* Re: [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register
[not found] <draft-87fsrkmy2c.ffs@tglx>
@ 2021-11-25 17:03 ` Thomas Gleixner
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Gleixner @ 2021-11-25 17:03 UTC (permalink / raw)
To: isaku.yamahata, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, erdemaktas, Connor Kuehl, Sean Christopherson,
linux-kernel, kvm
Cc: isaku.yamahata, isaku.yamahata, Xiaoyao Li
On Thu, Nov 25 2021 at 09:36, Thomas Gleixner wrote:
>>
>> + if (boot_cpu_has(X86_FEATURE_TME)) {
cpu_feature_enabled() as Borislav pointed out several times already.
>> + u64 tme_activate;
>> +
>> + rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate);
>> + if (TME_ACTIVATE_LOCKED(tme_activate) &&
>> + TME_ACTIVATE_ENABLED(tme_activate)) {
>> + phys_addr -= TME_ACTIVATE_KEYID_BITS(tme_activate);
>> + }
>> + }
>> size_or_mask = SIZE_OR_MASK_BITS(phys_addr);
>> size_and_mask = ~size_or_mask & 0xfffff00000ULL;
>> } else if (boot_cpu_data.x86_vendor == X86_VENDOR_CENTAUR &&
^ permalink raw reply [flat|nested] 2+ messages in thread
* [RFC PATCH v3 00/59] KVM: X86: TDX support
@ 2021-11-25 0:19 isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register isaku.yamahata
0 siblings, 1 reply; 2+ messages in thread
From: isaku.yamahata @ 2021-11-25 0:19 UTC (permalink / raw)
To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, erdemaktas, Connor Kuehl, Sean Christopherson,
linux-kernel, kvm
Cc: isaku.yamahata, isaku.yamahata
From: Isaku Yamahata <isaku.yamahata@intel.com>
Changes from v2:
- update based on patch review
- support TDP MMU
- drop non-essential fetures (ftrace etc.) to reduce patch size
TODO:
- integrate vm type patch
- integrate unmapping user space mapping
---
* What's TDX?
TDX stands for Trust Domain Extensions which isolates VMs from the
virtual-machine manager (VMM)/hypervisor and any other software on the
platform. [1] For details, the specifications, [2], [3], [4], [5], [6], [7], are
available.
* Patch organization
The patch 66 is main change. The preceding patches(1-65) The preceding
patches(01-61) are refactoring the code and introducing additional hooks.
- 01-13: They are preparations. introduce architecture constants, code
refactoring, export symbols for following patches.
- 14-30: start to introduce the new type of VM and allow the coexistence of
multiple type of VM. allow/disallow KVM ioctl where
appropriate. Especially make per-system ioctl to per-VM ioctl.
- 31-38: refactoring KVM VMX/MMU and adding new hooks for Secure EPT.
- 39-54: refactoring KVM
- 55: main patch to add "basic" support for building/running TDX.
- 56-57: TDP MMU support
- 58: support TDX hypercall, GetQuote and SetupEventNotifyInterrupt, that
requires qemu help
- 59: Documentation
* Missing features
Those major features are intentionally missing from this patch series to keep
this patch series small. They are addressed as independent patch series.
- qemu gdb stub support
- Large page support
- guest PMU support
- and more
Changes from v1:
- rebase to v5.13
- drop load/initialization of TDX module
- catch up the update of related specifications.
