From: Isaku Yamahata <isaku.yamahata@linux.intel.com>
To: Kai Huang <kai.huang@intel.com>
Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
x86@kernel.org, dave.hansen@intel.com,
kirill.shutemov@linux.intel.com, peterz@infradead.org,
tony.luck@intel.com, tglx@linutronix.de, bp@alien8.de,
mingo@redhat.com, hpa@zytor.com, seanjc@google.com,
pbonzini@redhat.com, rafael@kernel.org, david@redhat.com,
dan.j.williams@intel.com, len.brown@intel.com,
ak@linux.intel.com, isaku.yamahata@intel.com,
ying.huang@intel.com, chao.gao@intel.com,
sathyanarayanan.kuppuswamy@linux.intel.com, nik.borisov@suse.com,
bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com,
isaku.yamahata@linux.intel.com
Subject: Re: [PATCH v15 09/23] x86/virt/tdx: Get module global metadata for module initialization
Date: Wed, 15 Nov 2023 11:35:50 -0800 [thread overview]
Message-ID: <20231115193550.GC1109547@ls.amr.corp.intel.com> (raw)
In-Reply-To: <30906e3cf94fe48d713de21a04ffd260bd1a7268.1699527082.git.kai.huang@intel.com>
On Fri, Nov 10, 2023 at 12:55:46AM +1300,
Kai Huang <kai.huang@intel.com> wrote:
> The TDX module global metadata provides system-wide information about
> the module. The TDX module provides SEAMCALls to allow the kernel to
> query one specific global metadata field (entry) or all fields.
>
> TL;DR:
>
> Use the TDH.SYS.RD SEAMCALL to read the essential global metadata for
> module initialization, and at the same time, to only initialize TDX
> module with version 1.5 and later.
>
> Long Version:
>
> 1) Only initialize TDX module with version 1.5 and later
>
> TDX module 1.0 has some compatibility issues with the later versions of
> module, as documented in the "Intel TDX module ABI incompatibilities
> between TDX1.0 and TDX1.5" spec. Basically there's no value to use TDX
> module 1.0 when TDX module 1.5 and later versions are already available.
> To keep things simple, just support initializing the TDX module 1.5 and
> later.
>
> 2) Get the essential global metadata for module initialization
>
> TDX reports a list of "Convertible Memory Region" (CMR) to tell the
> kernel which memory is TDX compatible. The kernel needs to build a list
> of memory regions (out of CMRs) as "TDX-usable" memory and pass them to
> the TDX module. The kernel does this by constructing a list of "TD
> Memory Regions" (TDMRs) to cover all these memory regions and passing
> them to the TDX module.
>
> Each TDMR is a TDX architectural data structure containing the memory
> region that the TDMR covers, plus the information to track (within this
> TDMR): a) the "Physical Address Metadata Table" (PAMT) to track each TDX
> memory page's status (such as which TDX guest "owns" a given page, and
> b) the "reserved areas" to tell memory holes that cannot be used as TDX
> memory.
>
> The kernel needs to get below metadata from the TDX module to build the
> list of TDMRs: a) the maximum number of supported TDMRs, b) the maximum
> number of supported reserved areas per TDMR and, c) the PAMT entry size
> for each TDX-supported page size.
>
> Note the TDX module internally checks whether the "TDX-usable" memory
> regions passed via TDMRs are truly convertible. Just skipping reading
> the CMRs and manually checking memory regions against them, but let the
> TDX module do the check.
>
> == Implementation ==
>
> TDX module 1.0 uses TDH.SYS.INFO SEAMCALL to report the global metadata
> in a fixed-size (1024-bytes) structure 'TDSYSINFO_STRUCT'. TDX module
> 1.5 adds more metadata fields, and introduces the new TDH.SYS.{RD|RDALL}
> SEAMCALLs for reading the metadata. The new metadata mechanism removes
> the fixed-size limitation of the structure 'TDSYSINFO_STRUCT' and allows
> the TDX module to support unlimited number of metadata fields.
>
> TDX module 1.5 and later versions still support the TDH.SYS.INFO for
> compatibility to the TDX module 1.0, but it may only report part of
> metadata via the 'TDSYSINFO_STRUCT'. For any new metadata the kernel
> must use TDH.SYS.{RD|RDALL} to read.
>
> To achieve the above two goals mentioned in 1) and 2), just use the
> TDH.SYS.RD to read the essential metadata fields related to the TDMRs.
>
> TDH.SYS.RD returns *one* metadata field at a given "Metadata Field ID".
> It is enough for getting these few fields for module initialization.
> On the other hand, TDH.SYS.RDALL reports all metadata fields to a 4KB
> buffer provided by the kernel which is a little bit overkill here.
>
> It may be beneficial to get all metadata fields at once here so they can
> also be used by KVM (some are essential for creating basic TDX guests),
> but technically it's unknown how many 4K pages are needed to fill all
> the metadata. Thus it's better to read metadata when needed.
