From patchwork Mon Mar 6 14:13:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Huang, Kai" X-Patchwork-Id: 13161223 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E36FDC678D4 for ; Mon, 6 Mar 2023 14:15:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 81F246B007B; Mon, 6 Mar 2023 09:15:12 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 7CF59280003; Mon, 6 Mar 2023 09:15:12 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6974A280001; Mon, 6 Mar 2023 09:15:12 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 56ECF6B007B for ; Mon, 6 Mar 2023 09:15:12 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 1B535140769 for ; Mon, 6 Mar 2023 14:15:12 +0000 (UTC) X-FDA: 80538670464.22.EFE41B3 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by imf05.hostedemail.com (Postfix) with ESMTP id D7680100014 for ; Mon, 6 Mar 2023 14:15:09 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=nyZxRpkf; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf05.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kai.huang@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678112110; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lDhYDYbrr4vzRwExxSHjWH2qdzk7+g7qKc5v1MVJi8Q=; b=7zLD9crLMJ2+/rZwZBYkXDCG6/KsZN42E/dUGagz2jAGIkc8V1O6nHEIAzTEyW/xaR4+em GsdWh8UZ5Xet8ul08qhgLp5wOGVnvaqpKOgUknfBDzB8Ygq/CMgX8l5b3r+BXH4AOsOlCA jl4Xt6wUiRamJPKHcwRUs76ccRkIptM= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=nyZxRpkf; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf05.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.24 as permitted sender) smtp.mailfrom=kai.huang@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678112110; a=rsa-sha256; cv=none; b=Kyq1iFMpQsw8fY1xrxtzv48bfgwB2Gxrus73p772ooIN2Cnt0PQqMA5DUZip9onD+nwd4a ZEWFefPH45AdnBB76hP6V5YqILZy5AzT48Dst1jcRipBaooHys3KSVJDQPgHcNettFH/eJ 2z/0BBTaEb8oiOjAFwZ4ezQ+WSv9a6E= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1678112110; x=1709648110; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=I1INrcXhvgOH6EWRozaxLzerjnfthFKl9cuiCzgEzug=; b=nyZxRpkfaB+0QEchKOfCwqSmD6dh+HgHrixEqsuEdbG/74RR3oxRjxY7 c65nJl3LSHvovLTlTadetS+ZNRphfwrUvCnFdBTeQna/dIUG8TDreZsRT ObSBLQxUYB0YEiceVrdhkfZKUN1oPV0BGvFhCgiqyLdn3kg3M6sNRpGI8 6a1ImkfqHxL+95rmlXCSPPXHYRvjpX81c4y8Y5Ibb8BaGMhpbkK2zTLsG 79Nvcp98OVecRVF2ju6BXPnwyfY39esJecf0t0J/o4JMWgSWDRDs3kBYd +rIJruweY3h4IdN40iHcMiy5vXhyqUAIHq1eJrsDMzDNK6lpH1fJNp5My A==; X-IronPort-AV: E=McAfee;i="6500,9779,10641"; a="337080171" X-IronPort-AV: E=Sophos;i="5.98,238,1673942400"; d="scan'208";a="337080171" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Mar 2023 06:15:09 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6500,9779,10641"; a="765232182" X-IronPort-AV: E=Sophos;i="5.98,238,1673942400"; d="scan'208";a="765232182" Received: from jwhisle1-mobl2.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.212.92.57]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Mar 2023 06:15:04 -0800 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, dave.hansen@intel.com, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, david@redhat.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v10 08/16] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions Date: Tue, 7 Mar 2023 03:13:53 +1300 Message-Id: X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: D7680100014 X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: gi94qm1xxms59pwzwb76wtrznpcwq5se X-HE-Tag: 1678112109-652352 X-HE-Meta: U2FsdGVkX19YeRccNw9DKHdXNVqbND264bIy2BDc4aIacraQ4MzVy+TMgfllzWNe/1pjv+4DF/1TB0as+sDG5eSiZ4v2rlJA3/UHAt4gRtwW2SFv37J+q/253YqoxHZBX7gKavFgjEbWJLJep60qI0HU2joje5g1vIDma/kZD/3BTCMon13eVbNCHg69lsZlNQy1SCxgDHCf10UALwFjdDZ9zBuvzqt5wG8nsmpe6z3JgwfHoDJGi6fMFrDQ25DNyEqJN+7dKu15TAxdaSjbQCzxKBOoyvlzwxkCt8r9MAPqlhy4xucSof5R6eGW49RZoZK8OPmXcbDZshXv2zHLtqm/m8k0wc93l2wgH4kw/vjz83/+8QBCIDD4nvGHjsPRz85M7/PbzSJVlWc8QGgx4yQu0ZiWF29Vhet3wM7lOiHJfTxQaxLr7bd9RCkBJV7NiCUGuhGH0KrTvrwTDiZ5OwEdd9bwCRzSQssOHp9snJexmJWn2mc+/yZhaGzlDgS9UfEB4I3QRZZQ9SPQSGbTYYK2tmEQ8zyzWLzO4Qdzp0AIk3S63ghjtXvJPsOb/CWylKzz+nEPAf+9Tf1xY9f5jDcmizfxPk3AIHu4BKjEpBgoB8NhpGd0UcyNWJwQwHjj/8F0npHAyIzIxRGvnDidzLikVYh/7POmIvThUydWmzhcG5BIhP7eNDTqsL1Xq1KhNNzDI0uViMqHcT9obqXZl2bkFI7LMbOD0KzscxELraJzIqmyUpo+2o3/gHFqfs8HhkogkWcERe7YwbUsEdZbwUsMZ4q24lxRxd+ZV2uRg/ZvYdMLB24sK0Q2nrJOkrgiS8vDXzMtZD2LDzacrNtWBGh2i7VlKrMQZJ62UIcHsCANyFS+akmWMXKhLyXg284nL/1OX9vQbRVk4cqX/PdWjMUARKaUzQjm+Qw9IBCIt8JjqRDHUk8P31rmnyb6NAbL7cCVXzSzA8+dybBj0KI ooHae7cM pPe5c6a2bph664E0AufzJWVFLWHppn85HtfYDA3wYJj6jwH0uWCMOOfxcfz7glQ957HVeFVy+GC6/ZTIYBNWsa942F/75IiGUdukZj+7P4XAFuljsx+hu45TXdTiY3JMmG9jTPe8ZvhP5jqLNxWn+ln5xsEHGjHfkBi0CCnLyMu3k6E8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: After the kernel selects all TDX-usable memory regions, the kernel needs to pass those regions to the TDX module via data structure "TD Memory Region" (TDMR). Add a placeholder to construct a list of TDMRs (in multiple steps) to cover all TDX-usable memory regions. === Long Version === TDX provides increased levels of memory confidentiality and integrity. This requires special hardware support for features like memory encryption and storage of memory integrity checksums. Not all memory satisfies these requirements. As a result, TDX introduced the concept of a "Convertible Memory Region" (CMR). During boot, the firmware builds a list of all of the memory ranges which can provide the TDX security guarantees. The list of these ranges is available to the kernel by querying the TDX module. The TDX architecture needs additional metadata to record things like which TD guest "owns" a given page of memory. This metadata essentially serves as the 'struct page' for the TDX module. The space for this metadata is not reserved by the hardware up front and must be allocated by the kernel and given to the TDX module. Since this metadata consumes space, the VMM can choose whether or not to allocate it for a given area of convertible memory. If it chooses not to, the memory cannot receive TDX protections and can not be used by TDX guests as private memory. For every memory region that the VMM wants to use as TDX memory, it sets up a "TD Memory Region" (TDMR). Each TDMR represents a physically contiguous convertible range and must also have its own physically contiguous metadata table, referred to as a Physical Address Metadata Table (PAMT), to track status for each page in the TDMR range. Unlike a CMR, each TDMR requires 1G granularity and alignment. To support physical RAM areas that don't meet those strict requirements, each TDMR permits a number of internal "reserved areas" which can be placed over memory holes. If PAMT metadata is placed within a TDMR it must be covered by one of these reserved areas. Let's summarize the concepts: CMR - Firmware-enumerated physical ranges that support TDX. CMRs are 4K aligned. TDMR - Physical address range which is chosen by the kernel to support TDX. 1G granularity and alignment required. Each TDMR has reserved areas where TDX memory holes and overlapping PAMTs can be represented. PAMT - Physically contiguous TDX metadata. One table for each page size per TDMR. Roughly 1/256th of TDMR in size. 256G TDMR = ~1G PAMT. As one step of initializing the TDX module, the kernel configures TDX-usable memory regions by passing a list of TDMRs to the TDX module. Constructing the list of TDMRs consists below steps: 1) Fill out TDMRs to cover all memory regions that the TDX module will use for TD memory. 