From: Xiaoyao Li <xiaoyao.li@intel.com>
To: Rick Edgecombe <rick.p.edgecombe@intel.com>,
pbonzini@redhat.com, seanjc@google.com
Cc: yan.y.zhao@intel.com, isaku.yamahata@gmail.com,
kai.huang@intel.com, kvm@vger.kernel.org,
linux-kernel@vger.kernel.org, tony.lindgren@linux.intel.com,
reinette.chatre@intel.com
Subject: Re: [PATCH v2 24/25] KVM: x86: Introduce KVM_TDX_GET_CPUID
Date: Fri, 10 Jan 2025 12:47:09 +0800 [thread overview]
Message-ID: <9e7d3f5c-156b-4257-965d-aae03beb5faa@intel.com> (raw)
In-Reply-To: <20241030190039.77971-25-rick.p.edgecombe@intel.com>
On 10/31/2024 3:00 AM, Rick Edgecombe wrote:
> From: Xiaoyao Li <xiaoyao.li@intel.com>
>
> Implement an IOCTL to allow userspace to read the CPUID bit values for a
> configured TD.
>
> The TDX module doesn't provide the ability to set all CPUID bits. Instead
> some are configured indirectly, or have fixed values. But it does allow
> for the final resulting CPUID bits to be read. This information will be
> useful for userspace to understand the configuration of the TD, and set
> KVM's copy via KVM_SET_CPUID2.
>
> To prevent userspace from starting to use features that might not have KVM
> support yet, filter the reported values by KVM's support CPUID bits.
This sentence is not implemented, we need drop it.
> Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Co-developed-by: Tony Lindgren <tony.lindgren@linux.intel.com>
> Signed-off-by: Tony Lindgren <tony.lindgren@linux.intel.com>
> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com>
> ---
> uAPI breakout v2:
> - Improve error path for tdx_vcpu_get_cpuid() (Xu)
> - Drop unused cpuid in struct kvm_tdx (Xu)
> - Rip out cpuid bit filtering
> - Fixup SEAMCALL call sites due to function parameter changes to SEAMCALL
> wrappers (Kai)
> - Add mmu.h for kvm_gfn_direct_bits() (Binbin)
> - Drop unused nr_premapped (Tao)
> - Fix formatting for tdx_vcpu_get_cpuid_leaf() (Tony)
> - Use helpers for phys_addr_bits (Paolo)
>
> uAPI breakout v1:
> - New patch
> ---
> arch/x86/include/uapi/asm/kvm.h | 1 +
> arch/x86/kvm/vmx/tdx.c | 167 ++++++++++++++++++++++++++++++++
> arch/x86/kvm/vmx/tdx_arch.h | 5 +
> arch/x86/kvm/vmx/tdx_errno.h | 1 +
> 4 files changed, 174 insertions(+)
>
> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> index 2cfec4b42b9d..36fa03376581 100644
> --- a/arch/x86/include/uapi/asm/kvm.h
> +++ b/arch/x86/include/uapi/asm/kvm.h
> @@ -931,6 +931,7 @@ enum kvm_tdx_cmd_id {
> KVM_TDX_CAPABILITIES = 0,
> KVM_TDX_INIT_VM,
> KVM_TDX_INIT_VCPU,
> + KVM_TDX_GET_CPUID,
>
> KVM_TDX_CMD_NR_MAX,
> };
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 9008db6cf3b4..1feb3307fd70 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -2,6 +2,7 @@
> #include <linux/cpu.h>
> #include <asm/tdx.h>
> #include "capabilities.h"
> +#include "mmu.h"
> #include "x86_ops.h"
> #include "tdx.h"
>
> @@ -857,6 +858,94 @@ static int __tdx_td_init(struct kvm *kvm, struct td_params *td_params,
> return ret;
> }
>
> +static u64 tdx_td_metadata_field_read(struct kvm_tdx *tdx, u64 field_id,
> + u64 *data)
> +{
> + u64 err;
> +
