From nobody Sun Feb 8 11:36:38 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3199D21A04; Sun, 12 May 2024 12:22:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516525; cv=none; b=gZvIN2SEcXuILOmpDxQu1ZS/7KttVM7T6IiKGomKcVXRMujb/bjyWovC90x3TQn7NAG+DBEhrmLRzcYMaGL3zTMmKy6VKYu/UIys0FKrrFvhkg3bH3eqqRZMMxiQpTh/nmzT6jipMtsvLFTadWVAFBEMJqelo8ob/aHjum6oC1A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516525; c=relaxed/simple; bh=6OozzRL9Ac8RminZLGX0NityVv8OgHFWYl7lEm738KY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Gb+0iPN1RiKi/oWFsn5GmY6PeuSoqz67Vy85IN4PTOLdgInPROBIAw71ekZOOAG878FCAgjO68HTwvSDIb9pvkixmxamIW0jAGYWJfcZfg4vmbI8j2REn6zGnksU1VSi/qt0rWRqxOPpmPM2bsSg1TsOvIjilBjtN9Q22/lRtsM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=hEtBX9de; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="hEtBX9de" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1715516524; x=1747052524; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6OozzRL9Ac8RminZLGX0NityVv8OgHFWYl7lEm738KY=; b=hEtBX9deyCS8tnoY7JroSTP/gtlXnvR7OtilMceIEx/RapE+0aMnOsez 8mbX9PCIwGfcVyIHW0Kpb4RgGKH9e1M8KV2SVZ5m1azloAe6vla0Q8VD3 sw3JERv4NVuw2XmpikzxqAk/MS+Jh6kPPcYhhL2Xj3Qz7qdQLE6PCLcHw 4EjiEPETeK+P5Ed019YHMO40lybW5IavjWZye6jwHvJg7nYCcXBtBJodY u2n0ptAQHs+j4ZcFrGuPYdWtOmhutFxu5/GZ+wHk416wrsdDpsSRiZeqE EqT9LQ+0DlgNTQ/RK2hb5L82RXcAYex+STkF2LNHwDq3mNVYHeZS5BoPe g==; X-CSE-ConnectionGUID: DGPOg0aRThiOTX7Cv+jPWg== X-CSE-MsgGUID: v7U69mV4RLKjmZ1pglxIEQ== X-IronPort-AV: E=McAfee;i="6600,9927,11071"; a="11594206" X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="11594206" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2024 05:22:02 -0700 X-CSE-ConnectionGUID: 3tizv2yDTRO6W5TGaqJsUQ== X-CSE-MsgGUID: 5e9xAJobSmCweaAA/TZMbw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="61258786" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa001.fm.intel.com with ESMTP; 12 May 2024 05:21:59 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 163BFA5; Sun, 12 May 2024 15:21:58 +0300 (EEST) From: "Kirill A. Shutemov" To: "Kirill A. Shutemov" , Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, Kai Huang , Kuppuswamy Sathyanarayanan , stable@vger.kernel.org Subject: [PATCHv4 1/4] x86/tdx: Factor out TD metadata write TDCALL Date: Sun, 12 May 2024 15:21:51 +0300 Message-ID: <20240512122154.2655269-2-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> References: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The TDG_VM_WR TDCALL is used to ask the TDX module to change some TD-specific VM configuration. There is currently only one user in the kernel of this TDCALL leaf. More will be added shortly. Refactor to make way for more users of TDG_VM_WR who will need to modify other TD configuration values. Signed-off-by: Kirill A. Shutemov Reviewed-by: Kai Huang Reviewed-by: Kuppuswamy Sathyanarayanan Cc: stable@vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index b556cbcc847e..4bb786dcd6b4 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -77,6 +77,18 @@ static inline void tdcall(u64 fn, struct tdx_module_args= *args) panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } =20 +/* Write TD-scoped metadata */ +static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask) +{ + struct tdx_module_args args =3D { + .rdx =3D field, + .r8 =3D value, + .r9 =3D mask, + }; + + return __tdcall(TDG_VM_WR, &args); +} + /** * tdx_mcall_get_report0() - Wrapper to get TDREPORT0 (a.k.a. TDREPORT * subtype 0) using TDG.MR.REPORT TDCALL. @@ -901,10 +913,6 @@ static void tdx_kexec_finish(void) =20 void __init tdx_early_init(void) { - struct tdx_module_args args =3D { - .rdx =3D TDCS_NOTIFY_ENABLES, - .r9 =3D -1ULL, - }; u64 cc_mask; u32 eax, sig[3]; =20 @@ -923,7 +931,7 @@ void __init tdx_early_init(void) cc_set_mask(cc_mask); =20 /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ - tdcall(TDG_VM_WR, &args); + tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); =20 /* * All bits above GPA width are reserved and kernel treats shared bit --=20 2.43.0 From nobody Sun Feb 8 11:36:38 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 86499210E4; Sun, 12 May 2024 12:22:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.21 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516526; cv=none; b=NGrl8Dep/zrxDyc3iKW8LxrQ4cGMuY+t64qTZZ5MuH111jW1OTWWRrS5A9UBXnSJupdT4vn8mzEoX25rOWbpqy2/aiJlAYof+wCLWnNZrHIjoV1zWlFbZ/2laGdwDyvElNB4AcGnMz+CQk/p1mhF8SVcU9qBBnDai2MI6oKdbv8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516526; c=relaxed/simple; bh=Nn9Mpy/OuO4rHK6mkJg69gx7p20tgwscyOZVuw2SQfc=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SL6Fzssu11wrJKMGX/odDLqqxo5JwZdaa6ri6bfe0h0TuyBNUiO0LuGhCleS4yfYGx7slEcjX2DbVDlNv5nROLn/ch12dG85b/J/TGgCqR+58DfSrnGl1ASX0CV5p6Kqbep5HXVadW/Q0M8ZgmdzsiNMtZovGgdmvet3ZrhjGJo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=HdGnqjgY; arc=none smtp.client-ip=198.175.65.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="HdGnqjgY" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1715516523; x=1747052523; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Nn9Mpy/OuO4rHK6mkJg69gx7p20tgwscyOZVuw2SQfc=; b=HdGnqjgYl6uWXQlintcrXmr0Agjz1tJtqauiCLzKbsjU5dnbr9sVo8ae 2G7fsHcQquzIkG1kGbhtzvnpDAu5u+ldv525hHZxNf9fWi1W72x5jCMYO FerGjaNiUlTqCF7U5AXVkSt0y4xhlns/ivGodOQHhu8uTiXfMF9xX0TKK dUCPk0+UidjbaQxU/9VQLcRDjjl4z3dGH6AnqsBfg0iUBXxIwpiJbOtMS JydjRhTVZiP/5CJyUHlJsjgKfrgMgs6MUYls9T6MIlVoYTGyynVsM4fsg MNAOaO3A/5mTz8cte50MDcwylFWnkavNzzPUCNdVCol1Q7G3GgIvoydxc Q==; X-CSE-ConnectionGUID: WQE200EDSjOcNIykHAi9pg== X-CSE-MsgGUID: gfm2v0UQQiy/IpL/uXIvzQ== X-IronPort-AV: E=McAfee;i="6600,9927,11071"; a="11397028" X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="11397028" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2024 05:22:02 -0700 X-CSE-ConnectionGUID: s/CbvQF4Qu6sSHsOYxqWGQ== X-CSE-MsgGUID: 3pzUhakeTQe3qFGM5neuFw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="67579704" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa001.jf.intel.com with ESMTP; 12 May 2024 05:21:59 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 24AF92E6; Sun, 12 May 2024 15:21:58 +0300 (EEST) From: "Kirill A. Shutemov" To: "Kirill A. Shutemov" , Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, Kuppuswamy Sathyanarayanan , Kai Huang , stable@vger.kernel.org Subject: [PATCHv4 2/4] x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() Date: Sun, 12 May 2024 15:21:52 +0300 Message-ID: <20240512122154.2655269-3-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> References: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Rename tdx_parse_tdinfo() to tdx_setup() and move setting NOTIFY_ENABLES there. The function will be extended to adjust TD configuration. Signed-off-by: Kirill A. Shutemov Reviewed-by: Kuppuswamy Sathyanarayanan Reviewed-by: Kai Huang Cc: stable@vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 4bb786dcd6b4..1ff571cb9177 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -179,7 +179,7 @@ static void __noreturn tdx_panic(const char *msg) __tdx_hypercall(&args); } =20 -static void tdx_parse_tdinfo(u64 *cc_mask) +static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args =3D {}; unsigned int gpa_width; @@ -204,6 +204,9 @@ static void tdx_parse_tdinfo(u64 *cc_mask) gpa_width =3D