- rework on C-wrapper function to invoke seamcall
- various code clean up
[1] TDX specification
https://software.intel.com/content/www/us/en/develop/articles/intel-trust-domain-extensions.html
[2] Intel Trust Domain Extensions (Intel TDX)
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-final9-17.pdf
[3] Intel CPU Architectural Extensions Specification
https://software.intel.com/content/dam/develop/external/us/en/documents-tps/intel-tdx-cpu-architectural-specification.pdf
[4] Intel TDX Module 1.0 EAS
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-module-1eas-v0.85.039.pdf
[5] Intel TDX Loader Interface Specification
https://software.intel.com/content/dam/develop/external/us/en/documents-tps/intel-tdx-seamldr-interface-specification.pdf
[6] Intel TDX Guest-Hypervisor Communication Interface
https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface.pdf
[7] Intel TDX Virtual Firmware Design Guide
https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
[8] intel public github
kvm TDX branch: https://github.com/intel/tdx/tree/kvm
TDX guest branch: https://github.com/intel/tdx/tree/guest
qemu TDX https://github.com/intel/qemu-tdx
[9] TDVF
https://github.com/tianocore/edk2-staging/tree/TDVF
Chao Gao (1):
KVM: x86: Add a helper function to restore 4 host MSRs on exit to user
space
Isaku Yamahata (9):
x86/mktme: move out MKTME related constatnts/macro to msr-index.h
x86/mtrr: mask out keyid bits from variable mtrr mask register
KVM: TDX: Define TDX architectural definitions
KVM: TDX: add a helper function for kvm to call seamcall
KVM: TDX: Add helper functions to print TDX SEAMCALL error
KVM: Add per-VM flag to mark read-only memory as unsupported
KVM: x86: add per-VM flags to disable SMI/INIT/SIPI
KVM: TDX: exit to user space on GET_QUOTE,
SETUP_EVENT_NOTIFY_INTERRUPT
Documentation/virtual/kvm: Add Trust Domain Extensions(TDX)
Kai Huang (3):
KVM: x86: Add per-VM flag to disable in-kernel I/O APIC and level
routes
KVM: TDX: Protect private mapping related SEAMCALLs with spinlock
KVM, x86/mmu: Support TDX private mapping for TDP MMU
Rick Edgecombe (1):
KVM: x86: Add infrastructure for stolen GPA bits
Sean Christopherson (44):
KVM: TDX: Add TDX "architectural" error codes
KVM: TDX: Add C wrapper functions for TDX SEAMCALLs
KVM: Export kvm_io_bus_read for use by TDX for PV MMIO
KVM: Enable hardware before doing arch VM initialization
KVM: x86: Split core of hypercall emulation to helper function
KVM: x86: Export kvm_mmio tracepoint for use by TDX for PV MMIO
KVM: x86/mmu: Zap only leaf SPTEs for deleted/moved memslot by default
KVM: Add max_vcpus field in common 'struct kvm'
KVM: x86: Add vm_type to differentiate legacy VMs from protected VMs
KVM: x86: Introduce "protected guest" concept and block disallowed
ioctls
KVM: x86: Add per-VM flag to disable direct IRQ injection
KVM: x86: Add flag to disallow #MC injection / KVM_X86_SETUP_MCE
KVM: x86: Add flag to mark TSC as immutable (for TDX)
KVM: Add per-VM flag to disable dirty logging of memslots for TDs
KVM: x86: Allow host-initiated WRMSR to set X2APIC regardless of CPUID
KVM: x86: Add kvm_x86_ops .cache_gprs() and .flush_gprs()
KVM: x86: Add support for vCPU and device-scoped KVM_MEMORY_ENCRYPT_OP
KVM: x86: Introduce vm_teardown() hook in kvm_arch_vm_destroy()
KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched
behavior
KVM: x86: Check for pending APICv interrupt in kvm_vcpu_has_events()
KVM: x86: Add option to force LAPIC expiration wait
KVM: x86: Add guest_supported_xss placholder
KVM: x86/mmu: Explicitly check for MMIO spte in fast page fault
KVM: x86/mmu: Ignore bits 63 and 62 when checking for "present" SPTEs
KVM: x86/mmu: Allow non-zero init value for shadow PTE
KVM: x86/mmu: Return old SPTE from mmu_spte_clear_track_bits()
KVM: x86/mmu: Frame in support for private/inaccessible shadow pages
KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX
KVM: x86/mmu: Allow per-VM override of the TDP max page level
KVM: VMX: Modify NMI and INTR handlers to take intr_info as param
KVM: VMX: Move NMI/exception handler to common helper
KVM: VMX: Split out guts of EPT violation to common/exposed function
KVM: VMX: Define EPT Violation architectural bits
KVM: VMX: Define VMCS encodings for shared EPT pointer
KVM: VMX: Add 'main.c' to wrap VMX and TDX
KVM: VMX: Move setting of EPT MMU masks to common VT-x code
KVM: VMX: Move register caching logic to common code
KVM: TDX: Define TDCALL exit reason
KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers
KVM: VMX: Add macro framework to read/write VMCS for VMs and TDs
KVM: VMX: Move AR_BYTES encoder/decoder helpers to common.h
KVM: VMX: MOVE GDT and IDT accessors to common code
KVM: VMX: Move .get_interrupt_shadow() implementation to common VMX
code
KVM: TDX: Add "basic" support for building and running Trust Domains
Xiaoyao Li (1):
KVM: X86: Introduce initial_tsc_khz in struct kvm_arch
Documentation/virt/kvm/api.rst | 9 +-
Documentation/virt/kvm/intel-tdx.rst | 359 ++++
arch/arm64/include/asm/kvm_host.h | 3 -
arch/arm64/kvm/arm.c | 7 +-
arch/arm64/kvm/vgic/vgic-init.c | 6 +-
arch/x86/events/intel/ds.c | 1 +
arch/x86/include/asm/kvm-x86-ops.h | 11 +
arch/x86/include/asm/kvm_host.h | 63 +-
arch/x86/include/asm/msr-index.h | 16 +
arch/x86/include/asm/vmx.h | 6 +
arch/x86/include/uapi/asm/kvm.h | 60 +
arch/x86/include/uapi/asm/vmx.h | 7 +-
arch/x86/kernel/cpu/intel.c | 14 -
arch/x86/kernel/cpu/mtrr/mtrr.c | 9 +
arch/x86/kvm/Makefile | 6 +-
arch/x86/kvm/ioapic.c | 4 +
arch/x86/kvm/irq_comm.c | 13 +-
arch/x86/kvm/lapic.c | 7 +-
arch/x86/kvm/lapic.h | 2 +-
arch/x86/kvm/mmu.h | 29 +-
arch/x86/kvm/mmu/mmu.c | 667 ++++++-
arch/x86/kvm/mmu/mmu_internal.h | 12 +
arch/x86/kvm/mmu/paging_tmpl.h | 32 +-
arch/x86/kvm/mmu/spte.c | 15 +-
arch/x86/kvm/mmu/spte.h | 51 +-
arch/x86/kvm/mmu/tdp_iter.h | 2 +-
arch/x86/kvm/mmu/tdp_mmu.c | 544 +++++-
arch/x86/kvm/mmu/tdp_mmu.h | 15 +-
arch/x86/kvm/svm/svm.c | 13 +-
arch/x86/kvm/vmx/common.h | 178 ++
arch/x86/kvm/vmx/main.c | 1152 ++++++++++++
arch/x86/kvm/vmx/posted_intr.c | 6 +
arch/x86/kvm/vmx/seamcall.h | 116 ++
arch/x86/kvm/vmx/tdx.c | 2437 +++++++++++++++++++++++++
arch/x86/kvm/vmx/tdx.h | 290 +++
arch/x86/kvm/vmx/tdx_arch.h | 239 +++
arch/x86/kvm/vmx/tdx_errno.h | 111 ++
arch/x86/kvm/vmx/tdx_error.c | 53 +
arch/x86/kvm/vmx/tdx_ops.h | 224 +++
arch/x86/kvm/vmx/tdx_stubs.c | 50 +
arch/x86/kvm/vmx/vmenter.S | 146 ++
arch/x86/kvm/vmx/vmx.c | 689 ++-----
arch/x86/kvm/vmx/x86_ops.h | 203 ++
arch/x86/kvm/x86.c | 276 ++-
include/linux/kvm_host.h | 5 +
include/uapi/linux/kvm.h | 59 +
tools/arch/x86/include/uapi/asm/kvm.h | 55 +
tools/include/uapi/linux/kvm.h | 2 +
virt/kvm/kvm_main.c | 34 +-
49 files changed, 7469 insertions(+), 839 deletions(-)
create mode 100644 Documentation/virt/kvm/intel-tdx.rst
create mode 100644 arch/x86/kvm/vmx/common.h
create mode 100644 arch/x86/kvm/vmx/main.c
create mode 100644 arch/x86/kvm/vmx/seamcall.h
create mode 100644 arch/x86/kvm/vmx/tdx.c
create mode 100644 arch/x86/kvm/vmx/tdx.h
create mode 100644 arch/x86/kvm/vmx/tdx_arch.h
create mode 100644 arch/x86/kvm/vmx/tdx_errno.h
create mode 100644 arch/x86/kvm/vmx/tdx_error.c
create mode 100644 arch/x86/kvm/vmx/tdx_ops.h
create mode 100644 arch/x86/kvm/vmx/tdx_stubs.c
create mode 100644 arch/x86/kvm/vmx/x86_ops.h
--
2.25.1
^ permalink raw reply [flat|nested] 2+ messages in thread* [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register
2021-11-25 0:19 [RFC PATCH v3 00/59] KVM: X86: TDX support isaku.yamahata
@ 2021-11-25 0:19 ` isaku.yamahata
0 siblings, 0 replies; 2+ messages in thread
From: isaku.yamahata @ 2021-11-25 0:19 UTC (permalink / raw)
To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, H . Peter Anvin,
Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, erdemaktas, Connor Kuehl, Sean Christopherson,
linux-kernel, kvm
Cc: isaku.yamahata, isaku.yamahata, Xiaoyao Li
From: Isaku Yamahata <isaku.yamahata@intel.com>
This is a preparation for TDX support. TDX repurposes high bits of physcial
address to private key ID similarly to MKTME.
IA32_TME_ACTIVATE.MK_TME_KEYID_BITS has same meaning for both TDX
disabled/enable for compatibility.
MTRR calculates mask based on available physical address bits. MKTME
repurpose high bit of physical address to key id for key id. CPUID MAX_PA
remains same and the bits stolen for key id is controlled IA32_TME_ACTIVATE
MSR bit 35:32. Because Key ID bits shouldn't affects memory cachability,
MTRR mask should exclude bits repourposed for Key ID. It's OS
responsibility to maintain cache coherency. detect_tme @
arch/x86/kernel/cpu/intel.c detects tme and destract it from total usable
physical bits. This patch adds same logic needed for MTRR.
Co-developed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
arch/x86/kernel/cpu/mtrr/mtrr.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/arch/x86/kernel/cpu/mtrr/mtrr.c b/arch/x86/kernel/cpu/mtrr/mtrr.c
index 2746cac9d8a9..79eaf6ed20a6 100644
--- a/arch/x86/kernel/cpu/mtrr/mtrr.c
+++ b/arch/x86/kernel/cpu/mtrr/mtrr.c
@@ -713,6 +713,15 @@ void __init mtrr_bp_init(void)
boot_cpu_data.x86_stepping == 0x4))
phys_addr = 36;
+ if (boot_cpu_has(X86_FEATURE_TME)) {
+ u64 tme_activate;
+
+ rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate);
+ if (TME_ACTIVATE_LOCKED(tme_activate) &&
+ TME_ACTIVATE_ENABLED(tme_activate)) {
+ phys_addr -= TME_ACTIVATE_KEYID_BITS(tme_activate);
+ }
+ }
size_or_mask = SIZE_OR_MASK_BITS(phys_addr);
size_and_mask = ~size_or_mask & 0xfffff00000ULL;
} else if (boot_cpu_data.x86_vendor == X86_VENDOR_CENTAUR &&
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-11-25 17:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <draft-87fsrkmy2c.ffs@tglx>
2021-11-25 17:03 ` [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register Thomas Gleixner
2021-11-25 0:19 [RFC PATCH v3 00/59] KVM: X86: TDX support isaku.yamahata
2021-11-25 0:19 ` [RFC PATCH v3 02/59] x86/mtrr: mask out keyid bits from variable mtrr mask register isaku.yamahata
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.