> + err = tdh_mng_rd(tdx->tdr_pa, field_id, data);
> +
> + return err;
> +}
> +
> +#define TDX_MD_UNREADABLE_LEAF_MASK GENMASK(30, 7)
> +#define TDX_MD_UNREADABLE_SUBLEAF_MASK GENMASK(31, 7)
> +
> +static int tdx_read_cpuid(struct kvm_vcpu *vcpu, u32 leaf, u32 sub_leaf,
> + bool sub_leaf_set, struct kvm_cpuid_entry2 *out)
> +{
> + struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm);
> + u64 field_id = TD_MD_FIELD_ID_CPUID_VALUES;
> + u64 ebx_eax, edx_ecx;
> + u64 err = 0;
> +
> + if (sub_leaf & TDX_MD_UNREADABLE_LEAF_MASK ||
> + sub_leaf_set & TDX_MD_UNREADABLE_SUBLEAF_MASK)
> + return -EINVAL;
> +
> + /*
> + * bit 23:17, REVSERVED: reserved, must be 0;
> + * bit 16, LEAF_31: leaf number bit 31;
> + * bit 15:9, LEAF_6_0: leaf number bits 6:0, leaf bits 30:7 are
> + * implicitly 0;
> + * bit 8, SUBLEAF_NA: sub-leaf not applicable flag;
> + * bit 7:1, SUBLEAF_6_0: sub-leaf number bits 6:0. If SUBLEAF_NA is 1,
> + * the SUBLEAF_6_0 is all-1.
> + * sub-leaf bits 31:7 are implicitly 0;
> + * bit 0, ELEMENT_I: Element index within field;
> + */
> + field_id |= ((leaf & 0x80000000) ? 1 : 0) << 16;
> + field_id |= (leaf & 0x7f) << 9;
> + if (sub_leaf_set)
> + field_id |= (sub_leaf & 0x7f) << 1;
> + else
> + field_id |= 0x1fe;
> +
> + err = tdx_td_metadata_field_read(kvm_tdx, field_id, &ebx_eax);
> + if (err) //TODO check for specific errors
> + goto err_out;
> +
> + out->eax = (u32) ebx_eax;
> + out->ebx = (u32) (ebx_eax >> 32);
> +
> + field_id++;
> + err = tdx_td_metadata_field_read(kvm_tdx, field_id, &edx_ecx);
> + /*
> + * It's weird that reading edx_ecx fails while reading ebx_eax
> + * succeeded.
> + */
> + if (WARN_ON_ONCE(err))
> + goto err_out;
> +
> + out->ecx = (u32) edx_ecx;
> + out->edx = (u32) (edx_ecx >> 32);
> +
> + out->function = leaf;
> + out->index = sub_leaf;
> + out->flags |= sub_leaf_set ? KVM_CPUID_FLAG_SIGNIFCANT_INDEX : 0;
> +
> + /*
> + * Work around missing support on old TDX modules, fetch
> + * guest maxpa from gfn_direct_bits.
> + */
> + if (leaf == 0x80000008) {
> + gpa_t gpa_bits = gfn_to_gpa(kvm_gfn_direct_bits(vcpu->kvm));
> + unsigned int g_maxpa = __ffs(gpa_bits) + 1;
> +
> + out->eax = tdx_set_guest_phys_addr_bits(out->eax, g_maxpa);
> + }
> +
> + return 0;
> +
> +err_out:
> + out->eax = 0;
> + out->ebx = 0;
> + out->ecx = 0;
> + out->edx = 0;
> +
> + return -EIO;
> +}
> +
> static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd)
> {
> struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
> @@ -1055,6 +1144,81 @@ static int tdx_td_vcpu_init(struct kvm_vcpu *vcpu, u64 vcpu_rcx)
> return ret;
> }
>
> +/* Sometimes reads multipple subleafs. Return how many enties were written. */
> +static int tdx_vcpu_get_cpuid_leaf(struct kvm_vcpu *vcpu, u32 leaf, int max_cnt,
> + struct kvm_cpuid_entry2 *output_e)
> +{
> + int i;
> +
> + if (!max_cnt)
> + return 0;
> +
> + /* First try without a subleaf */
> + if (!tdx_read_cpuid(vcpu, leaf, 0, false, output_e))
> + return 1;
> +
> + /*
> + * If the try without a subleaf failed, try reading subleafs until
> + * failure. The TDX module only supports 6 bits of subleaf index.
