From: Kai Huang <kai.huang@intel.com>
To: pbonzini@redhat.com, seanjc@google.com
Cc: rick.p.edgecombe@intel.com, dave.hansen@intel.com,
yan.y.zhao@intel.com, isaku.yamahata@intel.com,
kai.huang@intel.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, tony.lindgren@intel.com,
xiaoyao.li@intel.com, reinette.chatre@intel.com
Subject: [PATCH v2.1 03/25] x86/virt/tdx: Read essential global metadata for KVM
Date: Sat, 21 Dec 2024 01:07:04 +0000 [thread overview]
Message-ID: <20241221010704.14155-1-kai.huang@intel.com> (raw)
In-Reply-To: <20241030190039.77971-4-rick.p.edgecombe@intel.com>
KVM needs two classes of global metadata to create and run TDX guests:
- "TD Control Structures"
- "TD Configurability"
The first class contains the sizes of TDX guest per-VM and per-vCPU
control structures. KVM will need to use them to allocate enough space
for those control structures.
The second class contains info which reports things like which features
are configurable to TDX guests. KVM will need to use them to properly
configure TDX guests.
Read them for KVM TDX to use.
Basically, the code change is auto-generated by adding below to the
script in [1]:
"td_ctrl": [
"TDR_BASE_SIZE",
"TDCS_BASE_SIZE",
"TDVPS_BASE_SIZE",
],
"td_conf": [
"ATTRIBUTES_FIXED0",
"ATTRIBUTES_FIXED1",
"XFAM_FIXED0",
"XFAM_FIXED1",
"NUM_CPUID_CONFIG",
"MAX_VCPUS_PER_TD",
"CPUID_CONFIG_LEAVES",
"CPUID_CONFIG_VALUES",
],
.. and re-running the script:
#python tdx_global_metadata.py global_metadata.json \
tdx_global_metadata.h tdx_global_metadata.c
.. but unfortunately with some tweaks:
The "Intel TDX Module v1.5.09 ABI Definitions" JSON files[2], which
describe the TDX module ABI to the kernel, were expected to maintain
backward compatibility. However, it turns out there are plans to change
the JSON per module release. Specifically, the maximum number of
CPUID_CONFIGs, i.e., CPUID_CONFIG_{LEAVES|VALUES} is one of the fields
expected to change.
This is obviously problematic for the kernel, and needs to be addressed
by the TDX Module team. Negotiations on clarifying ABI boundary in the
spec for future models are ongoing. In the meantime, the TDX module
team has agreed to not increase this specific field beyond 128 entries
without an opt in.
So for now just tweak the JSON to change "Num Fields" from 32 to 128 and
generate a fixed-size (128) array for CPUID_CONFIG_{LEAVES|VALUES}.
Also, due to all those ABI breakages (and module bugs), be paranoid by
generating additional checks to make sure NUM_CPUID_CONFIG will never
exceed the array size of CPUID_CONFIG_{LEAVES|VALUES} to protect the
kernel from the module breakages. With those checks, detecting a
breakage will just result in module initialization failure.
Link: https://lore.kernel.org/762a50133300710771337398284567b299a86f67.camel@intel.com/ [1]
Link: https://cdrdv2.intel.com/v1/dl/getContent/795381 [2]
Signed-off-by: Kai Huang <kai.huang@intel.com>
---
v2 -> v2.1
- Bump array size for CPUID_CONFIGs to 128
- Add paranoid checks to protect against incorrect NUM_CPUID_CONFIG.
- Update changelog accordingly.
