From: Binbin Wu <binbin.wu@linux.intel.com>
To: Sagi Shahar <sagis@google.com>
Cc: linux-kselftest@vger.kernel.org,
Paolo Bonzini <pbonzini@redhat.com>,
Shuah Khan <shuah@kernel.org>,
Sean Christopherson <seanjc@google.com>,
Ackerley Tng <ackerleytng@google.com>,
Ryan Afranji <afranji@google.com>,
Andrew Jones <ajones@ventanamicro.com>,
Isaku Yamahata <isaku.yamahata@intel.com>,
Erdem Aktas <erdemaktas@google.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Roger Wang <runanwang@google.com>,
Oliver Upton <oliver.upton@linux.dev>,
"Pratik R. Sampat" <pratikrajesh.sampat@amd.com>,
Reinette Chatre <reinette.chatre@intel.com>,
Ira Weiny <ira.weiny@intel.com>, Chao Gao <chao.gao@intel.com>,
Chenyi Qiang <chenyi.qiang@intel.com>,
linux-kernel@vger.kernel.org, kvm@vger.kernel.org
Subject: Re: [PATCH v10 08/21] KVM: selftests: Add TDX boot code
Date: Mon, 8 Sep 2025 15:33:05 +0800 [thread overview]
Message-ID: <9232bfac-e3a3-49a1-a956-31e13e3ef6bf@linux.intel.com> (raw)
In-Reply-To: <20250904065453.639610-9-sagis@google.com>
On 9/4/2025 2:54 PM, Sagi Shahar wrote:
> From: Erdem Aktas <erdemaktas@google.com>
>
> Add code to boot a TDX test VM. Since TDX registers are inaccesible to
inaccesible -> inaccessible
> KVM, the boot code loads the relevant values from memory into the
> registers before jumping to the guest code.
>
> Signed-off-by: Erdem Aktas <erdemaktas@google.com>
> Co-developed-by: Ackerley Tng <ackerleytng@google.com>
> Signed-off-by: Ackerley Tng <ackerleytng@google.com>
> Co-developed-by: Sagi Shahar <sagis@google.com>
> Signed-off-by: Sagi Shahar <sagis@google.com>
Reviewed-by: Binbin Wu <binbin.wu@linux.intel.com>
> ---
> tools/testing/selftests/kvm/Makefile.kvm | 3 +
> .../selftests/kvm/include/x86/tdx/td_boot.h | 5 ++
> .../kvm/include/x86/tdx/td_boot_asm.h | 16 +++++
> .../selftests/kvm/lib/x86/tdx/td_boot.S | 60 +++++++++++++++++++
> 4 files changed, 84 insertions(+)
> create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h
> create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S
>
> diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selftests/kvm/Makefile.kvm
> index 3f93c093b046..d11d02e17cc5 100644
> --- a/tools/testing/selftests/kvm/Makefile.kvm
> +++ b/tools/testing/selftests/kvm/Makefile.kvm
> @@ -31,6 +31,7 @@ LIBKVM_x86 += lib/x86/sev.c
> LIBKVM_x86 += lib/x86/svm.c
> LIBKVM_x86 += lib/x86/ucall.c
> LIBKVM_x86 += lib/x86/vmx.c
> +LIBKVM_x86 += lib/x86/tdx/td_boot.S
>
> LIBKVM_arm64 += lib/arm64/gic.c
> LIBKVM_arm64 += lib/arm64/gic_v3.c
> @@ -336,6 +337,8 @@ $(LIBKVM_ASM_DEFS_OBJ): $(OUTPUT)/%.s: %.c FORCE
> $(LIBKVM_STRING_OBJ): $(OUTPUT)/%.o: %.c
> $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c -ffreestanding $< -o $@
>
> +$(OUTPUT)/lib/x86/tdx/td_boot.o: $(OUTPUT)/include/x86/tdx/td_boot_offsets.h
> +
> $(OUTPUT)/include/x86/tdx/td_boot_offsets.h: $(OUTPUT)/lib/x86/tdx/td_boot_offsets.s FORCE
> $(call filechk,offsets,__TDX_BOOT_OFFSETS_H__)
>
> diff --git a/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h b/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h
> index 8eda3ce10220..17c3083da9ca 100644
> --- a/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h
> +++ b/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h
> @@ -66,4 +66,9 @@ struct td_boot_parameters {
> struct td_per_vcpu_parameters per_vcpu[];
> };
>
> +void td_boot(void);
> +void td_boot_code_end(void);
> +
> +#define TD_BOOT_CODE_SIZE (td_boot_code_end - td_boot)
> +
> #endif /* SELFTEST_TDX_TD_BOOT_H */
> diff --git a/tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h b/tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h
> new file mode 100644
> index 000000000000..10b4b527595c
> --- /dev/null
> +++ b/tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h
> @@ -0,0 +1,16 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +#ifndef SELFTEST_TDX_TD_BOOT_ASM_H
> +#define SELFTEST_TDX_TD_BOOT_ASM_H
> +
> +/*
> + * GPA where TD boot parameters will be loaded.