> + */
> + for (i = 0; i < 0b111111; i++) {
> + if (i > max_cnt)
> + goto out;
> +
> + /* Keep reading subleafs until there is a failure. */
> + if (tdx_read_cpuid(vcpu, leaf, i, true, output_e))
> + return i;
> +
> + output_e++;
> + }
> +
> +out:
> + return i;
> +}
> +
> +static int tdx_vcpu_get_cpuid(struct kvm_vcpu *vcpu, struct kvm_tdx_cmd *cmd)
> +{
> + struct kvm_cpuid2 __user *output, *td_cpuid;
> + struct kvm_cpuid_entry2 *output_e;
> + int r = 0, i = 0, leaf;
> +
> + output = u64_to_user_ptr(cmd->data);
> + td_cpuid = kzalloc(sizeof(*td_cpuid) +
> + sizeof(output->entries[0]) * KVM_MAX_CPUID_ENTRIES,
> + GFP_KERNEL);
> + if (!td_cpuid)
> + return -ENOMEM;
> +
> + for (leaf = 0; leaf <= 0x1f; leaf++) {
0x1f needs clarification here.
If it's going to use the maximum leaf KVM can support, it should be 0x24
to align with __do_cpuid_func().
alternatively, it can use the EAX value of leaf 0 returned by TDX
module. That is the value TDX module presents to the TD guest.
> + output_e = &td_cpuid->entries[i];
> + i += tdx_vcpu_get_cpuid_leaf(vcpu, leaf,
> + KVM_MAX_CPUID_ENTRIES - i - 1,
> + output_e);
> + }
> +
> + for (leaf = 0x80000000; leaf <= 0x80000008; leaf++) {
> + output_e = &td_cpuid->entries[i];
> + i += tdx_vcpu_get_cpuid_leaf(vcpu, leaf,
> + KVM_MAX_CPUID_ENTRIES - i - 1,
> + output_e);
Though what gets passed in for max_cnt is
KVM_MAX_CPUID_ENTRIES - i - 1
tdx_vcpu_get_cpuid_leaf() can return "max_cnt+1", i.e.,
KVM_MAX_CPUID_ENTRIES - i.
Then, it makes next round i to be KVM_MAX_CPUID_ENTRIES, and
output_e = &td_cpuid->entries[i];
will overflow the buffer and access illegal memory.
Similar issue inside tdx_vcpu_get_cpuid_leaf() as I replied in [*]
[*]
https://lore.kernel.org/all/7574968a-f0e2-49d5-b740-2454a0f70bb6@intel.com/
> + }
> +
> + td_cpuid->nent = i;
> +
> + if (copy_to_user(output, td_cpuid, sizeof(*output))) {
> + r = -EFAULT;
> + goto out;
> + }
> + if (copy_to_user(output->entries, td_cpuid->entries,
> + td_cpuid->nent * sizeof(struct kvm_cpuid_entry2)))
> + r = -EFAULT;
> +
> +out:
> + kfree(td_cpuid);
> +
> + return r;
> +}
> +
> static int tdx_vcpu_init(struct kvm_vcpu *vcpu, struct kvm_tdx_cmd *cmd)
> {
> struct msr_data apic_base_msr;
> @@ -1108,6 +1272,9 @@ int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp)
> case KVM_TDX_INIT_VCPU:
> ret = tdx_vcpu_init(vcpu, &cmd);
> break;
> + case KVM_TDX_GET_CPUID:
> + ret = tdx_vcpu_get_cpuid(vcpu, &cmd);
> + break;
> default:
> ret = -EINVAL;
> break;
> diff --git a/arch/x86/kvm/vmx/tdx_arch.h b/arch/x86/kvm/vmx/tdx_arch.h
> index 9d41699e66a2..d80ec118834e 100644
> --- a/arch/x86/kvm/vmx/tdx_arch.h
> +++ b/arch/x86/kvm/vmx/tdx_arch.h
> @@ -157,4 +157,9 @@ struct td_params {
>
> #define MD_FIELD_ID_FEATURES0_TOPOLOGY_ENUM BIT_ULL(20)
>
> +/*
> + * TD scope metadata field ID.