2) Allocate and set up PAMT for each TDMR. 3) Designate reserved areas for each TDMR. Add a placeholder to construct TDMRs to do the above steps. To keep things simple, just allocate enough space to hold maximum number of TDMRs up front. Always free the space of the TDMRs after the module initialization (no matter successful or not) as TDMRs are only used during the module initialization. Signed-off-by: Kai Huang Reviewed-by: Isaku Yamahata --- v9 -> v10: - Changed the TDMR list from static variable back to local variable as now TDX module isn't disabled when tdx_cpu_enable() fails. v8 -> v9: - Changes around 'struct tdmr_info_list' (Dave): - Moved the declaration from tdx.c to tdx.h. - Renamed 'first_tdmr' to 'tdmrs'. - 'nr_tdmrs' -> 'nr_consumed_tdmrs'. - Changed 'tdmrs' to 'void *'. - Improved comments for all structure members. - Added a missing empty line in alloc_tdmr_list() (Dave). v7 -> v8: - Improved changelog to tell this is one step of "TODO list" in init_tdx_module(). - Other changelog improvement suggested by Dave (with "Create TDMRs" to "Fill out TDMRs" to align with the code). - Added a "TODO list" comment to lay out the steps to construct TDMRs, following the same idea of "TODO list" in tdx_module_init(). - Introduced 'struct tdmr_info_list' (Dave) - Further added additional members (tdmr_sz/max_tdmrs/nr_tdmrs) to simplify getting TDMR by given index, and reduce passing arguments around functions. - Added alloc_tdmr_list()/free_tdmr_list() accordingly, which internally uses tdmr_size_single() (Dave). - tdmr_num -> nr_tdmrs (Dave). v6 -> v7: - Improved commit message to explain 'int' overflow cannot happen in cal_tdmr_size() and alloc_tdmr_array(). -- Andy/Dave. v5 -> v6: - construct_tdmrs_memblock() -> construct_tdmrs() as 'tdx_memblock' is used instead of memblock. - Added Isaku's Reviewed-by. - v3 -> v5 (no feedback on v4): - Moved calculating TDMR size to this patch. - Changed to use alloc_pages_exact() to allocate buffer for all TDMRs once, instead of allocating each TDMR individually. - Removed "crypto protection" in the changelog. - -EFAULT -> -EINVAL in couple of places. --- arch/x86/virt/vmx/tdx/tdx.c | 98 ++++++++++++++++++++++++++++++++++++- arch/x86/virt/vmx/tdx/tdx.h | 32 ++++++++++++ 2 files changed, 128 insertions(+), 2 deletions(-) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 9149144cd7e7..2b87cedc7fce 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -454,6 +455,80 @@ static int build_tdx_memlist(struct list_head *tmb_list) return ret; } +/* Calculate the actual TDMR size */ +static int tdmr_size_single(u16 max_reserved_per_tdmr) +{ + int tdmr_sz; + + /* + * The actual size of TDMR depends on the maximum + * number of reserved areas. + */ + tdmr_sz = sizeof(struct tdmr_info); + tdmr_sz += sizeof(struct tdmr_reserved_area) * max_reserved_per_tdmr; + + return ALIGN(tdmr_sz, TDMR_INFO_ALIGNMENT); +} + +static int alloc_tdmr_list(struct tdmr_info_list *tdmr_list, + struct tdsysinfo_struct *sysinfo) +{ + size_t tdmr_sz, tdmr_array_sz; + void *tdmr_array; + + tdmr_sz = tdmr_size_single(sysinfo->max_reserved_per_tdmr); + tdmr_array_sz = tdmr_sz * sysinfo->max_tdmrs; + + /* + * To keep things simple, allocate all TDMRs together. + * The buffer needs to be physically contiguous to make + * sure each TDMR is physically contiguous. + */ + tdmr_array = alloc_pages_exact(tdmr_array_sz, + GFP_KERNEL | __GFP_ZERO); + if (!tdmr_array) + return -ENOMEM; + + tdmr_list->tdmrs = tdmr_array; + + /* + * Keep the size of TDMR to find the target TDMR + * at a given index in the TDMR list. + */ + tdmr_list->tdmr_sz = tdmr_sz; + tdmr_list->max_tdmrs = sysinfo->max_tdmrs; + tdmr_list->nr_consumed_tdmrs = 0; + + return 0; +} + +static void free_tdmr_list(struct tdmr_info_list *tdmr_list) +{ + free_pages_exact(tdmr_list->tdmrs, + tdmr_list->max_tdmrs * tdmr_list->tdmr_sz); +} + +/* + * Construct a list of TDMRs on the preallocated space in @tdmr_list + * to cover all TDX memory regions in @tmb_list based on the TDX module + * information in @sysinfo. + */ +static int construct_tdmrs(struct list_head *tmb_list, + struct tdmr_info_list *tdmr_list, + struct tdsysinfo_struct *sysinfo) +{ + /* + * TODO: + * + * - Fill out TDMRs to cover all TDX memory regions. + * - Allocate and set up PAMTs for each TDMR. + * - Designate reserved areas for each TDMR. + * + * Return -EINVAL until constructing TDMRs is done + */ + return -EINVAL; +} + static int init_tdx_module(void) { static DECLARE_PADDED_STRUCT(tdsysinfo_struct, tdsysinfo, @@ -461,6 +536,7 @@ static int init_tdx_module(void) static struct cmr_info cmr_array[MAX_CMRS] __aligned(CMR_INFO_ARRAY_ALIGNMENT); struct tdsysinfo_struct *sysinfo = &PADDED_STRUCT(tdsysinfo); + struct tdmr_info_list tdmr_list; int ret; ret = tdx_get_sysinfo(sysinfo, cmr_array); @@ -483,11 +559,19 @@ static int init_tdx_module(void) if (ret) goto out; + /* Allocate enough space for constructing TDMRs */ + ret = alloc_tdmr_list(&tdmr_list, sysinfo); + if (ret) + goto out_free_tdx_mem; + + /* Cover all TDX-usable memory regions in TDMRs */ + ret = construct_tdmrs(&tdx_memlist, &tdmr_list, sysinfo); + if (ret) + goto out_free_tdmrs; + /* * TODO: * - * - Construct a list of "TD Memory Regions" (TDMRs) to cover - * all TDX-usable memory regions. * - Configure the TDMRs and the global KeyID to the TDX module. * - Configure the global KeyID on all packages. * - Initialize all TDMRs. @@ -495,6 +579,16 @@ static int init_tdx_module(void) * Return error before all steps are done. */ ret = -EINVAL; +out_free_tdmrs: + /* + * Free the space for the TDMRs no matter the initialization is + * successful or not. They are not needed anymore after the + * module initialization. + */ + free_tdmr_list(&tdmr_list); +out_free_tdx_mem: + if (ret) + free_tdx_memlist(&tdx_memlist); out: /* * @tdx_memlist is written here and read at memory hotplug time. diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 6518024fcb68..3ad1e06be0f1 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -89,6 +89,29 @@ struct tdsysinfo_struct { DECLARE_FLEX_ARRAY(struct cpuid_config, cpuid_configs); } __packed; +struct tdmr_reserved_area { + u64 offset; + u64 size; +} __packed; + +#define TDMR_INFO_ALIGNMENT 512 + +struct tdmr_info { + u64 base; + u64 size; + u64 pamt_1g_base; + u64 pamt_1g_size; + u64 pamt_2m_base; + u64 pamt_2m_size; + u64 pamt_4k_base; + u64 pamt_4k_size; + /* + * Actual number of reserved areas depends on + * 'struct tdsysinfo_struct'::max_reserved_per_tdmr. + */ + DECLARE_FLEX_ARRAY(struct tdmr_reserved_area, reserved_areas); +} __packed __aligned(TDMR_INFO_ALIGNMENT); + /* * Do not put any hardware-defined TDX structure representations below * this comment! @@ -107,6 +130,15 @@ struct tdx_memblock { unsigned long end_pfn; }; +struct tdmr_info_list { + void *tdmrs; /* Flexible array to hold 'tdmr_info's */ + int nr_consumed_tdmrs; /* How many 'tdmr_info's are in use */ + + /* Metadata for finding target 'tdmr_info' and freeing @tdmrs */ + int tdmr_sz; /* Size of one 'tdmr_info' */ + int max_tdmrs; /* How many 'tdmr_info's are allocated */ +}; + struct tdx_module_output; u64 __seamcall(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, struct tdx_module_output *out);