRs.
>
> Just reserve the first TDX private KeyID as the global KeyID.  Keep the
> global KeyID as a static variable as KVM will need to use it too.
>
> Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com>
> Signed-off-by: Kai Huang <kai.huang@intel.com>
> ---
>   arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++
>   1 file changed, 9 insertions(+)
>
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index 5d74ada072ca..0820ba781f97 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -62,6 +62,9 @@ static struct tdsysinfo_struct tdx_sysinfo;
>   static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMENT);
>   static int tdx_cmr_num;
>   
> +/* TDX module global KeyID.  Used in TDH.SYS.CONFIG ABI. */
> +static u32 tdx_global_keyid;


Comment how this is serialized (or doesn't need it)

Kai Huang Oct. 28, 2022, 1:24 a.m. UTC | #2

On Thu, 2022-10-27 at 05:40 -0700, Andi Kleen wrote:
> On 10/26/2022 4:16 PM, Kai Huang wrote:
> > TDX module initialization requires to use one TDX private KeyID as the
> > global KeyID to protect the TDX module metadata.  The global KeyID is
> > configured to the TDX module along with TDMRs.
> > 
> > Just reserve the first TDX private KeyID as the global KeyID.  Keep the
> > global KeyID as a static variable as KVM will need to use it too.
> > 
> > Reviewed-by: Isaku Yamahata <isaku.yamahata@intel.com>
> > Signed-off-by: Kai Huang <kai.huang@intel.com>
> > ---
> >   arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++
> >   1 file changed, 9 insertions(+)
> > 
> > diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> > index 5d74ada072ca..0820ba781f97 100644
> > --- a/arch/x86/virt/vmx/tdx/tdx.c
> > +++ b/arch/x86/virt/vmx/tdx/tdx.c
> > @@ -62,6 +62,9 @@ static struct tdsysinfo_struct tdx_sysinfo;
> >   static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMENT);
> >   static int tdx_cmr_num;
> >   
> > +/* TDX module global KeyID.  Used in TDH.SYS.CONFIG ABI. */
> > +static u32 tdx_global_keyid;
> 
> 
> Comment how this is serialized (or doesn't need it)
> 
> 

TDH.SYS.CONFIG, which takes 'tdx_global_keyid' as input, only needs to be called
once on any cpu, so no serialization is needed.

TDH.SYS.KEY.CONFIG, which doesn't take 'tdx_global_keyid' as input but
internally programs it, does require some serialization as this SEAMCALL must be
called on one cpu for each package, and it cannot run concurrently on different
cpus.  How about adding the comment in the patch which does TDH.SYS.KEY.CONFIG?

How about below (taken from patch 18 "x86/virt/tdx: Configure global KeyID on
all packages", but added "in serialized way as it cannot run concurrently on
different cpus" at the end of the first sentence in the comment)?

static int config_global_keyid(void)
{
	struct seamcall_ctx sc = { .fn = TDH_SYS_KEY_CONFIG };

	/*
	 * Configure the key of the global KeyID on all packages by
	 * calling TDH.SYS.KEY.CONFIG on all packages in serialized
	 * way as it cannot run concurrently on different cpus.
	 *
	 * ......
	 */
	return seamcall_on_each_package_serialized(&sc);
}

diff mbox series

Patch

diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 5d74ada072ca..0820ba781f97 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -62,6 +62,9 @@  static struct tdsysinfo_struct tdx_sysinfo;
 static struct cmr_info tdx_cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMENT);
 static int tdx_cmr_num;
 
+/* TDX module global KeyID.  Used in TDH.SYS.CONFIG ABI. */
+static u32 tdx_global_keyid;
+
 /*
  * Detect TDX private KeyIDs to see whether TDX has been enabled by the
  * BIOS.  Both initializing the TDX module and running TDX guest require
@@ -1113,6 +1116,12 @@  static int init_tdx_module(void)
 	if (ret)
 		goto out_free_tdmrs;
 
+	/*
+	 * Reserve the first TDX KeyID as global KeyID to protect
+	 * TDX module metadata.
+	 */
+	tdx_global_keyid = tdx_keyid_start;
+
 	/*
 	 * Return -EINVAL until all steps of TDX module initialization
 	 * process are done.