Note: this is based on kvm-coco-queue which has v7 of TDX host metadata
series which has patches to read TDX module version and CMRs. It will
have conflicts to resolve when rebasing to the v9 patches currently
queued in tip/x86/tdx.
uAPI breakout v2:
- New patch
---
arch/x86/include/asm/tdx_global_metadata.h | 19 ++++++++
arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 50 +++++++++++++++++++++
2 files changed, 69 insertions(+)
diff --git a/arch/x86/include/asm/tdx_global_metadata.h b/arch/x86/include/asm/tdx_global_metadata.h
index fde370b855f1..cfef9e5e4d93 100644
--- a/arch/x86/include/asm/tdx_global_metadata.h
+++ b/arch/x86/include/asm/tdx_global_metadata.h
@@ -32,11 +32,30 @@ struct tdx_sys_info_cmr {
u64 cmr_size[32];
};
+struct tdx_sys_info_td_ctrl {
+ u16 tdr_base_size;
+ u16 tdcs_base_size;
+ u16 tdvps_base_size;
+};
+
+struct tdx_sys_info_td_conf {
+ u64 attributes_fixed0;
+ u64 attributes_fixed1;
+ u64 xfam_fixed0;
+ u64 xfam_fixed1;
+ u16 num_cpuid_config;
+ u16 max_vcpus_per_td;
+ u64 cpuid_config_leaves[128];
+ u64 cpuid_config_values[128][2];
+};
+
struct tdx_sys_info {
struct tdx_sys_info_version version;
struct tdx_sys_info_features features;
struct tdx_sys_info_tdmr tdmr;
struct tdx_sys_info_cmr cmr;
+ struct tdx_sys_info_td_ctrl td_ctrl;
+ struct tdx_sys_info_td_conf td_conf;
};
#endif
diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
index 2fe57e084453..d96dbfb43574 100644
--- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
+++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c
@@ -76,6 +76,54 @@ static int get_tdx_sys_info_cmr(struct tdx_sys_info_cmr *sysinfo_cmr)
return ret;
}
+static int get_tdx_sys_info_td_ctrl(struct tdx_sys_info_td_ctrl *sysinfo_td_ctrl)
+{
+ int ret = 0;
+ u64 val;
+
+ if (!ret && !(ret = read_sys_metadata_field(0x9800000100000000, &val)))
+ sysinfo_td_ctrl->tdr_base_size = val;
+ if (!ret && !(ret = read_sys_metadata_field(0x9800000100000100, &val)))
+ sysinfo_td_ctrl->tdcs_base_size = val;
+ if (!ret && !(ret = read_sys_metadata_field(0x9800000100000200, &val)))
+ sysinfo_td_ctrl->tdvps_base_size = val;
+
+ return ret;
+}
+
+static int get_tdx_sys_info_td_conf(struct tdx_sys_info_td_conf *sysinfo_td_conf)
+{
+ int ret = 0;
+ u64 val;
+ int i, j;
+
+ if (!ret && !(ret = read_sys_metadata_field(0x1900000300000000, &val)))
+ sysinfo_td_conf->attributes_fixed0 = val;
+ if (!ret && !(ret = read_sys_metadata_field(0x1900000300000001, &val)))
+ sysinfo_td_conf->attributes_fixed1 = val;
+ if (!ret && !(ret = read_sys_metadata_field(0x1900000300000002, &val)))
+ sysinfo_td_conf->xfam_fixed0 = val;
+ if (!ret && !(ret = read_sys_metadata_field(0x1900000300000003, &val)))
+ sysinfo_td_conf->xfam_fixed1 = val;
+ if (!ret && !(ret = read_sys_metadata_field(0x9900000100000004, &val)))
+ sysinfo_td_conf->num_cpuid_config = val;
+ if (!ret && !(ret = read_sys_metadata_field(0x9900000100000008, &val)))
+ sysinfo_td_conf->max_vcpus_per_td = val;
+ if (sysinfo_td_conf->num_cpuid_config > ARRAY_SIZE(sysinfo_td_conf->cpuid_config_leaves))
+ return -EINVAL;
+ for (i = 0; i < sysinfo_td_conf->num_cpuid_config; i++)
+ if (!ret && !(ret = read_sys_metadata_field(0x9900000300000400 + i, &val)))
+ sysinfo_td_conf->cpuid_config_leaves[i] = val;