>
> Signed-off-by: Kai Huang <kai.huang@intel.com>
> ---
>
> v14 -> v15:
> - New patch to use TDH.SYS.RD to read TDX module global metadata for
> module initialization and stop initializing 1.0 module.
>
> ---
> arch/x86/include/asm/shared/tdx.h | 1 +
> arch/x86/virt/vmx/tdx/tdx.c | 75 ++++++++++++++++++++++++++++++-
> arch/x86/virt/vmx/tdx/tdx.h | 39 ++++++++++++++++
> 3 files changed, 114 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h
> index a4036149c484..fdfd41511b02 100644
> --- a/arch/x86/include/asm/shared/tdx.h
> +++ b/arch/x86/include/asm/shared/tdx.h
> @@ -59,6 +59,7 @@
> #define TDX_PS_4K 0
> #define TDX_PS_2M 1
> #define TDX_PS_1G 2
> +#define TDX_PS_NR (TDX_PS_1G + 1)
>
> #ifndef __ASSEMBLY__
>
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index d1affb30f74d..d24027993983 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -235,8 +235,75 @@ static int build_tdx_memlist(struct list_head *tmb_list)
> return ret;
> }
>
> +static int read_sys_metadata_field(u64 field_id, u64 *data)
> +{
> + struct tdx_module_args args = {};
> + int ret;
> +
> + /*
> + * TDH.SYS.RD -- reads one global metadata field
> + * - RDX (in): the field to read
> + * - R8 (out): the field data
> + */
> + args.rdx = field_id;
> + ret = seamcall_prerr_ret(TDH_SYS_RD, &args);
> + if (ret)
> + return ret;
> +
> + *data = args.r8;
> +
> + return 0;
> +}
> +
> +static int read_sys_metadata_field16(u64 field_id, u16 *data)
> +{
> + u64 _data;
> + int ret;
> +
> + if (WARN_ON_ONCE(MD_FIELD_ID_ELE_SIZE_CODE(field_id) !=
> + MD_FIELD_ID_ELE_SIZE_16BIT))
> + return -EINVAL;
> +
> + ret = read_sys_metadata_field(field_id, &_data);
> + if (ret)
> + return ret;
> +
> + *data = (u16)_data;
> +
> + return 0;
> +}
> +
> +static int get_tdx_tdmr_sysinfo(struct tdx_tdmr_sysinfo *tdmr_sysinfo)
> +{
> + int ret;
> +
> + ret = read_sys_metadata_field16(MD_FIELD_ID_MAX_TDMRS,
> + &tdmr_sysinfo->max_tdmrs);
> + if (ret)
> + return ret;
> +
> + ret = read_sys_metadata_field16(MD_FIELD_ID_MAX_RESERVED_PER_TDMR,
> + &tdmr_sysinfo->max_reserved_per_tdmr);
> + if (ret)
> + return ret;
> +
> + ret = read_sys_metadata_field16(MD_FIELD_ID_PAMT_4K_ENTRY_SIZE,
> + &tdmr_sysinfo->pamt_entry_size[TDX_PS_4K]);
> + if (ret)
> + return ret;
> +
> + ret = read_sys_metadata_field16(MD_FIELD_ID_PAMT_2M_ENTRY_SIZE,
> + &tdmr_sysinfo->pamt_entry_size[TDX_PS_2M]);
> + if (ret)
> + return ret;
> +
> + return read_sys_metadata_field16(MD_FIELD_ID_PAMT_1G_ENTRY_SIZE,
> + &tdmr_sysinfo->pamt_entry_size[TDX_PS_1G]);
> +}
> +
Now we don't query the versions, build info, attributes, and etc. Because it's
important to know its version/attributes, can we query and print them
as before? Maybe with another path.
In long term, those info would be exported via sysfs, though.
--
Isaku Yamahata <isaku.yamahata@linux.intel.com>
next prev parent reply other threads:[~2023-11-15 19:35 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-09 11:55 [PATCH v15 00/23] TDX host kernel support Kai Huang
2023-11-09 11:55 ` [PATCH v15 01/23] x86/virt/tdx: Detect TDX during kernel boot Kai Huang
2023-11-09 11:55 ` [PATCH v15 02/23] x86/tdx: Define TDX supported page sizes as macros Kai Huang
2023-11-09 11:55 ` [PATCH v15 03/23] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC Kai Huang
2023-11-09 11:55 ` [PATCH v15 04/23] x86/cpu: Detect TDX partial write machine check erratum Kai Huang
2023-11-09 11:55 ` [PATCH v15 05/23] x86/virt/tdx: Handle SEAMCALL no entropy error in common code Kai Huang
2023-11-09 16:38 ` Dave Hansen
2023-11-14 19:24 ` Isaku Yamahata
2023-11-15 10:41 ` Huang, Kai
2023-11-15 19:26 ` Isaku Yamahata
2023-11-09 11:55 ` [PATCH v15 06/23] x86/virt/tdx: Add SEAMCALL error printing for module initialization Kai Huang
2023-11-09 11:55 ` [PATCH v15 07/23] x86/virt/tdx: Add skeleton to enable TDX on demand Kai Huang
2023-11-09 11:55 ` [PATCH v15 08/23] x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory Kai Huang
2024-12-05 7:57 ` Mike Rapoport
2024-12-05 9:06 ` Nikolay Borisov
2024-12-05 12:25 ` Huang, Kai
2024-12-05 16:30 ` Mike Rapoport
2023-11-09 11:55 ` [PATCH v15 09/23] x86/virt/tdx: Get module global metadata for module initialization Kai Huang
2023-11-09 23:29 ` Dave Hansen
2023-11-10 2:23 ` Huang, Kai
2023-11-15 19:35 ` Isaku Yamahata [this message]
2023-11-16 3:19 ` Huang, Kai
2023-11-09 11:55 ` [PATCH v15 10/23] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions Kai Huang
2023-11-09 11:55 ` [PATCH v15 11/23] x86/virt/tdx: Fill out " Kai Huang
2023-11-09 11:55 ` [PATCH v15 12/23] x86/virt/tdx: Allocate and set up PAMTs for TDMRs Kai Huang
2023-11-09 11:55 ` [PATCH v15 13/23] x86/virt/tdx: Designate reserved areas for all TDMRs Kai Huang
2023-11-09 11:55 ` [PATCH v15 14/23] x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID Kai Huang
2023-11-09 11:55 ` [PATCH v15 15/23] x86/virt/tdx: Configure global KeyID on all packages Kai Huang
2023-11-09 11:55 ` [PATCH v15 16/23] x86/virt/tdx: Initialize all TDMRs Kai Huang
2023-11-09 11:55 ` [PATCH v15 17/23] x86/kexec: Flush cache of TDX private memory Kai Huang
2023-11-27 18:13 ` Dave Hansen
2023-11-27 19:33 ` Huang, Kai
2023-11-27 20:02 ` Huang, Kai
2023-11-27 20:05 ` Dave Hansen
2023-11-27 20:52 ` Huang, Kai
2023-11-27 21:06 ` Dave Hansen
2023-11-27 22:09 ` Huang, Kai
2023-11-09 11:55 ` [PATCH v15 18/23] x86/virt/tdx: Keep TDMRs when module initialization is successful Kai Huang
2023-11-09 11:55 ` [PATCH v15 19/23] x86/virt/tdx: Improve readability of module initialization error handling Kai Huang
2023-11-09 11:55 ` [PATCH v15 20/23] x86/kexec(): Reset TDX private memory on platforms with TDX erratum Kai Huang
2023-11-09 11:55 ` [PATCH v15 21/23] x86/virt/tdx: Handle TDX interaction with ACPI S3 and deeper states Kai Huang
2023-11-30 17:20 ` Dave Hansen
2023-11-09 11:55 ` [PATCH v15 22/23] x86/mce: Improve error log of kernel space TDX #MC due to erratum Kai Huang
2023-11-30 18:01 ` Tony Luck
2023-12-01 20:35 ` Dave Hansen
2023-12-03 11:44 ` Huang, Kai
2023-12-04 17:07 ` Dave Hansen
2023-12-04 21:00 ` Huang, Kai
2023-12-04 22:04 ` Dave Hansen
2023-12-04 23:24 ` Huang, Kai
2023-12-04 23:39 ` Dave Hansen
2023-12-04 23:56 ` Huang, Kai
2023-12-05 2:04 ` Sean Christopherson
2023-12-05 16:36 ` Dave Hansen
2023-12-05 16:53 ` Sean Christopherson
2023-12-05 16:36 ` Luck, Tony
2023-12-05 16:57 ` Sean Christopherson
2023-12-04 23:41 ` Huang, Kai
2023-12-05 14:25 ` Borislav Petkov
2023-12-05 19:41 ` Huang, Kai
2023-12-05 19:56 ` Borislav Petkov
2023-12-05 20:08 ` Huang, Kai
2023-12-05 20:29 ` Borislav Petkov
2023-12-05 20:33 ` Huang, Kai
2023-12-05 20:41 ` Borislav Petkov
2023-12-05 20:49 ` Dave Hansen
2023-12-05 20:58 ` Huang, Kai
2023-11-09 11:56 ` [PATCH v15 23/23] Documentation/x86: Add documentation for TDX host support Kai Huang
2023-11-13 8:40 ` [PATCH v15 00/23] TDX host kernel support Nikolay Borisov
2023-11-13 9:11 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231115193550.GC1109547@ls.amr.corp.intel.com \
--to=isaku.yamahata@linux.intel.com \
--cc=ak@linux.intel.com \
--cc=bagasdotme@gmail.com \
--cc=bp@alien8.de \
--cc=chao.gao@intel.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=david@redhat.com \
--cc=hpa@zytor.com \
--cc=imammedo@redhat.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rafael@kernel.org \
--cc=sagis@google.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
--cc=ying.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox