From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DFC60C47082 for ; Tue, 1 Jun 2021 02:08:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BBF3E6127C for ; Tue, 1 Jun 2021 02:08:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232587AbhFACKc (ORCPT ); Mon, 31 May 2021 22:10:32 -0400 Received: from mga12.intel.com ([192.55.52.136]:31129 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232132AbhFACKb (ORCPT ); Mon, 31 May 2021 22:10:31 -0400 IronPort-SDR: YKPch017eH/fNstaA+VDCu7fEXrvpS4xq9R9AmfmPAC0CdA9hKTv4G0n2wyS8WgLb7I61vpj8H 1DxKnK07aCKw== X-IronPort-AV: E=McAfee;i="6200,9189,10001"; a="183136421" X-IronPort-AV: E=Sophos;i="5.83,239,1616482800"; d="scan'208";a="183136421" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 May 2021 19:08:51 -0700 IronPort-SDR: 2rE58Aqp2+83M9CCev55vf+p8yKRMTWpzrig4XUzxLCO3RE/gi0wbOFeihjk3zezKW5GSzTAqm RxqjRCwqaQAg== X-IronPort-AV: E=Sophos;i="5.83,239,1616482800"; d="scan'208";a="479094172" Received: from mjdelaro-mobl.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.254.3.23]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 May 2021 19:08:49 -0700 From: Kuppuswamy Sathyanarayanan To: Peter Zijlstra , Andy Lutomirski , Dave Hansen , Tony Luck Cc: Andi Kleen , Kirill Shutemov , Kuppuswamy Sathyanarayanan , Dan Williams , Raj Ashok , Sean Christopherson , Kuppuswamy Sathyanarayanan , linux-kernel@vger.kernel.org Subject: [RFC v2-fix-v1 1/1] x86/tdx: Exclude Shared bit from physical_mask Date: Mon, 31 May 2021 19:08:45 -0700 Message-Id: <20210601020845.4127-1-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210531214602.qd6r63s5jbr4vcm5@box> References: <20210531214602.qd6r63s5jbr4vcm5@box> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: "Kirill A. Shutemov" Just like MKTME, TDX reassigns bits of the physical address for metadata. MKTME used several bits for an encryption KeyID. TDX uses a single bit in guests to communicate whether a physical page should be protected by TDX as private memory (bit set to 0) or unprotected and shared with the VMM (bit set to 1). Add a helper, tdg_shared_mask() to generate the mask. The processor enumerates its physical address width to include the shared bit, which means it gets included in __PHYSICAL_MASK by default. Remove the shared mask from 'physical_mask' since any bits in tdg_shared_mask() are not used for physical addresses in page table entries. Also, note that we cannot club shared mapping configuration between AMD SME and Intel TDX Guest platforms in common function. SME has to do it very early in __startup_64() as it sets the bit on all memory, except what is used for communication. TDX can postpone it, as it don't need any shared mapping in very early boot. Signed-off-by: Kirill A. Shutemov Reviewed-by: Andi Kleen Signed-off-by: Kuppuswamy Sathyanarayanan --- Changes since RFC-v2: * Renamed __PHYSICAL_MASK to physical_mask in commit subject. * Fixed commit log as per review comments. arch/x86/Kconfig | 1 + arch/x86/include/asm/tdx.h | 6 ++++++ arch/x86/kernel/tdx.c | 9 +++++++++ 3 files changed, 16 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 7bc371d8ad7d..7e7ac99c4f4c 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -879,6 +879,7 @@ config INTEL_TDX_GUEST select X86_X2APIC select SECURITY_LOCKDOWN_LSM select ARCH_HAS_PROTECTED_GUEST + select X86_MEM_ENCRYPT_COMMON help Provide support for running in a trusted domain on Intel processors equipped with Trusted Domain eXtenstions. TDX is a new Intel diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index dfdb303ef7e2..0808cbbde045 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -118,6 +118,8 @@ do { \ } while (0) #endif +extern phys_addr_t tdg_shared_mask(void); + #else // !CONFIG_INTEL_TDX_GUEST static inline bool is_tdx_guest(void) @@ -137,6 +139,10 @@ static inline bool tdg_early_handle_ve(struct pt_regs *regs) return false; } +static inline phys_addr_t tdg_shared_mask(void) +{ + return 0; +} #endif /* CONFIG_INTEL_TDX_GUEST */ #ifdef CONFIG_INTEL_TDX_GUEST_KVM diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c index 02a3273b09d2..29d4b06535ce 100644 --- a/arch/x86/kernel/tdx.c +++ b/arch/x86/kernel/tdx.c @@ -101,6 +101,12 @@ bool tdx_protected_guest_has(unsigned long flag) } EXPORT_SYMBOL_GPL(tdx_protected_guest_has); +/* The highest bit of a guest physical address is the "sharing" bit */ +phys_addr_t tdg_shared_mask(void) +{ + return 1ULL << (td_info.gpa_width - 1); +} + static void tdg_get_info(void) { u64 ret; @@ -112,6 +118,9 @@ static void tdg_get_info(void) td_info.gpa_width = out.rcx & GENMASK(5, 0); td_info.attributes = out.rdx; + + /* Exclude Shared bit from the __PHYSICAL_MASK */ + physical_mask &= ~tdg_shared_mask(); } static __cpuidle void tdg_halt(void) -- 2.25.1