+ if (sysinfo_td_conf->num_cpuid_config > ARRAY_SIZE(sysinfo_td_conf->cpuid_config_values))
+ return -EINVAL;
+ for (i = 0; i < sysinfo_td_conf->num_cpuid_config; i++)
+ for (j = 0; j < 2; j++)
+ if (!ret && !(ret = read_sys_metadata_field(0x9900000300000500 + i * 2 + j, &val)))
+ sysinfo_td_conf->cpuid_config_values[i][j] = val;
+
+ return ret;
+}
+
static int get_tdx_sys_info(struct tdx_sys_info *sysinfo)
{
int ret = 0;
@@ -84,6 +132,8 @@ static int get_tdx_sys_info(struct tdx_sys_info *sysinfo)
ret = ret ?: get_tdx_sys_info_features(&sysinfo->features);
ret = ret ?: get_tdx_sys_info_tdmr(&sysinfo->tdmr);
ret = ret ?: get_tdx_sys_info_cmr(&sysinfo->cmr);
+ ret = ret ?: get_tdx_sys_info_td_ctrl(&sysinfo->td_ctrl);
+ ret = ret ?: get_tdx_sys_info_td_conf(&sysinfo->td_conf);
return ret;
}
--
2.43.0
next prev parent reply other threads:[~2024-12-21 1:07 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-30 19:00 [PATCH v2 00/25] TDX vCPU/VM creation Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 01/25] x86/virt/tdx: Share the global metadata structure for KVM to use Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 02/25] KVM: TDX: Get TDX global information Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 03/25] x86/virt/tdx: Read essential global metadata for KVM Rick Edgecombe
2024-12-06 8:37 ` Xiaoyao Li
2024-12-06 16:13 ` Huang, Kai
2024-12-06 16:18 ` Huang, Kai
2024-12-06 16:24 ` Dave Hansen
2024-12-07 0:00 ` Huang, Kai
2024-12-12 0:31 ` Edgecombe, Rick P
2024-12-21 1:17 ` Huang, Kai
2024-12-21 1:07 ` Kai Huang [this message]
2024-10-30 19:00 ` [PATCH v2 04/25] x86/virt/tdx: Add tdx_guest_keyid_alloc/free() to alloc and free TDX guest KeyID Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 05/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management Rick Edgecombe
2024-11-12 20:09 ` Dave Hansen
2024-11-14 0:01 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 06/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX TD creation Rick Edgecombe
2024-11-12 20:17 ` Dave Hansen
2024-11-12 21:21 ` Edgecombe, Rick P
2024-11-12 21:40 ` Dave Hansen
2024-10-30 19:00 ` [PATCH v2 07/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX vCPU creation Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 08/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX page cache management Rick Edgecombe
2024-10-31 3:57 ` Yan Zhao
2024-10-31 18:57 ` Edgecombe, Rick P
2024-10-31 23:33 ` Huang, Kai
2024-11-13 0:20 ` Dave Hansen
2024-11-13 20:51 ` Edgecombe, Rick P
2024-11-13 21:08 ` Dave Hansen
2024-11-13 21:25 ` Huang, Kai
2024-11-13 22:01 ` Edgecombe, Rick P
2024-11-13 21:44 ` Edgecombe, Rick P
2024-11-13 21:50 ` Dave Hansen
2024-11-13 22:00 ` Edgecombe, Rick P
2024-11-14 0:21 ` Huang, Kai
2024-11-14 0:32 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 09/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX VM/vCPU field access Rick Edgecombe
2025-01-05 9:45 ` Francesco Lavra
2025-01-06 18:59 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 10/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX flush operations Rick Edgecombe
2024-11-13 1:11 ` Dave Hansen
2024-11-13 21:18 ` Edgecombe, Rick P
2024-11-13 21:41 ` Dave Hansen
2024-11-13 21:48 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 11/25] KVM: TDX: Add placeholders for TDX VM/vCPU structures Rick Edgecombe