args.rcx & GENMASK(5, 0); *cc_mask =3D BIT_ULL(gpa_width - 1); =20 + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ + tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); + /* * The kernel can not handle #VE's when accessing normal kernel * memory. Ensure that no #VE will be delivered for accesses to @@ -927,11 +930,11 @@ void __init tdx_early_init(void) setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); =20 cc_vendor =3D CC_VENDOR_INTEL; - tdx_parse_tdinfo(&cc_mask); - cc_set_mask(cc_mask); =20 - /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ - tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); + /* Configure the TD */ + tdx_setup(&cc_mask); + + cc_set_mask(cc_mask); =20 /* * All bits above GPA width are reserved and kernel treats shared bit --=20 2.43.0 From nobody Sun Feb 8 11:36:38 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EC55320DD2; Sun, 12 May 2024 12:22:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.17 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516525; cv=none; b=J/AxazDtz2E0GVYDGPaPG+Td3+3AUVx5l7G/tuvdQGlfwvyy5rVWEepieVPNQUuU6LbbApcylwwY1tG04nIuWEtF1Pgrf/S7k2Z+2UE1zBsJTZLMZiGAU6uFY8g0piZ7GEtY6F5ijaH12RPAQ3EbkSIDHr2pJ5ex53YQlsyrBVg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516525; c=relaxed/simple; bh=vXjpiAWnFIFzITKji76szzy+4Es+7EaqG8Svln0Ps1k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=T61c/iwmdxKSioTQjiob+9E2oPX77EtcsqvL3ibfDdfIyt+cP5fHBumq+rCyjHb62iqlLQ7OZci2LEoZ5IFGCKe01zdc6QOiBROpePMHWpgAYeVYo2lbEuv+clyR/AGPwoUtGzBOM4KuuF1Y1wurh4sPAAmQ6M0cp+6icMjTduc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=YoTqa+xh; arc=none smtp.client-ip=198.175.65.17 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="YoTqa+xh" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1715516524; x=1747052524; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=vXjpiAWnFIFzITKji76szzy+4Es+7EaqG8Svln0Ps1k=; b=YoTqa+xhtTWGjVVm4KtJPhDx5qRjQhTj++Cg9ghiABSbVgMq4yb4+OBK fDwCna8Cb5/GbYtoMPZAeqyQ68FNLQwkI4U4/aM35vV+uIZXNH3MIoqrh jEpoWZvYnf7cGgTssz87CrTFAQ/G9hk8cVElBnLczCco7uKKt0l2ek4RT aVKxqQ0uBkQkf5M7326FXzN2TxOrGjDUAUUq7kj4YqRSO/ubvaUyFl3mG a3UoGK5gkcjcVkIiQQs4Ge0nuaMogxZkClVafUV5MMGjKRbCt+oAWl82n HnLKwryNTDRNvKnmZdBin/6fvQDeH7ybsqhqvVykdx7qpqbX+bWRVBGDp g==; X-CSE-ConnectionGUID: iUxcaWb0TZayf5FwPMnOAQ== X-CSE-MsgGUID: Iyy5n9uXS/Gizgz0Lc6OMg== X-IronPort-AV: E=McAfee;i="6600,9927,11071"; a="11594200" X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="11594200" Received: from fmviesa001.fm.intel.com ([10.60.135.141]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2024 05:22:01 -0700 X-CSE-ConnectionGUID: HHCqyTMnSlat9q9u2aGp0Q== X-CSE-MsgGUID: jY3JzaDUSZK8fyVyHiksJA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="61258777" Received: from black.fi.intel.com ([10.237.72.28]) by fmviesa001.fm.intel.com with ESMTP; 12 May 2024 05:21:59 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 3468F354; Sun, 12 May 2024 15:21:58 +0300 (EEST) From: "Kirill A. Shutemov" To: "Kirill A. Shutemov" , Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, stable@vger.kernel.org Subject: [PATCHv4 3/4] x86/tdx: Dynamically disable SEPT violations from causing #VEs Date: Sun, 12 May 2024 15:21:53 +0300 Message-ID: <20240512122154.2655269-4-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> References: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Memory access #VE's are hard for Linux to handle in contexts like the entry code or NMIs. But other OSes need them for functionality. There's a static (pre-guest-boot) way for a VMM to choose one or the other. But VMMs don't always know which OS they are booting, so they choose to deliver those #VE's so the "other" OSes will work. That, unfortunately has left us in the lurch and exposed to these hard-to-handle #VEs. The TDX module has introduced a new feature. Even if the static configuration is "send nasty #VE's", the kernel can dynamically request that they be disabled. Check if the feature is available and disable SEPT #VE if possible. If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE attribute is no longer reliable. It reflects the initial state of the control for the TD, but it will not be updated if someone (e.g. bootloader) changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit to determine if SEPT #VEs are enabled or disabled. Signed-off-by: Kirill A. Shutemov Fixes: 373e715e31bf ("x86/tdx: Panic on bad configs that #VE on "private" m= emory access") Cc: stable@vger.kernel.org Reviewed-by: Nikolay Borisov though one nit below. --- arch/x86/coco/tdx/tdx.c | 88 +++++++++++++++++++++++++------ arch/x86/include/asm/shared/tdx.h | 11 +++- 2 files changed, 83 insertions(+), 16 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 1ff571cb9177..ba37f4306f4e 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -77,6 +77,20 @@ static inline void tdcall(u64 fn, struct tdx_module_args= *args) panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } =20 +/* Read TD-scoped metadata */ +static inline u64 tdg_vm_rd(u64 field, u64 *value) +{ + struct tdx_module_args args =3D { + .rdx =3D field, + }; + u64 ret; + + ret =3D __tdcall_ret(TDG_VM_RD, &args); + *value =3D args.r8; + + return ret; +} + /* Write TD-scoped metadata */ static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask) { @@ -179,6 +193,62 @@ static void __noreturn tdx_panic(const char *msg) __tdx_hypercall(&args); } =20 +/* + * The kernel cannot handle #VEs when accessing normal kernel memory. Ensu= re + * that no #VE will be delivered for accesses to TD-private memory. + * + * TDX 1.0 does not allow the guest to disable SEPT #VE on its own. The VMM + * controls if the guest will receive such #VE with TD attribute + * ATTR_SEPT_VE_DISABLE. + * + * Newer TDX module allows the guest to control if it wants to receive SEPT + * violation #VEs. + * + * Check if the feature is available and disable SEPT #VE if possible. + * + * If the TD allowed to disable/enable SEPT #VEs, the ATTR_SEPT_VE_DISABLE + * attribute is no longer reliable. It reflects the initial state of the + * control for the TD, but it will not be updated if someone (e.g. bootloa= der) + * changes it before the kernel starts. Kernel must check TDCS_TD_CTLS bit= to + * determine if SEPT #VEs are enabled or disabled. + */ +static void disable_sept_ve(u64 td_attr) +{ + const char *msg =3D "TD misconfiguration: SEPT #VE has to be disabled"; + bool debug =3D td_attr & ATTR_DEBUG; + u64 config, controls; + + /* Is this TD allowed to disable SEPT #VE */ + tdg_vm_rd(TDCS_CONFIG_FLAGS, &config); + if (!(config & TDCS_CONFIG_FLEXIBLE_PENDING_VE)) { + /* No SEPT #VE controls for the guest: check the attribute */ + if (td_attr & ATTR_SEPT_VE_DISABLE) + return; + + /* Relax SEPT_VE_DISABLE check for debug TD for backtraces */ + if (debug) + pr_warn("%s\n", msg); + else + tdx_panic(msg); + return; + } + + /* Check if SEPT #VE has been disabled before us */ + tdg_vm_rd(TDCS_TD_CTLS, &controls); + if (controls & TD_CTLS_PENDING_VE_DISABLE) + return; + + /* Keep #VEs enabled for splats in debugging environments */ + if (debug) + return; + + /* Disable SEPT #VEs */ + tdg_vm_wr(TDCS_TD_CTLS, TD_CTLS_PENDING_VE_DISABLE, + TD_CTLS_PENDING_VE_DISABLE); + + return; +} + static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args =3D {}; @@ -204,24 +274,12 @@ static void tdx_setup(u64 *cc_mask) gpa_width =3D args.rcx & GENMASK(5, 0); *cc_mask =3D BIT_ULL(gpa_width - 1); =20 + td_attr =3D args.rdx; + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); =20 - /* - * The kernel can not handle #VE's when accessing normal kernel - * memory. Ensure that no #VE will be delivered for accesses to - * TD-private memory. Only VMM-shared memory (MMIO) will #VE. - */ - td_attr =3D args.rdx; - if (!(td_attr & ATTR_SEPT_VE_DISABLE)) { - const char *msg =3D "TD misconfiguration: SEPT_VE_DISABLE attribute must= be set."; - - /* Relax SEPT_VE_DISABLE check for debug TD. */ - if (td_attr & ATTR_DEBUG) - pr_warn("%s\n", msg); - else - tdx_panic(msg); - } + disable_sept_ve(td_attr); } =20 /* diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/share= d/tdx.h index fdfd41511b02..fecb2a6e864b 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -16,11 +16,20 @@ #define TDG_VP_VEINFO_GET 3 #define TDG_MR_REPORT 4 #define TDG_MEM_PAGE_ACCEPT 6 +#define TDG_VM_RD 7 #define TDG_VM_WR 8 =20 -/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */ +/* TDX TD-Scope Metadata. To be used by TDG.VM.WR and TDG.VM.RD */ +#define TDCS_CONFIG_FLAGS 0x1110000300000016 +#define TDCS_TD_CTLS 0x1110000300000017 #define TDCS_NOTIFY_ENABLES 0x9100000000000010 =20 +/* TDCS_CONFIG_FLAGS bits */ +#define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1) + +/* TDCS_TD_CTLS bits */ +#define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0) + /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 #define TDVMCALL_GET_QUOTE 0x10002 --=20 2.43.0 From nobody Sun Feb 8 11:36:38 2026 Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1E36820B0F for ; Sun, 12 May 2024 12:22:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.21 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516523; cv=none; b=anZ7QP+OrhyDn8cIYzLt2rqd/iF4xE/rMmzwt5pvsED/CA6EKoVFcsLLZjJeLiZK+YkwjUkbAYUJnxOSxiunq94JSxWNwerSySEosbIYMGUe5HMm0BkuIAuBTitq11ewlBQXEeA7utlwo0rGxdbTUtuSyNQdKbYf2GL+M8M2pjU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715516523; c=relaxed/simple; bh=1L/LeMCvdG95GfQutp5DhkXxXFbSvEvxpQI1cazpUQA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=SRRlYWhhA1O9+xF6kUjvDHQDU5eCkeZuqugLnnTDGDiLKlGKXjJXvz7z1gSX0G+4H+IKAVOgCr9JI+oTrN96Jc23AyHpg8rveUsL5JNWjSMRvJTaKVMRdmcXh2+EEZoMQQfp0XIe5VDEh88yJxGa2U//bnilRgnfTsXP8aidtaE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.helo=mgamail.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=FuELW9xs; arc=none smtp.client-ip=198.175.65.21 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.helo=mgamail.intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="FuELW9xs" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1715516522; x=1747052522; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1L/LeMCvdG95GfQutp5DhkXxXFbSvEvxpQI1cazpUQA=; b=FuELW9xsPzP//XCtqUGDDl0ugNfs1Qj5JtMz7FOTpsRhFfmx0rbrSZSr IL2pHkat/IIPcztekk1fyHutMDElzC+SE7XVTXv7hSxfAQnRp3OJgVhhN DgX7FtrfIRa5FekPIjIvWg6Lz9nKNOb3h2KXduT1R2sVPQcZpYDjuSRHZ DXfyl7fbDCllB16MqLKQ9/o3/RghFF1fYyKHZlpbXGVbDN9KeZDvwXwu2 zff+gE4sogenAEQxY/ng+eu1sNAxoVoPPcwz//++ZJ1pa6tPKYCx+gfeM 5X1wnbn1M1cCYssHEVQxaWz6E32wuCOKnQswwLjIl5Y7uhJKjWFoiYg5u A==; X-CSE-ConnectionGUID: +Q1vAMjER1eqOQ4v7/tS0Q== X-CSE-MsgGUID: D/ONP/MvQqGOUoe7v8lHQw== X-IronPort-AV: E=McAfee;i="6600,9927,11071"; a="11397027" X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="11397027" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa113.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 May 2024 05:22:01 -0700 X-CSE-ConnectionGUID: b8CjFX4xSV6XLwWbmvIoFw== X-CSE-MsgGUID: I5V4C1HATNOjYEwub3/XUw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.08,155,1712646000"; d="scan'208";a="67579699" Received: from black.fi.intel.com ([10.237.72.28]) by orviesa001.jf.intel.com with ESMTP; 12 May 2024 05:21:59 -0700 Received: by black.fi.intel.com (Postfix, from userid 1000) id 3A21B317; Sun, 12 May 2024 15:21:58 +0300 (EEST) From: "Kirill A. Shutemov" To: "Kirill A. Shutemov" , Dave Hansen , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org Subject: [PATCHv4 4/4] x86/tdx: Enable CPU topology enumeration Date: Sun, 12 May 2024 15:21:54 +0300 Message-ID: <20240512122154.2655269-5-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> References: <20240512122154.2655269-1-kirill.shutemov@linux.intel.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TDX 1.0 defines baseline behaviour of TDX guest platform. In TDX 1.0 generates a #VE when accessing topology-related CPUID leafs (0xB and 0x1F) and the X2APIC_APICID MSR. The kernel returns all zeros on CPUID topology. In practice, this means that the kernel can only boot with a plain topology. Any complications will cause problems. The ENUM_TOPOLOGY feature allows the VMM to provide topology information to the guest. Enabling the feature eliminates topology-related #VEs: the TDX module virtualizes accesses to the CPUID leafs and the MSR. Enable ENUM_TOPOLOGY if it is available. Signed-off-by: Kirill A. Shutemov --- arch/x86/coco/tdx/tdx.c | 27 +++++++++++++++++++++++++++ arch/x86/include/asm/shared/tdx.h | 2 ++ 2 files changed, 29 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index ba37f4306f4e..53d0b9df5a7f 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -249,6 +249,32 @@ static void disable_sept_ve(u64 td_attr) return; } =20 +/* + * TDX 1.0 generates a #VE when accessing topology-related CPUID leafs (0x= B and + * 0x1F) and the X2APIC_APICID MSR. The kernel returns all zeros on CPUID = #VEs. + * In practice, this means that the kernel can only boot with a plain topo= logy. + * Any complications will cause problems. + * + * The ENUM_TOPOLOGY feature allows the VMM to provide topology informatio= n. + * Enabling the feature eliminates topology-related #VEs: the TDX module + * virtualizes accesses to the CPUID leafs and the MSR. + * + * Enable ENUM_TOPOLOGY if it is available. + */ +static void enable_cpu_topology_enumeration(void) +{ + u64 configured; + + /* Has the VMM provided a valid topology configuration? */ + tdg_vm_rd(TDCS_TOPOLOGY_ENUM_CONFIGURED, &configured); + if (!configured) { + pr_err("VMM did not configure X2APIC_IDs properly\n"); + return; + } + + tdg_vm_wr(TDCS_TD_CTLS, TD_CTLS_ENUM_TOPOLOGY, TD_CTLS_ENUM_TOPOLOGY); +} + static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args =3D {}; @@ -280,6 +306,7 @@ static void tdx_setup(u64 *cc_mask) tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); =20 disable_sept_ve(td_attr); + enable_cpu_topology_enumeration(); } =20 /* diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/share= d/tdx.h index fecb2a6e864b..89f7fcade8ae 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -23,12 +23,14 @@ #define TDCS_CONFIG_FLAGS 0x1110000300000016 #define TDCS_TD_CTLS 0x1110000300000017 #define TDCS_NOTIFY_ENABLES 0x9100000000000010 +#define TDCS_TOPOLOGY_ENUM_CONFIGURED 0x9100000000000019 =20 /* TDCS_CONFIG_FLAGS bits */ #define TDCS_CONFIG_FLEXIBLE_PENDING_VE BIT_ULL(1) =20 /* TDCS_TD_CTLS bits */ #define TD_CTLS_PENDING_VE_DISABLE BIT_ULL(0) +#define TD_CTLS_ENUM_TOPOLOGY BIT_ULL(1) =20 /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 --=20 2.43.0