* Re: [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register
[not found] <draft-87fsrkmy2c.ffs@tglx>
@ 2021-11-25 17:03 ` Thomas Gleixner
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Gleixner @ 2021-11-25 17:03 UTC (permalink / raw)
To: isaku.yamahata, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, erdemaktas, Connor Kuehl, Sean Christopherson,
linux-kernel, kvm
Cc: isaku.yamahata, isaku.yamahata, Xiaoyao Li
On Thu, Nov 25 2021 at 09:36, Thomas Gleixner wrote:
>>
>> + if (boot_cpu_has(X86_FEATURE_TME)) {
cpu_feature_enabled() as Borislav pointed out several times already.
>> + u64 tme_activate;
>> +
>> + rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate);
>> + if (TME_ACTIVATE_LOCKED(tme_activate) &&
>> + TME_ACTIVATE_ENABLED(tme_activate)) {
>> + phys_addr -= TME_ACTIVATE_KEYID_BITS(tme_activate);
>> + }
>> + }
>> size_or_mask = SIZE_OR_MASK_BITS(phys_addr);
>> size_and_mask = ~size_or_mask & 0xfffff00000ULL;
>> } else if (boot_cpu_data.x86_vendor == X86_VENDOR_CENTAUR &&
^ permalink raw reply [flat|nested] 2+ messages in thread
* [RFC PATCH v3 00/59] KVM: X86: TDX support
@ 2021-11-25 0:19 isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register isaku.yamahata
0 siblings, 1 reply; 2+ messages in thread
From: isaku.yamahata @ 2021-11-25 0:19 UTC (permalink / raw)
To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, erdemaktas, Connor Kuehl, Sean Christopherson,
linux-kernel, kvm
Cc: isaku.yamahata, isaku.yamahata
From: Isaku Yamahata <isaku.yamahata@intel.com>
Changes from v2:
- update based on patch review
- support TDP MMU
- drop non-essential fetures (ftrace etc.) to reduce patch size
TODO:
- integrate vm type patch
- integrate unmapping user space mapping
---
* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from the
virtual-machine manager (VMM)/hypervisor and any other software on the
platform. [1] For details, the specifications, [2], [3], [4], [5], [6], [7], are
available.
* Patch organization
The patch 66 is main change. The preceding patches(1-65) The preceding
patches(01-61) are refactoring the code and introducing additional hooks.
- 01-13: They are preparations. introduce architecture constants, code
refactoring, export symbols for following patches.
- 14-30: start to introduce the new type of VM and allow the coexistence of
multiple type of VM. allow/disallow KVM ioctl where
appropriate. Especially make per-system ioctl to per-VM ioctl.
- 31-38: refactoring KVM VMX/MMU and adding new hooks for Secure EPT.
- 39-54: refactoring KVM
- 55: main patch to add "basic" support for building/running TDX.
- 56-57: TDP MMU support
- 58: support TDX hypercall, GetQuote and SetupEventNotifyInterrupt, that
requires qemu help
- 59: Documentation
* Missing features
Those major features are intentionally missing from this patch series to keep
this patch series small. They are addressed as independent patch series.
- qemu gdb stub support
- Large page support
- guest PMU support
- and more
Changes from v1:
- rebase to v5.13
- drop load/initialization of TDX module
- catch up the update of related specifications.
- rework on C-wrapper function to invoke seamcall
- various code clean up
[1] TDX specification
https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html
[2] Intel Trust Domain Extensions (Intel TDX)
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-final9-17.pdf
[3] Intel CPU Architectural Extensions Specification
https://software.intel.com/content/dam/develop/external/us/en/documents-tps/intel-tdx-cpu-architectural-specification.pdf
[4] Intel TDX Module 1.0 EAS
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-module-1eas-v0.85.039.pdf
[5] Intel TDX Loader Interface Specification
https://software.intel.com/content/dam/develop/external/us/en/documents-tps/intel-tdx-seamldr-interface-specification.pdf
[6] Intel TDX Guest-Hypervisor Communication Interface
https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface.pdf
[7] Intel TDX Virtual Firmware Design Guide
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
[8] intel public github
kvm TDX branch: https://github.com/intel/tdx/tree/kvm
TDX guest branch: https://github.com/intel/tdx/tree/guest
qemu TDX https://github.com/intel/qemu-tdx
[9] TDVF
https://github.com/tianocore/edk2-staging/tree/TDVF
Chao Gao (1):
KVM: x86: Add a helper function to restore 4 host MSRs on exit to user
space
Isaku Yamahata (9):
x86/mktme: move out MKTME related constatnts/macro to msr-index.h
x86/mtrr: mask out keyid bits from variable mtrr mask register
KVM: TDX: Define TDX architectural definitions
KVM: TDX: add a helper function for kvm to call seamcall
KVM: TDX: Add helper functions to print TDX SEAMCALL error
KVM: Add per-VM flag to mark read-only memory as unsupported
KVM: x86: add per-VM flags to disable SMI/INIT/SIPI
KVM: TDX: exit to user space on GET_QUOTE,
SETUP_EVENT_NOTIFY_INTERRUPT
Documentation/virtual/kvm: Add Trust Domain Extensions(TDX)
Kai Huang (3):
KVM: x86: Add per-VM flag to disable in-kernel I/O APIC and level
routes
KVM: TDX: Protect private mapping related SEAMCALLs with spinlock
KVM, x86/mmu: Support TDX private mapping for TDP MMU
Rick Edgecombe (1):
KVM: x86: Add infrastructure for stolen GPA bits
Sean Christopherson (44):
KVM: TDX: Add TDX "architectural" error codes
KVM: TDX: Add C wrapper functions for TDX SEAMCALLs
KVM: Export kvm_io_bus_read for use by TDX for PV MMIO
KVM: Enable hardware before doing arch VM initialization
KVM: x86: Split core of hypercall emulation to helper function
KVM: x86: Export kvm_mmio tracepoint for use by TDX for PV MMIO
KVM: x86/mmu: Zap only leaf SPTEs for deleted/moved memslot by default
KVM: Add max_vcpus field in common 'struct kvm'
KVM: x86: Add vm_type to differentiate legacy VMs from protected VMs
KVM: x86: Introduce "protected guest" concept and block disallowed
ioctls
KVM: x86: Add per-VM flag to disable direct IRQ injection
KVM: x86: Add flag to disallow #MC injection / KVM_X86_SETUP_MCE
KVM: x86: Add flag to mark TSC as immutable (for TDX)
KVM: Add per-VM flag to disable dirty logging of memslots for TDs
KVM: x86: Allow host-initiated WRMSR to set X2APIC regardless of CPUID
KVM: x86: Add kvm_x86_ops .cache_gprs() and .flush_gprs()
KVM: x86: Add support for vCPU and device-scoped KVM_MEMORY_ENCRYPT_OP
KVM: x86: Introduce vm_teardown() hook in kvm_arch_vm_destroy()
KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched
behavior
KVM: x86: Check for pending APICv interrupt in kvm_vcpu_has_events()
KVM: x86: Add option to force LAPIC expiration wait
KVM: x86: Add guest_supported_xss placholder
KVM: x86/mmu: Explicitly check for MMIO spte in fast page fault
KVM: x86/mmu: Ignore bits 63 and 62 when checking for "present" SPTEs
KVM: x86/mmu: Allow non-zero init value for shadow PTE
KVM: x86/mmu: Return old SPTE from mmu_spte_clear_track_bits()
KVM: x86/mmu: Frame in support for private/inaccessible shadow pages
KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX
KVM: x86/mmu: Allow per-VM override of the TDP max page level
KVM: VMX: Modify NMI and INTR handlers to take intr_info as param
KVM: VMX: Move NMI/exception handler to common helper
KVM: VMX: Split out guts of EPT violation to common/exposed function
KVM: VMX: Define EPT Violation architectural bits
KVM: VMX: Define VMCS encodings for shared EPT pointer
KVM: VMX: Add 'main.c' to wrap VMX and TDX
KVM: VMX: Move setting of EPT MMU masks to common VT-x code
KVM: VMX: Move register caching logic to common code
KVM: TDX: Define TDCALL exit reason
KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers
KVM: VMX: Add macro framework to read/write VMCS for VMs and TDs
KVM: VMX: Move AR_BYTES encoder/decoder helpers to common.h
KVM: VMX: MOVE GDT and IDT accessors to common code
KVM: VMX: Move .get_interrupt_shadow() implementation to common VMX
code
KVM: TDX: Add "basic" support for building and running Trust Domains
Xiaoyao Li (1):
KVM: X86: Introduce initial_tsc_khz in struct kvm_arch
Documentation/virt/kvm/api.rst | 9 +-
Documentation/virt/kvm/intel-tdx.rst | 359 ++++
arch/arm64/include/asm/kvm_host.h | 3 -
arch/arm64/kvm/arm.c | 7 +-
arch/arm64/kvm/vgic/vgic-init.c | 6 +-
arch/x86/events/intel/ds.c | 1 +
arch/x86/include/asm/kvm-x86-ops.h | 11 +
arch/x86/include/asm/kvm_host.h | 63 +-
arch/x86/include/asm/msr-index.h | 16 +
arch/x86/include/asm/vmx.h | 6 +
arch/x86/include/uapi/asm/kvm.h | 60 +
arch/x86/include/uapi/asm/vmx.h | 7 +-
arch/x86/kernel/cpu/intel.c | 14 -
arch/x86/kernel/cpu/mtrr/mtrr.c | 9 +
arch/x86/kvm/Makefile | 6 +-
arch/x86/kvm/ioapic.c | 4 +
arch/x86/kvm/irq_comm.c | 13 +-
arch/x86/kvm/lapic.c | 7 +-
arch/x86/kvm/lapic.h | 2 +-
arch/x86/kvm/mmu.h | 29 +-
arch/x86/kvm/mmu/mmu.c | 667 ++++++-
arch/x86/kvm/mmu/mmu_internal.h | 12 +
arch/x86/kvm/mmu/paging_tmpl.h | 32 +-
arch/x86/kvm/mmu/spte.c | 15 +-
arch/x86/kvm/mmu/spte.h | 51 +-
arch/x86/kvm/mmu/tdp_iter.h | 2 +-
arch/x86/kvm/mmu/tdp_mmu.c | 544 +++++-
arch/x86/kvm/mmu/tdp_mmu.h | 15 +-
arch/x86/kvm/svm/svm.c | 13 +-
arch/x86/kvm/vmx/common.h | 178 ++
arch/x86/kvm/vmx/main.c | 1152 ++++++++++++
arch/x86/kvm/vmx/posted_intr.c | 6 +
arch/x86/kvm/vmx/seamcall.h | 116 ++
arch/x86/kvm/vmx/tdx.c | 2437 +++++++++++++++++++++++++
arch/x86/kvm/vmx/tdx.h | 290 +++
arch/x86/kvm/vmx/tdx_arch.h | 239 +++
arch/x86/kvm/vmx/tdx_errno.h | 111 ++
arch/x86/kvm/vmx/tdx_error.c | 53 +
arch/x86/kvm/vmx/tdx_ops.h | 224 +++
arch/x86/kvm/vmx/tdx_stubs.c | 50 +
arch/x86/kvm/vmx/vmenter.S | 146 ++
arch/x86/kvm/vmx/vmx.c | 689 ++-----
arch/x86/kvm/vmx/x86_ops.h | 203 ++
arch/x86/kvm/x86.c | 276 ++-
include/linux/kvm_host.h | 5 +
include/uapi/linux/kvm.h | 59 +
tools/arch/x86/include/uapi/asm/kvm.h | 55 +
tools/include/uapi/linux/kvm.h | 2 +
virt/kvm/kvm_main.c | 34 +-
49 files changed, 7469 insertions(+), 839 deletions(-)
create mode 100644 Documentation/virt/kvm/intel-tdx.rst
create mode 100644 arch/x86/kvm/vmx/common.h
create mode 100644 arch/x86/kvm/vmx/main.c
create mode 100644 arch/x86/kvm/vmx/seamcall.h
create mode 100644 arch/x86/kvm/vmx/tdx.c
create mode 100644 arch/x86/kvm/vmx/tdx.h
create mode 100644 arch/x86/kvm/vmx/tdx_arch.h
create mode 100644 arch/x86/kvm/vmx/tdx_errno.h
create mode 100644 arch/x86/kvm/vmx/tdx_error.c
create mode 100644 arch/x86/kvm/vmx/tdx_ops.h
create mode 100644 arch/x86/kvm/vmx/tdx_stubs.c
create mode 100644 arch/x86/kvm/vmx/x86_ops.h
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread* [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register
2021-11-25 0:19 [RFC PATCH v3 00/59] KVM: X86: TDX support isaku.yamahata
@ 2021-11-25 0:19 ` isaku.yamahata
0 siblings, 0 replies; 2+ messages in thread
From: isaku.yamahata @ 2021-11-25 0:19 UTC (permalink / raw)
To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, erdemaktas, Connor Kuehl, Sean Christopherson,
linux-kernel, kvm
Cc: isaku.yamahata, isaku.yamahata, Xiaoyao Li
From: Isaku Yamahata <isaku.yamahata@intel.com>
This is a preparation for TDX support. TDX repurposes high bits of physcial
address to private key ID similarly to MKTME.
IA32_TME_ACTIVATE.MK_TME_KEYID_BITS has same meaning for both TDX
disabled/enable for compatibility.
MTRR calculates mask based on available physical address bits. MKTME
repurpose high bit of physical address to key id for key id. CPUID MAX_PA
remains same and the bits stolen for key id is controlled IA32_TME_ACTIVATE
MSR bit 35:32. Because Key ID bits shouldn't affects memory cachability,
MTRR mask should exclude bits repourposed for Key ID. It's OS
responsibility to maintain cache coherency. detect_tme @
arch/x86/kernel/cpu/intel.c detects tme and destract it from total usable
physical bits. This patch adds same logic needed for MTRR.
Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
arch/x86/kernel/cpu/mtrr/mtrr.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/x86/kernel/cpu/mtrr/mtrr.c b/arch/x86/kernel/cpu/mtrr/mtrr.c
index 2746cac9d8a9..79eaf6ed20a6 100644
--- a/arch/x86/kernel/cpu/mtrr/mtrr.c
+++ b/arch/x86/kernel/cpu/mtrr/mtrr.c
@@ -713,6 +713,15 @@ void __init mtrr_bp_init(void)
boot_cpu_data.x86_stepping == 0x4))
phys_addr = 36;
+ if (boot_cpu_has(X86_FEATURE_TME)) {
+ u64 tme_activate;
+
+ rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate);
+ if (TME_ACTIVATE_LOCKED(tme_activate) &&
+ TME_ACTIVATE_ENABLED(tme_activate)) {
+ phys_addr -= TME_ACTIVATE_KEYID_BITS(tme_activate);
+ }
+ }
size_or_mask = SIZE_OR_MASK_BITS(phys_addr);
size_and_mask = ~size_or_mask & 0xfffff00000ULL;
} else if (boot_cpu_data.x86_vendor == X86_VENDOR_CENTAUR &&
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-25 17:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <draft-87fsrkmy2c.ffs@tglx>
2021-11-25 17:03 ` [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register Thomas Gleixner
2021-11-25 0:19 [RFC PATCH v3 00/59] KVM: X86: TDX support isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register isaku.yamahata
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).