2025-01-05 10:58 ` Francesco Lavra
2025-01-06 19:00 ` Edgecombe, Rick P
2025-01-22 7:52 ` Tony Lindgren
2024-10-30 19:00 ` [PATCH v2 12/25] KVM: TDX: Define TDX architectural definitions Rick Edgecombe
2024-10-30 22:38 ` Huang, Kai
2024-10-30 22:53 ` Huang, Kai
2024-10-30 19:00 ` [PATCH v2 13/25] KVM: TDX: Add TDX "architectural" error codes Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 14/25] KVM: TDX: Add helper functions to print TDX SEAMCALL error Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 15/25] KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 16/25] KVM: TDX: Get system-wide info about TDX module on initialization Rick Edgecombe
2024-10-31 9:09 ` Binbin Wu
2024-10-31 9:18 ` Tony Lindgren
2024-10-31 9:22 ` Binbin Wu
2024-10-31 9:23 ` Xiaoyao Li
2024-10-31 9:37 ` Tony Lindgren
2024-10-31 14:27 ` Xiaoyao Li
2024-11-01 8:19 ` Tony Lindgren
2024-12-06 8:45 ` Xiaoyao Li
2024-12-10 9:35 ` Tony Lindgren
2025-01-08 2:34 ` Chao Gao
2025-01-08 5:41 ` Huang, Kai
2024-10-30 19:00 ` [PATCH v2 17/25] KVM: TDX: create/destroy VM structure Rick Edgecombe
2024-11-04 2:03 ` Chao Gao
2024-11-04 5:59 ` Tony Lindgren
2024-10-30 19:00 ` [PATCH v2 18/25] KVM: TDX: Support per-VM KVM_CAP_MAX_VCPUS extension check Rick Edgecombe
2025-01-05 22:12 ` Huang, Kai
2025-01-06 19:09 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 19/25] KVM: TDX: initialize VM with TDX specific parameters Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 20/25] KVM: TDX: Make pmu_intel.c ignore guest TD case Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 21/25] KVM: TDX: Don't offline the last cpu of one package when there's TDX guest Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 22/25] KVM: TDX: create/free TDX vcpu structure Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 23/25] KVM: TDX: Do TDX specific vcpu initialization Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 24/25] KVM: x86: Introduce KVM_TDX_GET_CPUID Rick Edgecombe
2024-11-01 6:39 ` Binbin Wu
2024-11-01 16:03 ` Edgecombe, Rick P
2025-01-09 11:07 ` Francesco Lavra
2025-01-10 4:29 ` Xiaoyao Li
2025-01-10 10:34 ` Francesco Lavra
2025-01-10 4:47 ` Xiaoyao Li
2025-01-21 20:24 ` Edgecombe, Rick P
2025-01-22 7:43 ` Xiaoyao Li
2025-01-23 19:44 ` Edgecombe, Rick P
2025-01-21 23:19 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 25/25] KVM: x86/mmu: Taking guest pa into consideration when calculate tdp level Rick Edgecombe
2024-10-31 19:21 ` [PATCH v2 00/25] TDX vCPU/VM creation Adrian Hunter
2024-11-11 9:49 ` Tony Lindgren
2024-11-12 7:26 ` Adrian Hunter
2024-11-12 9:57 ` Tony Lindgren
2024-11-12 21:26 ` Edgecombe, Rick P
2024-12-10 18:22 ` Paolo Bonzini
2024-12-23 16:25 ` Paolo Bonzini
2025-01-04 1:43 ` Edgecombe, Rick P
2025-01-05 21:32 ` Huang, Kai
2025-01-07 7:37 ` Tony Lindgren
2025-01-07 12:41 ` Nikolay Borisov
2025-01-08 5:28 ` Tony Lindgren
2025-01-08 15:01 ` Sean Christopherson
2025-01-09 7:04 ` Tony Lindgren
2025-01-22 8:27 ` Tony Lindgren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241221010704.14155-1-kai.huang@intel.com \
--to=kai.huang@intel.com \
--cc=dave.hansen@intel.com \
--cc=isaku.yamahata@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@intel.com \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox