From patchwork Mon Nov 21 00:26:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Huang, Kai" X-Patchwork-Id: 13050216 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F127C433FE for ; Mon, 21 Nov 2022 00:28:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 034976B0093; Sun, 20 Nov 2022 19:28:02 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id F26DD6B0095; Sun, 20 Nov 2022 19:28:01 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DEEBF6B0096; Sun, 20 Nov 2022 19:28:01 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id CFF216B0093 for ; Sun, 20 Nov 2022 19:28:01 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id B92921C5FB9 for ; Mon, 21 Nov 2022 00:28:01 +0000 (UTC) X-FDA: 80155561962.16.AD383B8 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf22.hostedemail.com (Postfix) with ESMTP id 2A585C0008 for ; Mon, 21 Nov 2022 00:28:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1668990481; x=1700526481; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=p0XEmMAPhmR4juGNDpcaQB3QmsMbWYRHbmAUiytIe9Q=; b=KkkiDsvurgSQYbTE5cG303/7P0kFbru1REP7n+aaz+0FIGVinGuITGrC IqqPbhT2TF9kUsuGvA65tO/xtnbnDew5LS5yYEN28vplwp+J59jp+T8B1 qyYpKifuWWGrlvZvhUKrrF9fbCjCIKM0NqOspWkQKEgzrkGzgpqwT7MVw LAVQBltD9p7kvLnzhzWjYmJUJreHWjnrc6h41snxmKn4x1nC8WSzX31+4 KlkJx6qYWQFJVWj8Vvc0J/luJPWV+ROzWG5wVbWSWRpWlG2PjQJqtQjsF bFIESbv8kH3edDUw/u01ugiwo+o5bnasiL2n3/jF5IFviTENhiZzlY0fQ g==; X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="296803730" X-IronPort-AV: E=Sophos;i="5.96,180,1665471600"; d="scan'208";a="296803730" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Nov 2022 16:28:00 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10537"; a="729825498" X-IronPort-AV: E=Sophos;i="5.96,180,1665471600"; d="scan'208";a="729825498" Received: from tomnavar-mobl.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.209.176.15]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 20 Nov 2022 16:27:56 -0800 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, seanjc@google.com, pbonzini@redhat.com, dave.hansen@intel.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, peterz@infradead.org, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v7 15/20] x86/virt/tdx: Reserve TDX module global KeyID Date: Mon, 21 Nov 2022 13:26:37 +1300 Message-Id: X-Mailer: git-send-email 2.38.1 In-Reply-To: References: MIME-Version: 1.0 ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1668990481; a=rsa-sha256; cv=none; b=I7RRk4oZchqx5XJEOkCTuGqbIoajubOiUppxPOR564y53lYd+9iQc3HdOhN2+jkUh7CfqZ ioiqaYhFvaNZeaiNSZw4M84RS1/KtKTzQV+VHRPwInOeHfnLfZohkmIP/XFQJvRRDbcYsQ 70sGzENckZLWu5XbtUjyyRGJAeSWySA= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=KkkiDsvu; spf=pass (imf22.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1668990481; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=vxx245sjBvbQA8FPUJSVr1+bd2mG3rW5RI92nqB2fhk=; b=ABkmt/nx5Impe+MpH9i5xZyeqOL+UZzxGhQP9uMDJqvOrnoXTo+APY6F7M0GzDs9rvj+HO Av9TuosuS417Wce/LBoIPanGZEGKj3dnWJ7rzTqeVlDMvd6zJYJZq6hAifqnfOWLrAc/0h 7R0XgDTjF5HO76ZuR9nibR0M+Ss+8uU= X-Rspam-User: X-Stat-Signature: fdypna55u3r193epe1cam8b87a4duznz X-Rspamd-Queue-Id: 2A585C0008 Authentication-Results: imf22.hostedemail.com; dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=KkkiDsvu; spf=pass (imf22.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com; dmarc=pass (policy=none) header.from=intel.com X-Rspamd-Server: rspam07 X-HE-Tag: 1668990480-79221 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: TDX module initialization requires to use one TDX private KeyID as the global KeyID to protect the TDX module metadata. The global KeyID is configured to the TDX module along with TDMRs. Just reserve the first TDX private KeyID as the global KeyID. Keep the global KeyID as a static variable as KVM will need to use it too. Reviewed-by: Isaku Yamahata Signed-off-by: Kai Huang --- arch/x86/virt/vmx/tdx/tdx.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 1fbf33f2f210..e2cbeeb7f0dc 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -62,6 +62,9 @@ static int tdx_cmr_num; /* All TDX-usable memory regions */ static LIST_HEAD(tdx_memlist); +/* TDX module global KeyID. Used in TDH.SYS.CONFIG ABI. */ +static u32 tdx_global_keyid; + /* * Detect TDX private KeyIDs to see whether TDX has been enabled by the * BIOS. Both initializing the TDX module and running TDX guest require @@ -1053,6 +1056,12 @@ static int init_tdx_module(void) if (ret) goto out_free_tdmrs; + /* + * Reserve the first TDX KeyID as global KeyID to protect + * TDX module metadata. + */ + tdx_global_keyid = tdx_keyid_start; + /* * Return -EINVAL until all steps of TDX module initialization * process are done.