> + *
> + * TD_BOOT_PARAMETERS_GPA is arbitrarily chosen to
> + *
> + * + be within the 4GB address space
> + * + provide enough contiguous memory for the struct td_boot_parameters such
> + * that there is one struct td_per_vcpu_parameters for KVM_MAX_VCPUS
> + */
> +#define TD_BOOT_PARAMETERS_GPA 0xffff0000
> +
> +#endif // SELFTEST_TDX_TD_BOOT_ASM_H
> diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S b/tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S
> new file mode 100644
> index 000000000000..7aa33caa9a78
> --- /dev/null
> +++ b/tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S
> @@ -0,0 +1,60 @@
> +/* SPDX-License-Identifier: GPL-2.0-only */
> +
> +#include "tdx/td_boot_asm.h"
> +#include "tdx/td_boot_offsets.h"
> +#include "processor_asm.h"
> +
> +.code32
> +
> +.globl td_boot
> +td_boot:
> + /* In this procedure, edi is used as a temporary register. */
> + cli
> +
> + /* Paging is off. */
> +
> + movl $TD_BOOT_PARAMETERS_GPA, %ebx
> +
> + /*
> + * Find the address of struct td_per_vcpu_parameters for this
> + * vCPU based on esi (TDX spec: initialized with vCPU id). Put
> + * struct address into register for indirect addressing.
> + */
> + movl $SIZEOF_TD_PER_VCPU_PARAMETERS, %eax
> + mul %esi
> + leal TD_BOOT_PARAMETERS_PER_VCPU(%ebx), %edi
> + addl %edi, %eax
> +
> + /* Setup stack. */
> + movl TD_PER_VCPU_PARAMETERS_ESP_GVA(%eax), %esp
> +
> + /* Setup GDT. */
> + leal TD_BOOT_PARAMETERS_GDT(%ebx), %edi
> + lgdt (%edi)
> +
> + /* Setup IDT. */
> + leal TD_BOOT_PARAMETERS_IDT(%ebx), %edi
> + lidt (%edi)
> +
> + /*
> + * Set up control registers (There are no instructions to mov from
> + * memory to control registers, hence use edi as a scratch register).
> + */
> + movl TD_BOOT_PARAMETERS_CR4(%ebx), %edi
> + movl %edi, %cr4
> + movl TD_BOOT_PARAMETERS_CR3(%ebx), %edi
> + movl %edi, %cr3
> + movl TD_BOOT_PARAMETERS_CR0(%ebx), %edi
> + movl %edi, %cr0
> +
> + /* Switching to 64bit mode after ljmp and then jump to guest code */
> + ljmp $(KERNEL_CS),$1f
> +1:
> + jmp *TD_PER_VCPU_PARAMETERS_GUEST_CODE(%eax)
> +
> +/* Leave marker so size of td_boot code can be computed. */
> +.globl td_boot_code_end
> +td_boot_code_end:
> +
> +/* Disable executable stack. */
> +.section .note.GNU-stack,"",%progbits
next prev parent reply other threads:[~2025-09-08 7:33 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-04 6:54 [PATCH v10 00/21] TDX KVM selftests Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 01/21] KVM: selftests: Allocate pgd in virt_map() as necessary Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 02/21] KVM: selftests: Expose functions to get default sregs values Sagi Shahar
2025-09-04 9:23 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 03/21] KVM: selftests: Expose function to allocate guest vCPU stack Sagi Shahar
2025-09-04 9:27 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 04/21] KVM: selftests: Update kvm_init_vm_address_properties() for TDX Sagi Shahar
2025-09-05 5:19 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 05/21] KVM: selftests: Expose segment definitons to assembly files Sagi Shahar
2025-09-05 5:24 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 06/21] KVM: selftests: Add kbuild definitons Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 07/21] KVM: selftests: Define structs to pass parameters to TDX boot code Sagi Shahar
2025-09-08 7:19 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 08/21] KVM: selftests: Add " Sagi Shahar
2025-09-08 7:33 ` Binbin Wu [this message]
2025-09-04 6:54 ` [PATCH v10 09/21] KVM: selftests: Set up TDX boot code region Sagi Shahar
2025-09-08 7:39 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 10/21] KVM: selftests: Set up TDX boot parameters region Sagi Shahar
2025-09-08 8:07 ` Binbin Wu
2025-09-25 17:13 ` Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 11/21] KVM: selftests: Add helper to initialize TDX VM Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 12/21] KVM: selftests: TDX: Use KVM_TDX_CAPABILITIES to validate TDs' attribute configuration Sagi Shahar
2025-09-08 9:22 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 13/21] KVM: selftests: Add helpers to init TDX memory and finalize VM Sagi Shahar
2025-09-10 6:49 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 14/21] KVM: selftests: Call TDX init when creating a new TDX vm Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 15/21] KVM: selftests: Setup memory regions for TDX on vm creation Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 16/21] KVM: selftests: Call KVM_TDX_INIT_VCPU when creating a new TDX vcpu Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 17/21] KVM: selftests: Set entry point for TDX guest code Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 18/21] KVM: selftests: Add support for TDX TDCALL from guest Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 19/21] KVM: selftests: Add wrapper for TDX MMIO " Sagi Shahar
2025-09-04 6:54 ` [PATCH v10 20/21] KVM: selftests: Add ucall support for TDX Sagi Shahar
2025-09-10 7:46 ` Binbin Wu
2025-09-04 6:54 ` [PATCH v10 21/21] KVM: selftests: Add TDX lifecycle test Sagi Shahar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9232bfac-e3a3-49a1-a956-31e13e3ef6bf@linux.intel.com \
--to=binbin.wu@linux.intel.com \
--cc=ackerleytng@google.com \
--cc=afranji@google.com \
--cc=ajones@ventanamicro.com \
--cc=chao.gao@intel.com \
--cc=chenyi.qiang@intel.com \
--cc=erdemaktas@google.com \
--cc=ira.weiny@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=oliver.upton@linux.dev \
--cc=pbonzini@redhat.com \
--cc=pratikrajesh.sampat@amd.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=runanwang@google.com \
--cc=sagis@google.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.