From nobody Tue Dec 23 23:47:59 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22E5A14E2D8 for ; Tue, 30 Jan 2024 18:04:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706637848; cv=none; b=VXwz70/PhPUhAr6acoszOuZlZOxyJ8EC4DLflwaMz5LuJswSNTgmuQbJEtaJd3XJMrLVOhCUPWYseYrrbiPKh/Q8gWBVcv962U+AitiXtHKp90QOJjLqIkaJ4OoW9NnBhZ0yCN+oefDrIFCcaNtw5okzGSRNPShsa6IwAqpq8is= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1706637848; c=relaxed/simple; bh=MPXbEiZO8FTRRwkFuEYTYXcJ9fVUM/SOUAkr7KGxyO0=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type; b=pdDTru/C2Fqe3GezSOdig2SNoEKPT2VMqkbGb2KDHPn+7p3fCv8TiZ4VZKi1RM0JM2jJkbUHgJkGYlPwwRs5mPAM8GFVVocmCsDCLv5hRf3cQtn6jVCpmzecSkStGaxV2nVpzlek3ED/45EZV5tYXcTQkKHnaq56K6YHCjpRt60= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=LEJbTDED; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="LEJbTDED" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1706637846; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=TazwPLpkgmn3mXSh/xoC2PCLCpZNJsn6snVolHEdHAs=; b=LEJbTDEDsFEO5/3GhbaYAH1YaBDu/mzuY3xKo5sThSVuITvzjYihFXRlcS4XknkuE40xa8 M9erzqFjr0Tjy21hp2kQ8BJKB94TBFCI6TO0LXfscTbm6jBoLEmOpSGCdGJgubgQuxYkLu 7rfDToIT85yPhomvvV1X5Q1v0xXHJL4= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-349-cMAfbXt2OwKLGuMYaV-uqA-1; Tue, 30 Jan 2024 13:04:04 -0500 X-MC-Unique: cMAfbXt2OwKLGuMYaV-uqA-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-33afe8112d0so182304f8f.1 for ; Tue, 30 Jan 2024 10:04:04 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706637842; x=1707242642; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=TazwPLpkgmn3mXSh/xoC2PCLCpZNJsn6snVolHEdHAs=; b=ZOhOO3htWWLG41BeHdJvVKBGgX8jmlPgm0k5OwQ+ZOGLKDgV+CsWUa/vtycEurUIMM iAtW8EeiaHya5yRcOz8Sl5dAPDT/1eoaP3NIo1nzODUW6hraJ3yVxnPX5e3WNMkHnh2u vjp17JnaoproFYlgN3j+ZO1Gr3ZPfZ3mUHOWHJQDdBm4c4HyJvK9lW0sTffGSnNw9QI8 1h2m9hn7pXCE4WAThQgOiOVU0o3gTnV2nxQwJ5rA7Aca2nbcVg5DqHpVGNY82J0qtz7/ PT+eg1A7wQHXUYP1kPfMsrL0YM7A9nJ+l7nt4r4MuNnOJeumw08cffgMAShEcCiyI99c DHJA== X-Gm-Message-State: AOJu0YzTjE0m/matacPOTRstcyt7y1a4siO3j2Z0tr6PIwffBxOL8sqF n4SI996btiEtnvtKPtPO3hatPZbbork6/Oyd+W0pfGB+NBi5PaUMgvKGE5vN3ZWopIJJbGMKcx5 m2WtEWDzdlSTlX95OgwcZimUFwfl7m+Ty7XB5gG/eSW9h+2KK/XoqSV8SLQDMofd30luwan7pTY FzmR//FHk4DKAnQW2Or+X/1VVAgMxItZ2vxyyHRdZr+ODx7A== X-Received: by 2002:a05:6000:1acd:b0:33a:ef2c:7a4c with SMTP id i13-20020a0560001acd00b0033aef2c7a4cmr5678462wry.56.1706637842520; Tue, 30 Jan 2024 10:04:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IFU7/6Rvi9ldAJZO1ucasqfsyxIhxfkV0KJX5nRNIs26IAwrIfRSkZfgCNXiIiSJprvWzbV/A== X-Received: by 2002:a05:6000:1acd:b0:33a:ef2c:7a4c with SMTP id i13-20020a0560001acd00b0033aef2c7a4cmr5678431wry.56.1706637842100; Tue, 30 Jan 2024 10:04:02 -0800 (PST) Received: from [192.168.10.118] ([2001:b07:6468:f312:63a7:c72e:ea0e:6045]) by smtp.gmail.com with ESMTPSA id b16-20020a5d6350000000b0033aeb0afa8fsm6862636wrw.39.2024.01.30.10.04.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 30 Jan 2024 10:04:01 -0800 (PST) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: Zixi Chen , "Kirill A . Shutemov" , Xiaoyao Li , Kai Huang , Dave Hansen , Thomas Gleixner , Ingo Molnar , x86@kernel.org, stable@vger.kernel.org Subject: [PATCH] x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers Date: Tue, 30 Jan 2024 19:04:00 +0100 Message-ID: <20240130180400.1698136-1-pbonzini@redhat.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" MKTME repurposes the high bit of physical address to key id for encryption key and, even though MAXPHYADDR in CPUID[0x80000008] remains the same, the valid bits in the MTRR mask register are based on the reduced number of physical address bits. detect_tme() in arch/x86/kernel/cpu/intel.c detects TME and subtracts it from the total usable physical bits, but it is called too late. Move the call to early_init_intel() so that it is called in setup_arch(), before MTRRs are setup. This fixes boot on some TDX-enabled systems which until now only worked with "disable_mtrr_cleanup". Without the patch, the values written to the MTRRs mask registers were 52-bit wide (e.g. 0x000fffff_80000800) and the writes failed; with the patch, the values are 46-bit wide, which matches the reduced MAXPHYADDR that is shown in /proc/cpuinfo. Fixes: cb06d8e3d020 ("x86/tme: Detect if TME and MKTME is activated by BIOS= ", 2018-03-12) Reported-by: Zixi Chen Cc: Kirill A. Shutemov Cc: Xiaoyao Li Cc: Kai Huang Cc: Dave Hansen Cc: Thomas Gleixner Cc: Ingo Molnar Cc: x86@kernel.org Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini --- arch/x86/kernel/cpu/intel.c | 178 ++++++++++++++++++------------------ 1 file changed, 91 insertions(+), 87 deletions(-) diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c index 579e34bdf7cd..70ee316a97a9 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -181,6 +181,90 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *= c) return false; } =20 +#define MSR_IA32_TME_ACTIVATE 0x982 + +/* Helpers to access TME_ACTIVATE MSR */ +#define TME_ACTIVATE_LOCKED(x) (x & 0x1) +#define TME_ACTIVATE_ENABLED(x) (x & 0x2) + +#define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ +#define TME_ACTIVATE_POLICY_AES_XTS_128 0 + +#define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ + +#define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ +#define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 + +/* Values for mktme_status (SW only construct) */ +#define MKTME_ENABLED 0 +#define MKTME_DISABLED 1 +#define MKTME_UNINITIALIZED 2 +static int mktme_status =3D MKTME_UNINITIALIZED; + +static void detect_tme_early(struct cpuinfo_x86 *c) +{ + u64 tme_activate, tme_policy, tme_crypto_algs; + int keyid_bits =3D 0, nr_keyids =3D 0; + static u64 tme_activate_cpu0 =3D 0; + + rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); + + if (mktme_status !=3D MKTME_UNINITIALIZED) { + if (tme_activate !=3D tme_activate_cpu0) { + /* Broken BIOS? */ + pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); + pr_err_once("x86/tme: MKTME is not usable\n"); + mktme_status =3D MKTME_DISABLED; + + /* Proceed. We may need to exclude bits from x86_phys_bits. */ + } + } else { + tme_activate_cpu0 =3D tme_activate; + } + + if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activ= ate)) { + pr_info_once("x86/tme: not enabled by BIOS\n"); + mktme_status =3D MKTME_DISABLED; + return; + } + + if (mktme_status !=3D MKTME_UNINITIALIZED) + goto detect_keyid_bits; + + pr_info("x86/tme: enabled by BIOS\n"); + + tme_policy =3D TME_ACTIVATE_POLICY(tme_activate); + if (tme_policy !=3D TME_ACTIVATE_POLICY_AES_XTS_128) + pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); + + tme_crypto_algs =3D TME_ACTIVATE_CRYPTO_ALGS(tme_activate); + if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { + pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", + tme_crypto_algs); + mktme_status =3D MKTME_DISABLED; + } +detect_keyid_bits: + keyid_bits =3D TME_ACTIVATE_KEYID_BITS(tme_activate); + nr_keyids =3D (1UL << keyid_bits) - 1; + if (nr_keyids) { + pr_info_once("x86/mktme: enabled by BIOS\n"); + pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); + } else { + pr_info_once("x86/mktme: disabled by BIOS\n"); + } + + if (mktme_status =3D=3D MKTME_UNINITIALIZED) { + /* MKTME is usable */ + mktme_status =3D MKTME_ENABLED; + } + + /* + * KeyID bits effectively lower the number of physical address + * bits. Update cpuinfo_x86::x86_phys_bits accordingly. + */ + c->x86_phys_bits -=3D keyid_bits; +} + static void early_init_intel(struct cpuinfo_x86 *c) { u64 misc_enable; @@ -332,6 +416,13 @@ static void early_init_intel(struct cpuinfo_x86 *c) */ if (detect_extended_topology_early(c) < 0) detect_ht_early(c); + + /* + * Adjust the number of physical bits early because it affects the + * valid bits of the MTRR mask registers. + */ + if (cpu_has(c, X86_FEATURE_TME)) + detect_tme_early(c); } =20 static void bsp_init_intel(struct cpuinfo_x86 *c) @@ -492,90 +583,6 @@ static void srat_detect_node(struct cpuinfo_x86 *c) #endif } =20 -#define MSR_IA32_TME_ACTIVATE 0x982 - -/* Helpers to access TME_ACTIVATE MSR */ -#define TME_ACTIVATE_LOCKED(x) (x & 0x1) -#define TME_ACTIVATE_ENABLED(x) (x & 0x2) - -#define TME_ACTIVATE_POLICY(x) ((x >> 4) & 0xf) /* Bits 7:4 */ -#define TME_ACTIVATE_POLICY_AES_XTS_128 0 - -#define TME_ACTIVATE_KEYID_BITS(x) ((x >> 32) & 0xf) /* Bits 35:32 */ - -#define TME_ACTIVATE_CRYPTO_ALGS(x) ((x >> 48) & 0xffff) /* Bits 63:48 */ -#define TME_ACTIVATE_CRYPTO_AES_XTS_128 1 - -/* Values for mktme_status (SW only construct) */ -#define MKTME_ENABLED 0 -#define MKTME_DISABLED 1 -#define MKTME_UNINITIALIZED 2 -static int mktme_status =3D MKTME_UNINITIALIZED; - -static void detect_tme(struct cpuinfo_x86 *c) -{ - u64 tme_activate, tme_policy, tme_crypto_algs; - int keyid_bits =3D 0, nr_keyids =3D 0; - static u64 tme_activate_cpu0 =3D 0; - - rdmsrl(MSR_IA32_TME_ACTIVATE, tme_activate); - - if (mktme_status !=3D MKTME_UNINITIALIZED) { - if (tme_activate !=3D tme_activate_cpu0) { - /* Broken BIOS? */ - pr_err_once("x86/tme: configuration is inconsistent between CPUs\n"); - pr_err_once("x86/tme: MKTME is not usable\n"); - mktme_status =3D MKTME_DISABLED; - - /* Proceed. We may need to exclude bits from x86_phys_bits. */ - } - } else { - tme_activate_cpu0 =3D tme_activate; - } - - if (!TME_ACTIVATE_LOCKED(tme_activate) || !TME_ACTIVATE_ENABLED(tme_activ= ate)) { - pr_info_once("x86/tme: not enabled by BIOS\n"); - mktme_status =3D MKTME_DISABLED; - return; - } - - if (mktme_status !=3D MKTME_UNINITIALIZED) - goto detect_keyid_bits; - - pr_info("x86/tme: enabled by BIOS\n"); - - tme_policy =3D TME_ACTIVATE_POLICY(tme_activate); - if (tme_policy !=3D TME_ACTIVATE_POLICY_AES_XTS_128) - pr_warn("x86/tme: Unknown policy is active: %#llx\n", tme_policy); - - tme_crypto_algs =3D TME_ACTIVATE_CRYPTO_ALGS(tme_activate); - if (!(tme_crypto_algs & TME_ACTIVATE_CRYPTO_AES_XTS_128)) { - pr_err("x86/mktme: No known encryption algorithm is supported: %#llx\n", - tme_crypto_algs); - mktme_status =3D MKTME_DISABLED; - } -detect_keyid_bits: - keyid_bits =3D TME_ACTIVATE_KEYID_BITS(tme_activate); - nr_keyids =3D (1UL << keyid_bits) - 1; - if (nr_keyids) { - pr_info_once("x86/mktme: enabled by BIOS\n"); - pr_info_once("x86/mktme: %d KeyIDs available\n", nr_keyids); - } else { - pr_info_once("x86/mktme: disabled by BIOS\n"); - } - - if (mktme_status =3D=3D MKTME_UNINITIALIZED) { - /* MKTME is usable */ - mktme_status =3D MKTME_ENABLED; - } - - /* - * KeyID bits effectively lower the number of physical address - * bits. Update cpuinfo_x86::x86_phys_bits accordingly. - */ - c->x86_phys_bits -=3D keyid_bits; -} - static void init_cpuid_fault(struct cpuinfo_x86 *c) { u64 msr; @@ -712,9 +719,6 @@ static void init_intel(struct cpuinfo_x86 *c) =20 init_ia32_feat_ctl(c); =20 - if (cpu_has(c, X86_FEATURE_TME)) - detect_tme(c); - init_intel_misc_features(c); =20 split_lock_init(); --=20 2.43.0