> + */
> +#define TD_MD_FIELD_ID_CPUID_VALUES 0x9410000300000000ULL
> +
> #endif /* __KVM_X86_TDX_ARCH_H */
> diff --git a/arch/x86/kvm/vmx/tdx_errno.h b/arch/x86/kvm/vmx/tdx_errno.h
> index dc3fa2a58c2c..f9dbb3a065cc 100644
> --- a/arch/x86/kvm/vmx/tdx_errno.h
> +++ b/arch/x86/kvm/vmx/tdx_errno.h
> @@ -23,6 +23,7 @@
> #define TDX_FLUSHVP_NOT_DONE 0x8000082400000000ULL
> #define TDX_EPT_WALK_FAILED 0xC0000B0000000000ULL
> #define TDX_EPT_ENTRY_STATE_INCORRECT 0xC0000B0D00000000ULL
> +#define TDX_METADATA_FIELD_NOT_READABLE 0xC0000C0200000000ULL
>
> /*
> * TDX module operand ID, appears in 31:0 part of error code as
next prev parent reply other threads:[~2025-01-10 4:47 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-30 19:00 [PATCH v2 00/25] TDX vCPU/VM creation Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 01/25] x86/virt/tdx: Share the global metadata structure for KVM to use Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 02/25] KVM: TDX: Get TDX global information Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 03/25] x86/virt/tdx: Read essential global metadata for KVM Rick Edgecombe
2024-12-06 8:37 ` Xiaoyao Li
2024-12-06 16:13 ` Huang, Kai
2024-12-06 16:18 ` Huang, Kai
2024-12-06 16:24 ` Dave Hansen
2024-12-07 0:00 ` Huang, Kai
2024-12-12 0:31 ` Edgecombe, Rick P
2024-12-21 1:17 ` Huang, Kai
2024-12-21 1:07 ` [PATCH v2.1 " Kai Huang
2024-10-30 19:00 ` [PATCH v2 04/25] x86/virt/tdx: Add tdx_guest_keyid_alloc/free() to alloc and free TDX guest KeyID Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 05/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX KeyID management Rick Edgecombe
2024-11-12 20:09 ` Dave Hansen
2024-11-14 0:01 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 06/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX TD creation Rick Edgecombe
2024-11-12 20:17 ` Dave Hansen
2024-11-12 21:21 ` Edgecombe, Rick P
2024-11-12 21:40 ` Dave Hansen
2024-10-30 19:00 ` [PATCH v2 07/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX vCPU creation Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 08/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX page cache management Rick Edgecombe
2024-10-31 3:57 ` Yan Zhao
2024-10-31 18:57 ` Edgecombe, Rick P
2024-10-31 23:33 ` Huang, Kai
2024-11-13 0:20 ` Dave Hansen
2024-11-13 20:51 ` Edgecombe, Rick P
2024-11-13 21:08 ` Dave Hansen
2024-11-13 21:25 ` Huang, Kai
2024-11-13 22:01 ` Edgecombe, Rick P
2024-11-13 21:44 ` Edgecombe, Rick P
2024-11-13 21:50 ` Dave Hansen
2024-11-13 22:00 ` Edgecombe, Rick P
2024-11-14 0:21 ` Huang, Kai
2024-11-14 0:32 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 09/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX VM/vCPU field access Rick Edgecombe
2025-01-05 9:45 ` Francesco Lavra
2025-01-06 18:59 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 10/25] x86/virt/tdx: Add SEAMCALL wrappers for TDX flush operations Rick Edgecombe
2024-11-13 1:11 ` Dave Hansen
2024-11-13 21:18 ` Edgecombe, Rick P
2024-11-13 21:41 ` Dave Hansen
2024-11-13 21:48 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 11/25] KVM: TDX: Add placeholders for TDX VM/vCPU structures Rick Edgecombe
2025-01-05 10:58 ` Francesco Lavra
2025-01-06 19:00 ` Edgecombe, Rick P
2025-01-22 7:52 ` Tony Lindgren
2024-10-30 19:00 ` [PATCH v2 12/25] KVM: TDX: Define TDX architectural definitions Rick Edgecombe
2024-10-30 22:38 ` Huang, Kai
2024-10-30 22:53 ` Huang, Kai
2024-10-30 19:00 ` [PATCH v2 13/25] KVM: TDX: Add TDX "architectural" error codes Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 14/25] KVM: TDX: Add helper functions to print TDX SEAMCALL error Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 15/25] KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 16/25] KVM: TDX: Get system-wide info about TDX module on initialization Rick Edgecombe
2024-10-31 9:09 ` Binbin Wu
2024-10-31 9:18 ` Tony Lindgren
2024-10-31 9:22 ` Binbin Wu
2024-10-31 9:23 ` Xiaoyao Li
2024-10-31 9:37 ` Tony Lindgren
2024-10-31 14:27 ` Xiaoyao Li
2024-11-01 8:19 ` Tony Lindgren
2024-12-06 8:45 ` Xiaoyao Li
2024-12-10 9:35 ` Tony Lindgren
2025-01-08 2:34 ` Chao Gao
2025-01-08 5:41 ` Huang, Kai
2024-10-30 19:00 ` [PATCH v2 17/25] KVM: TDX: create/destroy VM structure Rick Edgecombe
2024-11-04 2:03 ` Chao Gao
2024-11-04 5:59 ` Tony Lindgren
2024-10-30 19:00 ` [PATCH v2 18/25] KVM: TDX: Support per-VM KVM_CAP_MAX_VCPUS extension check Rick Edgecombe
2025-01-05 22:12 ` Huang, Kai
2025-01-06 19:09 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 19/25] KVM: TDX: initialize VM with TDX specific parameters Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 20/25] KVM: TDX: Make pmu_intel.c ignore guest TD case Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 21/25] KVM: TDX: Don't offline the last cpu of one package when there's TDX guest Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 22/25] KVM: TDX: create/free TDX vcpu structure Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 23/25] KVM: TDX: Do TDX specific vcpu initialization Rick Edgecombe
2024-10-30 19:00 ` [PATCH v2 24/25] KVM: x86: Introduce KVM_TDX_GET_CPUID Rick Edgecombe
2024-11-01 6:39 ` Binbin Wu
2024-11-01 16:03 ` Edgecombe, Rick P
2025-01-09 11:07 ` Francesco Lavra
2025-01-10 4:29 ` Xiaoyao Li
2025-01-10 10:34 ` Francesco Lavra
2025-01-10 4:47 ` Xiaoyao Li [this message]
2025-01-21 20:24 ` Edgecombe, Rick P
2025-01-22 7:43 ` Xiaoyao Li
2025-01-23 19:44 ` Edgecombe, Rick P
2025-01-21 23:19 ` Edgecombe, Rick P
2024-10-30 19:00 ` [PATCH v2 25/25] KVM: x86/mmu: Taking guest pa into consideration when calculate tdp level Rick Edgecombe
2024-10-31 19:21 ` [PATCH v2 00/25] TDX vCPU/VM creation Adrian Hunter
2024-11-11 9:49 ` Tony Lindgren
2024-11-12 7:26 ` Adrian Hunter
2024-11-12 9:57 ` Tony Lindgren
2024-11-12 21:26 ` Edgecombe, Rick P
2024-12-10 18:22 ` Paolo Bonzini
2024-12-23 16:25 ` Paolo Bonzini
2025-01-04 1:43 ` Edgecombe, Rick P
2025-01-05 21:32 ` Huang, Kai
2025-01-07 7:37 ` Tony Lindgren
2025-01-07 12:41 ` Nikolay Borisov
2025-01-08 5:28 ` Tony Lindgren
2025-01-08 15:01 ` Sean Christopherson
2025-01-09 7:04 ` Tony Lindgren
2025-01-22 8:27 ` Tony Lindgren
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9e7d3f5c-156b-4257-965d-aae03beb5faa@intel.com \
--to=xiaoyao.li@intel.com \
--cc=isaku.yamahata@gmail.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@linux.intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox