From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 81FB22857F9 for ; Thu, 4 Sep 2025 06:55:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968906; cv=none; b=OUOlwE330pJ4YPllgFBfTb2csA3HZi6YoZstkKXWitk7LqfH+N2atwGEKwDpb5BLliFUNfeQxMETiYn8GlXkugYi1EAMms8fZo76CBpzEcWCc0+cMUXgmuKct8k0NNOAaJWVZmjppM7H6hU+6tUObnXOdtapj4ICSt9r2TigO9Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968906; c=relaxed/simple; bh=faOGkpSzpOyOpNjAb1lIsIvMQ/6D2s/m8DjORXdbeBc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Zwq5tMOApeHehH3VkZDnJiTAvZmUlnad/WFBSxU3dl6i2MSl99q0GLgH+4earQMKqok1XhiZGwK64AwuSh+uuwliWSy0G/vXqYE0ca+Qohbkg43KBVo5WC0LRaItCZzGKiyTcBQdiCltxEZsAeAmuGYXYGaTc9TcUZLxHdUcl1I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=wQu2SncI; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="wQu2SncI" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-7725b77b795so789666b3a.2 for ; Wed, 03 Sep 2025 23:55:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968905; x=1757573705; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ASqlFc0gx6M5+AiwFcVEnxp7D9dEbOExh/FBrBmvKuE=; b=wQu2SncIvbSbZ4GodfwVvwcAlVC9fe8E/lqIGu2Mats2og34CLKwyFe/XWH1HCiofN 1K8BKq1kDvQMKEqTrrnKaLB/eoPFgLmcYLR+MHIGprW/ddBlaXYnhkVp4iebcZ/VskKx f9BFMrR2Dav/8kMTuw42s/1GHQ6JFq1+xar6qOIZRH7pdf2NIWxWoU/ivprxIY/bMnBL lnxHo11ihOGVFL0xv7TeUTbj6vnMdvPmpnPz2xw0/qCGZAb8WAcI7rNLDLSxDYyK9V36 tUE0/W/7bMDiB7IoTnzgBeEG0xIGgGliWMafcaBsBla7M1eZY3jbzqmmO9axOUDwutbo OeMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968905; x=1757573705; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ASqlFc0gx6M5+AiwFcVEnxp7D9dEbOExh/FBrBmvKuE=; b=nQ4VYvF7xyEsp7Fab4rxEQ7uCs2h2PifLUsoGucqm7HKID95osK/lSx7/3YwP8QfyA qf9O5I05HFTqS2Q0ybC1geCzvHUeg7I2RXpL7v3zmfBmkMn5yKZ4mnyZ6gjPk6tqZxrt XRnja34IcaWLVoTvT8je7hsA4kQVawD1n5xNe03mgDsqAlNweMTPt3UcdCGfpXLQQmVe 7lYfVwmUscgDEv8Xz4JRfyIUeBmeHTGm7mo724k+xEbnsCNHiAKIziIuO6qviucvEsoW 4nO/DtGxKD46/3zlQJHrzqoBLZtz0zkNXAKT8NWRLuvveSDmWHSQTtRMsCafIxzyN1z1 iC6g== X-Gm-Message-State: AOJu0YyEnJU4V/5nkbNTXSIR+Xmcbre4pUwjgBwTnHhig12JQjUqp7OK FawkLWfpV29sdB/kqcPUEA/+DzqQOJjoB+rzpepFxieLsaS0GAqlURbvgUEB6IWIzonQFtGTM+R qkg== X-Google-Smtp-Source: AGHT+IGD4KfK7NxbzN0CDzkoj/otOhDOsc4uzoW3Q6Gl7r7SokK8q8EF58+f6sfFSh2rTUNKYH1JEJ1SXg== X-Received: from pfuf51.prod.google.com ([2002:a05:6a00:b33:b0:772:7103:df0f]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:3e04:b0:76b:c882:e0a with SMTP id d2e1a72fcca58-7723e21e636mr18372274b3a.5.1756968904663; Wed, 03 Sep 2025 23:55:04 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:31 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-2-sagis@google.com> Subject: [PATCH v10 01/21] KVM: selftests: Allocate pgd in virt_map() as necessary From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If virt_map() is called before any call to ____vm_vaddr_alloc() it will create the mapping using an invalid pgd. Add call to virt_pgd_alloc() as part of virt_map() before creating the mapping, similarly to ____vm_vaddr_alloc() Reviewed-by: Ira Weiny Reviewed-by: Binbin Wu Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/lib/kvm_util.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index c3f5142b0a54..b4c8702ba4bd 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -1609,6 +1609,7 @@ void virt_map(struct kvm_vm *vm, uint64_t vaddr, uint= 64_t paddr, TEST_ASSERT(vaddr + size > vaddr, "Vaddr overflow"); TEST_ASSERT(paddr + size > paddr, "Paddr overflow"); =20 + virt_pgd_alloc(vm); while (npages--) { virt_pg_map(vm, vaddr, paddr); sparsebit_set(vm->vpages_mapped, vaddr >> vm->page_shift); --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E0CE7285CAA for ; Thu, 4 Sep 2025 06:55:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968908; cv=none; b=uCkvQ9LekpACZOCPRh/MId5IiXX5mCOqWI9rxxkehdcDyQhjCfw85/C0tK0xM+p74FbWaAv5s7QwSl511nCCvu75H3cSNiSA2/utEuveAO4GRfvBkNqNzSfFz5Pz792TT/YZdhLhQLMRKIA8qYZFD1gTm+t6Zg7vius/XqmEoh8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968908; c=relaxed/simple; bh=348b4OgRxCPZDt5zbD2zMnPjRA6DnidXFpSwvU+Q7T0=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WIq+E7Sebc94j2Y+IUJYW7whLBlDkkLDt75GQ9nPWgl7m5R4oJ7keKrMoToMrDlnm4TdlnqMAc+rmZddE/tJhCAmbaNyH4t+ZOJ2nQnvLRiYPLLwvHVcYmeVceWtr7OMbDo7WkyFo82kolDkqnCY4mHLUYHaL8gqymYKPd1/O4U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Hqg7p1rh; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Hqg7p1rh" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-325b2959306so1286778a91.0 for ; Wed, 03 Sep 2025 23:55:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968906; x=1757573706; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=vezJfUKCtxNWPm/VdLSVnM4sP+de00c6p544QQMtBnU=; b=Hqg7p1rhO/pp9pFDQrs/XZlVGnczm3Bvq91al0XdGMVsuWn1wlRKFU6Apq5XKMntCU gmqQkx4mNNFk3C4SkijiksIiu/Q86YE/YrrlGDz86HVA92Z9A3qKcVjDTG5YouOJq9gC 2tMbvYIGyT88UTP00E/1V0TPxR4LCEczs/hUobMKWG3SU73Vr1v0z7FlFnGhKaR2aMDq rZ6f3E980KfCv3rsbiDNJUmA9w4PYlP7nt2lVsBiiwm7YKI74XdQff6DXK3uUq4zsY4S oCJCQrp9m/slnx0w3aAs+Z/+ItaX6dbQ3dfyJsQIU4E8W+X5Fgp8chhGPEjLM+z1jABX Gprw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968906; x=1757573706; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vezJfUKCtxNWPm/VdLSVnM4sP+de00c6p544QQMtBnU=; b=YJxiqeQI0GICxZ+iPCe8W4KJYFQpGIPBudMhfgDCKnhIixuca7dz8JQ4OhYv17fUFw OrobGqVKYD1HcU5VsikCjfX2+rmY1oKer2ddZFVG/z2afcYESHtLIK1S0kt2bPGP9tMT y4UsSu0SLfuODjbMGC+S6F24DTp/nTgH7+LOiuu1u8sXpC6dbatHT0Mrx0lHRXV8Zdgk RZyvtZFnKlfJg3RsxykNB9TiHweb8RYb/lxUkZSaEggLTSYrlJSv+6tf8SOmkAA70ieq m6+EfGOMhe88GQfWJzh2XHa123is7UDqoATS3eEVXchfJZiL8vha/e1xPSZBTbV6TRyh cWKA== X-Gm-Message-State: AOJu0YwGrxQw/5t7cnjwTTgl6SQtOkEXw3l5GbUWFZw2kih1SnL748bQ MqmiWCPwOdGuA80OftaOFSwl8O1y2y6eypEb09+LFNRNzoHxGIE6sLty4lvYd9koIyqs5o5IBW4 Myw== X-Google-Smtp-Source: AGHT+IHKFulWacx9Uc/kpwTFlpBhGdWU15nk+AKPjD6xyzys8McNW5qoCvcoYO9CJe7Y4Ge8I7kXM/rjWQ== X-Received: from pjboh15.prod.google.com ([2002:a17:90b:3a4f:b0:32b:827b:f76e]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:4aca:b0:329:cb75:fed7 with SMTP id 98e67ed59e1d1-329cb760ed6mr17044247a91.19.1756968906032; Wed, 03 Sep 2025 23:55:06 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:32 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-3-sagis@google.com> Subject: [PATCH v10 02/21] KVM: selftests: Expose functions to get default sregs values From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TDX can't set sregs values directly using KVM_SET_SREGS. Expose the default values of certain sregs used by TDX VMs so they can be set manually. Signed-off-by: Sagi Shahar Reviewed-by: Binbin Wu --- .../selftests/kvm/include/x86/processor.h | 33 +++++++++++++++++++ .../testing/selftests/kvm/lib/x86/processor.c | 12 +++---- 2 files changed, 38 insertions(+), 7 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86/processor.h b/tools/te= sting/selftests/kvm/include/x86/processor.h index 2efb05c2f2fb..f610c09cadf4 100644 --- a/tools/testing/selftests/kvm/include/x86/processor.h +++ b/tools/testing/selftests/kvm/include/x86/processor.h @@ -27,6 +27,10 @@ extern uint64_t guest_tsc_khz; #define MAX_NR_CPUID_ENTRIES 100 #endif =20 +#ifndef NUM_INTERRUPTS +#define NUM_INTERRUPTS 256 +#endif + #define NONCANONICAL 0xaaaaaaaaaaaaaaaaull =20 /* Forced emulation prefix, used to invoke the emulator unconditionally. */ @@ -1456,4 +1460,33 @@ void virt_map_level(struct kvm_vm *vm, uint64_t vadd= r, uint64_t paddr, =20 bool sys_clocksource_is_based_on_tsc(void); =20 +static inline uint16_t kvm_get_default_idt_limit(void) +{ + return NUM_INTERRUPTS * sizeof(struct idt_entry) - 1; +} + +static inline uint16_t kvm_get_default_gdt_limit(void) +{ + return getpagesize() - 1; +} + +static inline uint64_t kvm_get_default_cr0(void) +{ + return X86_CR0_PE | X86_CR0_NE | X86_CR0_PG; +} + +static inline uint64_t kvm_get_default_cr4(void) +{ + uint64_t cr4 =3D X86_CR4_PAE | X86_CR4_OSFXSR; + + if (kvm_cpu_has(X86_FEATURE_XSAVE)) + cr4 |=3D X86_CR4_OSXSAVE; + return cr4; +} + +static inline uint64_t kvm_get_default_efer(void) +{ + return EFER_LME | EFER_LMA | EFER_NX; +} + #endif /* SELFTEST_KVM_PROCESSOR_H */ diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index d4c19ac885a9..83efcf48faad 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -498,15 +498,13 @@ static void vcpu_init_sregs(struct kvm_vm *vm, struct= kvm_vcpu *vcpu) vcpu_sregs_get(vcpu, &sregs); =20 sregs.idt.base =3D vm->arch.idt; - sregs.idt.limit =3D NUM_INTERRUPTS * sizeof(struct idt_entry) - 1; + sregs.idt.limit =3D kvm_get_default_idt_limit(); sregs.gdt.base =3D vm->arch.gdt; - sregs.gdt.limit =3D getpagesize() - 1; + sregs.gdt.limit =3D kvm_get_default_gdt_limit(); =20 - sregs.cr0 =3D X86_CR0_PE | X86_CR0_NE | X86_CR0_PG; - sregs.cr4 |=3D X86_CR4_PAE | X86_CR4_OSFXSR; - if (kvm_cpu_has(X86_FEATURE_XSAVE)) - sregs.cr4 |=3D X86_CR4_OSXSAVE; - sregs.efer |=3D (EFER_LME | EFER_LMA | EFER_NX); + sregs.cr0 =3D kvm_get_default_cr0(); + sregs.cr4 |=3D kvm_get_default_cr4(); + sregs.efer |=3D kvm_get_default_efer(); =20 kvm_seg_set_unusable(&sregs.ldt); kvm_seg_set_kernel_code_64bit(&sregs.cs); --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4708A28727E for ; Thu, 4 Sep 2025 06:55:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968909; cv=none; b=A2h/YyoV4YHBmPafgEQ4fbDSeluodUbfMPEuQ+0qjih6DqViU0JNwoWV1zNtLk/CKxkAnTOkeny/+z4hVD8in4+prdtQk+PsjH6/Nks1cCQE/UgI1cywo2R/5FVwMXmG35rAP+Kh1TzAkUHLBRRvIL8CbZP3XoKLHJQT09jRhX8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968909; c=relaxed/simple; bh=EiTLc0aW13p3IiS4aBuoOV83AeEk06GWH67Cf3kqWJg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Qb4Zc7uLJhgTXGx/ue/EDkoOp8LUb8/QHf9lObJVTLgw2N7VFnvQisP50PhUR75bb1tjACsd/o6k9RXUdHlFdE365TGRPa9OlAIvDagymgZFZ/M0ccJ2IeKXBWlhmJqmC0T82auCE3RM8kjMUEEzk5h0Q3yiZ/LU/KAFRe6h29o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3AzTe8GD; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3AzTe8GD" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-77278d3789cso1347969b3a.1 for ; Wed, 03 Sep 2025 23:55:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968907; x=1757573707; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=1UaVfX3zOkLGXHSP9oRgmeXGU19apvDwL7UQ/Q2BpRU=; b=3AzTe8GDhnqiXVKdLiL7Cow142EmI8WyTS5jJmwHHuvyKz9kXgEkQYZeVGI1q8aKqq cQ0Izqr7Pmgv579zPgCu/xv678cjOYwk3x0UavgkAtTEB8b6pO/x0jqnR+T7eOKBNa0I CSb4euKRPckcN7RA3NxhekJx9+m43lyJ+nV2dziNX2BhwJMAWAjK3IAELFiTBn839VXN EKvenkp5OK+J/A73AS4k7u92HF1S0TcCHVesNcSzYXgve4Q55eOmYDHhdDYuzJDco/Ii 6FW8emkra/QEXLydkfDN+XE+1iaJVQVKwxmZlPk0GQjFM6LySJskxYQQfEAK69jbPPLk rzLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968907; x=1757573707; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=1UaVfX3zOkLGXHSP9oRgmeXGU19apvDwL7UQ/Q2BpRU=; b=m5OL3BGcERYVTEhZ4G3z3gOwfYttLUCtbXIWWD9ULlmc7zuJFW07VPp6/nbn9SiPeU 4yVCzbohRUYw8uKqTYdCPTUKgINl4fwd5MN/fk2MLNZsxdcbeIzwyPx4oCRS91q2m4Bl 7/fijPF5XZRZx3T4RQy4AKxMEj7ZVmw/nTI+1AJTnbMVGQUfwEaNXpIhlWiOQ799KkwJ ZalK4X5B82q4ya0yMf+z0JE9tn+aGvhF7goIl8c9huWVtL9vNXhYAqTRzenMX7pxH9j+ wY4PgmpttDAaDnibKTNM4DpY1VZgTUGVk/UhLyK36pGj9Jwq/jImCmWsPHJpSttFQd64 XkoA== X-Gm-Message-State: AOJu0Yx3O8l8BvwdIYkVRfG/IqYXf673eSjIAaTyuQC977gyj/x4KeuR uYPhNRwS4FB1Wtk8afCoFEplYf8+pQ6AZYcdEF/HmMZHj8W6P4HsSrmx4KZkY6wuHFhJyR9ZNw4 F7Q== X-Google-Smtp-Source: AGHT+IFXT+7TET6eQLNfnMbWm2CfkiHvtD2nLGJIyq17+osdVfH3IRuTMKDNhIPImZxMhUnt6NxzFYe7Cg== X-Received: from pfch21.prod.google.com ([2002:a05:6a00:1715:b0:76e:396a:e2dd]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:2e0d:b0:772:88b7:5a with SMTP id d2e1a72fcca58-77288b70399mr3947136b3a.16.1756968907464; Wed, 03 Sep 2025 23:55:07 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:33 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-4-sagis@google.com> Subject: [PATCH v10 03/21] KVM: selftests: Expose function to allocate guest vCPU stack From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TDX guests' registers cannot be initialized directly using vcpu_regs_set(), hence the stack pointer needs to be initialized by the guest itself, running boot code beginning at the reset vector. Expose the function to allocate the guest stack so that TDX initialization code can allocate it itself and skip the allocation in vm_arch_vcpu_add() in that case. Signed-off-by: Sagi Shahar Reviewed-by: Binbin Wu --- .../selftests/kvm/include/x86/processor.h | 2 ++ tools/testing/selftests/kvm/lib/x86/processor.c | 16 +++++++++++----- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86/processor.h b/tools/te= sting/selftests/kvm/include/x86/processor.h index f610c09cadf4..8e75df5e6bc9 100644 --- a/tools/testing/selftests/kvm/include/x86/processor.h +++ b/tools/testing/selftests/kvm/include/x86/processor.h @@ -1109,6 +1109,8 @@ static inline void vcpu_clear_cpuid_feature(struct kv= m_vcpu *vcpu, vcpu_set_or_clear_cpuid_feature(vcpu, feature, false); } =20 +vm_vaddr_t kvm_allocate_vcpu_stack(struct kvm_vm *vm); + uint64_t vcpu_get_msr(struct kvm_vcpu *vcpu, uint64_t msr_index); int _vcpu_set_msr(struct kvm_vcpu *vcpu, uint64_t msr_index, uint64_t msr_= value); =20 diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index 83efcf48faad..82369373e843 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -658,12 +658,9 @@ void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, = void *guest_code) vcpu_regs_set(vcpu, ®s); } =20 -struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id) +vm_vaddr_t kvm_allocate_vcpu_stack(struct kvm_vm *vm) { - struct kvm_mp_state mp_state; - struct kvm_regs regs; vm_vaddr_t stack_vaddr; - struct kvm_vcpu *vcpu; =20 stack_vaddr =3D __vm_vaddr_alloc(vm, DEFAULT_STACK_PGS * getpagesize(), DEFAULT_GUEST_STACK_VADDR_MIN, @@ -684,6 +681,15 @@ struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, u= int32_t vcpu_id) "__vm_vaddr_alloc() did not provide a page-aligned address"); stack_vaddr -=3D 8; =20 + return stack_vaddr; +} + +struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id) +{ + struct kvm_mp_state mp_state; + struct kvm_regs regs; + struct kvm_vcpu *vcpu; + vcpu =3D __vm_vcpu_add(vm, vcpu_id); vcpu_init_cpuid(vcpu, kvm_get_supported_cpuid()); vcpu_init_sregs(vm, vcpu); @@ -692,7 +698,7 @@ struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, ui= nt32_t vcpu_id) /* Setup guest general purpose registers */ vcpu_regs_get(vcpu, ®s); regs.rflags =3D regs.rflags | 0x2; - regs.rsp =3D stack_vaddr; + regs.rsp =3D kvm_allocate_vcpu_stack(vm); vcpu_regs_set(vcpu, ®s); =20 /* Setup the MP state */ --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BB4E52877F7 for ; Thu, 4 Sep 2025 06:55:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968911; cv=none; b=O60qGkCXmyXJ1gUWn495275JHCNBoo96hKIaagRYzZS3ZddQC6TIM0XQhuq7B9Cvv91HOiwaidTFgaFZtW26MR9JaNgWDZ78B9unBcx49asPo+HcloPqSAErQZaomLAAHyZzTPJEjX12b675xgdKD486D1+D4RTzjCbyOMpPV9g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968911; c=relaxed/simple; bh=gbMGCJ4AmKTFx5ZP3d8/sR850NUZ8Nyfys/WO0gx5zQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=k2X+Kf3/omvjV6R0VyX3vQWM7z94/3dJQI3JEtSc7K7XoYTQqno1LtvWZFurjsQo75PG5NVRyGqrIhXhGnhKueHBZcGTNfmfdvebGF2Y9UsxPvCVi7vIUmNUDLwS5ZFZ+f7fv091R58T6/PSsaRCxo+TPcjzpXg2u1hmj7C8NdM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=emOewqRS; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="emOewqRS" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-b4dfb96c99dso477025a12.0 for ; Wed, 03 Sep 2025 23:55:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968909; x=1757573709; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NDDOgHIgq9qGhhvchsAZNjlKa2bwiovWK1PgQkjRy/c=; b=emOewqRSahTk0nN4wYhNazRIY1dPE+SpIACQU36S7xXNeCXvgptOkDU5yOLIHMZ0ZO ruNnxqqS7xA2VLit0xmDiwzx7PVTwNQBx2D592+MAMBMogOP9hqg976dl1C+yY64vqbN GqJhREIShbpZ+KWi96a1FJewejdHjD1LyO1S0Td2YIhvRvafNdufT9QA+ECO2ZRo5G7d S3JBMmIXNfZTvrlUNQHmGhPHqO3f9One9kKvkplzk/EL/Ogna9+uFvyz4NskrnUe5792 WGhgfs5iYEwzEA0v1wYzLoXEPtaYnovzlUOqX2/SsihxXkJdYxoM/AM+njryOO1xYT1B U8yQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968909; x=1757573709; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NDDOgHIgq9qGhhvchsAZNjlKa2bwiovWK1PgQkjRy/c=; b=EUGFQUF2nBIA6DFumVsW0w2Q4YZgLlG/t348RH1sFT/06Jml3zYLDeSx6OwfgUdjn1 WZqUBiFjoDADYn4iQNSX22vRNZ17rQ2D1YLydzW1gfi2cxfoCe1Rb4yG66LeCjnDA1/e mF+yMXYtfsKYueshSFGGcXzEFLurw+r7xEgam+l5reQOc/qvZ6fBfYyn1Zk000Eba6lp fVrKRg/i/RfG6zFJvilG7xiC0Clf8hgl/ZK89ESyLOaLQ1iN3Vq9wbvVU1KBcbJRPafD iredi/jhOIQ4b0dxtDwcAh9iSLFbKsqjF68ih6+s2lODu9fso0Kv+WAhHvoCMF0fGG6D aMJw== X-Gm-Message-State: AOJu0YyeBzQXWD5t7OG7/fpei0Ed9eeXd3t2N+BPzMzUnL6rcaPzlbXe URPAWS8VaDET/wB9hIwefoiEiALt63N3M4YcbDNMVDOvf3jCLGPxiy3nXGffugPfyJD/E2dTwm+ eDA== X-Google-Smtp-Source: AGHT+IEJ3xueX8dywduwUXcV9xf6moiRuuQXOoidBruGPeNFQRdyoPhUvTZBSxs/kIbopXdVJcYw683Htw== X-Received: from pgbdp9.prod.google.com ([2002:a05:6a02:f09:b0:b4c:2bd1:3d27]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:258a:b0:24c:2fa1:fdd4 with SMTP id adf61e73a8af0-24c2fa201c8mr1255804637.19.1756968909005; Wed, 03 Sep 2025 23:55:09 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:34 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-5-sagis@google.com> Subject: [PATCH v10 04/21] KVM: selftests: Update kvm_init_vm_address_properties() for TDX From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org, Adrian Hunter Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Isaku Yamahata Let kvm_init_vm_address_properties() initialize vm->arch.{s_bit, tag_mask} similar to SEV. TDX sets the shared bit based on the guest physical address width and currently supports 48 and 52 widths. Co-developed-by: Adrian Hunter Signed-off-by: Adrian Hunter Signed-off-by: Isaku Yamahata Co-developed-by: Sagi Shahar Signed-off-by: Sagi Shahar Reviewed-by: Binbin Wu --- .../selftests/kvm/include/x86/tdx/tdx_util.h | 14 ++++++++++++++ tools/testing/selftests/kvm/lib/x86/processor.c | 12 ++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools= /testing/selftests/kvm/include/x86/tdx/tdx_util.h new file mode 100644 index 000000000000..286d5e3c24b1 --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef SELFTESTS_TDX_TDX_UTIL_H +#define SELFTESTS_TDX_TDX_UTIL_H + +#include + +#include "kvm_util.h" + +static inline bool is_tdx_vm(struct kvm_vm *vm) +{ + return vm->type =3D=3D KVM_X86_TDX_VM; +} + +#endif // SELFTESTS_TDX_TDX_UTIL_H diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index 82369373e843..2a44831e0cc9 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -8,6 +8,7 @@ #include "kvm_util.h" #include "processor.h" #include "sev.h" +#include "tdx/tdx_util.h" =20 #ifndef NUM_INTERRUPTS #define NUM_INTERRUPTS 256 @@ -1160,12 +1161,19 @@ void kvm_get_cpu_address_width(unsigned int *pa_bit= s, unsigned int *va_bits) =20 void kvm_init_vm_address_properties(struct kvm_vm *vm) { + uint32_t gpa_bits =3D kvm_cpu_property(X86_PROPERTY_GUEST_MAX_PHY_ADDR); + + vm->arch.sev_fd =3D -1; + if (is_sev_vm(vm)) { vm->arch.sev_fd =3D open_sev_dev_path_or_exit(); vm->arch.c_bit =3D BIT_ULL(this_cpu_property(X86_PROPERTY_SEV_C_BIT)); vm->gpa_tag_mask =3D vm->arch.c_bit; - } else { - vm->arch.sev_fd =3D -1; + } else if (is_tdx_vm(vm)) { + TEST_ASSERT(gpa_bits =3D=3D 48 || gpa_bits =3D=3D 52, + "TDX: bad X86_PROPERTY_GUEST_MAX_PHY_ADDR value: %u", gpa_bits); + vm->arch.s_bit =3D BIT_ULL(gpa_bits - 1); + vm->gpa_tag_mask =3D vm->arch.s_bit; } } =20 --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3A83A288517 for ; Thu, 4 Sep 2025 06:55:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968912; cv=none; b=Ph9GkeJ1C0kmNCr1glqy6+vjegO5awj5bWn+I3ZlpRcNZD/OKydiMvfMGIXeK/Nv2yo4Ki5+g+32VX8RLbbm9iFUWUF+J4YlEgheuk/baGqHkZyVgoOx5KliuSVOBr1SA3jKwrleowYueZxvKs4++s9ljPXBjsoXDUUX/LJw9Xo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968912; c=relaxed/simple; bh=7B7lwBJ0jXTeacBWtIq12DWMmRMY2GhnIen+mcsaZ6A=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=B7vu4Y78N07MxzBS+HTkoW8vFAIruHGTtpCmlSCsoSr8j62B2KhSIatHyaOJRiQaXyzE1vGT6acQQ57Ynpu5/HV3AR+hjgXLgdJ4T8y7yfH+geBMowSX/ywd7/y7w3h/Eh+i0AN4yiSq8L41CC/0dVniXmXMzJO5sCe7WUeo+I0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=p+w1Kfw4; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="p+w1Kfw4" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-325ce108e45so630303a91.0 for ; Wed, 03 Sep 2025 23:55:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968910; x=1757573710; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=5YEQCBMmqJuzc9aQAf9Qk31e/qZjHLfuJ8wSwcpoTOE=; b=p+w1Kfw4AJE2YHaSQt0VziaJcUmWz9Aoebxp3sV9fagmd3xzJfAlRPIjcJkCvSgcKx xU+SsWwcexxDf7/0iTkdoY4KzbM+TFrexXo5MaIitKHdSpwp+DWjVa0tg8ivWzvgavXh tL4N5P6NZpGoo/Y9b6TCJ2m5QfJVm1q37m1AYyh6AUte4HT5MRIAotHYofcQbhwiS3uG Lna48So6yOY0zQvyumfvzQmrX+CsUAIxNBAoZHuqFxTiDx+Hts27bmVVUVlrAY57jlJ0 +sAMCGDKzbQpiWedw2QVdxQ8wi7eDu6SB9Cu1k3+qNoD9ZDtGuKfBkIfTu2B32jNJnK2 W4Qw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968910; x=1757573710; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5YEQCBMmqJuzc9aQAf9Qk31e/qZjHLfuJ8wSwcpoTOE=; b=o5qRLGbFx4vZFpMzBv38di8lu9IlQYGJaIYgx2f2wZlt6+hJghAHhqVf7L7kZInKCE QVwJbvdrPyMRXzrp7ZgVY2hhmthmINOtVPKTxNdW8sOONKw3WXmvROjYLXHUwxH4HrbI FknR02ExARPWGgsaHsnz8zW/1QqMV2xpgJjKt7OKXarpQQ4kPF21B+F0/ih1iq1EIKkY jFg12SdtMit1WzJq+IFW/z8vIuKdQ0sT9CjKN3NjDPsSSITAofaVTHNuJmQeAx+OEuNz PbsfbyEkfBnw8AjIzm9Zhg+fKwfTw60FSQar1EXOoeioMzSrrDYI1Wxfu6sh0xn4Vr7R VLTA== X-Gm-Message-State: AOJu0YxbBZrzWkAnKW07bO22Rt0VkNdPPwtTMs1RVT3kQzkcmoFYaCY0 vSnzWufBo3BIt6aIG0MbZ83ABgYdCp4yRBRsgGzj1k55s9nSzunr5pGgKndBQk2dqoENT54RXRT kaA== X-Google-Smtp-Source: AGHT+IE9YYmncisXydvkAn1sJlRRuLIxllELyPyRwTcYcKt7NlhRMcgbBqYTWjEB12Ff/oJCvryXlzSM4Q== X-Received: from pjh4.prod.google.com ([2002:a17:90b:3f84:b0:329:d461:98a4]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2d8c:b0:32b:6132:5f99 with SMTP id 98e67ed59e1d1-32b61326264mr6170784a91.15.1756968910496; Wed, 03 Sep 2025 23:55:10 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:35 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-6-sagis@google.com> Subject: [PATCH v10 05/21] KVM: selftests: Expose segment definitons to assembly files From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move kernel segment definitions to a separate file which can be included from assembly files. Reviewed-by: Ira Weiny Signed-off-by: Sagi Shahar Reviewed-by: Binbin Wu --- .../selftests/kvm/include/x86/processor_asm.h | 12 ++++++++++++ tools/testing/selftests/kvm/lib/x86/processor.c | 5 +---- 2 files changed, 13 insertions(+), 4 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86/processor_asm.h diff --git a/tools/testing/selftests/kvm/include/x86/processor_asm.h b/tool= s/testing/selftests/kvm/include/x86/processor_asm.h new file mode 100644 index 000000000000..7e5386a85ca8 --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86/processor_asm.h @@ -0,0 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Used for storing defines used by both processor.c and assembly code. + */ +#ifndef SELFTEST_KVM_PROCESSOR_ASM_H +#define SELFTEST_KVM_PROCESSOR_ASM_H + +#define KERNEL_CS 0x8 +#define KERNEL_DS 0x10 +#define KERNEL_TSS 0x18 + +#endif // SELFTEST_KVM_PROCESSOR_ASM_H diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index 2a44831e0cc9..623168ea9a44 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -7,6 +7,7 @@ #include "test_util.h" #include "kvm_util.h" #include "processor.h" +#include "processor_asm.h" #include "sev.h" #include "tdx/tdx_util.h" =20 @@ -14,10 +15,6 @@ #define NUM_INTERRUPTS 256 #endif =20 -#define KERNEL_CS 0x8 -#define KERNEL_DS 0x10 -#define KERNEL_TSS 0x18 - vm_vaddr_t exception_handlers; bool host_cpu_is_amd; bool host_cpu_is_intel; --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2F43728934F for ; Thu, 4 Sep 2025 06:55:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968914; cv=none; b=hVtk4UZ0GSVqs4DAmxMJH7BMvMKouFtVthgicHwJlK0eYFyITbNX3yCJbWag3865T+SxrA+T6a0XUDcMhd9An56bHNhOYItlW3j0SIqxgEtdF8UhySfPXDxxVnMZARbQgeiGYh1G8wQ9RVH846fxvDptAAeRWRLoXIuTwEzct6U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968914; c=relaxed/simple; bh=jTAk0VRpOVV4bc0UhlAMxjyl0WAtBQgyMPsTPcfAW2Y=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=kj5ZN049vvLMP+zAwBmcuXorpAG6PT8KidV4x0Q4QJYTMVAAP7uuE/MK8sGG/66xXc6zyewb0NMVoqfBooJwpkgYsvqwkp4DQXDb9z5mqw2HM7Q9jXDoTOuLWePLgQbIkAjEMfEmJHsW2qU7rDgQg7e2mbhG9YmBpAUUheksIsc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1EWDlQ8D; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1EWDlQ8D" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2445806b18aso9209935ad.1 for ; Wed, 03 Sep 2025 23:55:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968912; x=1757573712; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=2BNUyviqUil8XBJbXZDuQ3pKbq0VlqMJJavKpGuaG4I=; b=1EWDlQ8DXnJpXX/L0K3Yobmk5UDc0JDWkin9dR8nha6JkLYuohLW+vT1v3qRZyMUNu 4Z2jkJQEGdHUsmPTG6E2W577bPvnDFbsYOnBPGncumnHRSKpEg6IlNp8nA2jxBzKkCcQ 7ZhaL3ly0abhZgpiQfgTFZRwocaX39b2UD5iOjIDCf139R87Iq8HPdcv6QhAg6ZGzlDq Lg0ZU83dFU4he3Jq4GiTe/VmAsfFVG7YE+ocVRok2wnnGALThqEYBMwD7CXvLE11Z2sz maEja5ANyXbFjmi6q/FvdRN0K1mxE5FbI6rQcbEaVneeKXoHGqkEuXC8+C1rs+TiBXAX jXaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968912; x=1757573712; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=2BNUyviqUil8XBJbXZDuQ3pKbq0VlqMJJavKpGuaG4I=; b=VcKDYR7Xx0rRVOoMnDA8JF2C2Xmi/9XkrzoueVlLDKqeb/1uGIOSibFwJ2U40jJSpO SmIF7Xq/+8/NJdZsK2HsVi6+IhunfyoN5IL7eHdRxXeiHtD/xthGjvL8GMS61nmUVyW0 EcbtIpwx6b8ixDJltcYQIovhEkPsh1P4FTaQMi5f4eMpbvLf6IV2GLynauXjzmb8OQ7z xk8Z7IJRhwCboFw39sWF59Bg1oX6ojTpfY7/zt1ZPBXPWDCwNfQgJ7vZqNgHV4ziL+aq OeR795JdNbEPEWrnmRNDZgkb2YooJWkn51qIw/gAHrHmq7OxAyS60FcYiDRQ4vRpYPM4 6k0Q== X-Gm-Message-State: AOJu0YzXZsMe7/iH6cTvh08K4ydcUvGgov06DuxATvviOAGCgLRfYSjR /lZRmDPj1aukRgUB4jUC06ai7gybS5228aN6+RWo3EKBu+hNpsleMOC3UQPYrPiuocNPYdCLXUY E1A== X-Google-Smtp-Source: AGHT+IH5hLY38bpfnaQsbJuP8cpIl0UsXd1oicIeqNFK0OMpEiH24w+v7AklRI93GhnSPuMBYNIePkxKxQ== X-Received: from plblm13.prod.google.com ([2002:a17:903:298d:b0:248:9b66:3356]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:28c:b0:248:811e:f873 with SMTP id d9443c01a7336-24944ab8f4bmr241345565ad.36.1756968912276; Wed, 03 Sep 2025 23:55:12 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:36 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-7-sagis@google.com> Subject: [PATCH v10 06/21] KVM: selftests: Add kbuild definitons From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add kbuild.h that can be used by files under tools/ Definitions are taken from the original definitions at include/linux/kbuild.h This is needed to expose values from c code to assembly code. Signed-off-by: Sagi Shahar --- tools/include/linux/kbuild.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 tools/include/linux/kbuild.h diff --git a/tools/include/linux/kbuild.h b/tools/include/linux/kbuild.h new file mode 100644 index 000000000000..62e20ba9380e --- /dev/null +++ b/tools/include/linux/kbuild.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __TOOLS_LINUX_KBUILD_H +#define __TOOLS_LINUX_KBUILD_H + +#include + +#define DEFINE(sym, val) \ + asm volatile("\n.ascii \"->" #sym " %0 " #val "\"" : : "i" (val)) + +#define BLANK() asm volatile("\n.ascii \"->\"" : : ) + +#define OFFSET(sym, str, mem) \ + DEFINE(sym, offsetof(struct str, mem)) + +#define COMMENT(x) \ + asm volatile("\n.ascii \"->#" x "\"") + +#endif /* __TOOLS_LINUX_KBUILD_H */ --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A81D628AAF9 for ; Thu, 4 Sep 2025 06:55:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968916; cv=none; b=upKricM9BcjYchav1bT40pusISB8D1sGUnwlp1OfKJjERTxoG6nJCqAtyfHcKM1LIufJA63fEsIWm6DD/xKU/+5pdYyZ6ohvMrLmaeP17xw0sSioV93RGg34apN8aLivOSi6bHDzGneJ4HhzBRyPlCRnZhyAnSeQnOfwifacUko= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968916; c=relaxed/simple; bh=WqerTk+Ce1mi+b7UK6B3fZJzoVkFc8hKiorCbP72pys=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=cecNdnYxfRMoQib7iZpu81l2bI+Zgz7o4aiY1lu9URMO+r5uY5UojcSCKk2KEUBRmmqvme01wzvdv3Z19A16ikFBjFvDIc8O83ObRfHAh1mlOE7/ahaX4KXADrUQ0cnIe8ke6su1X/BIkh+YaAFhzJWk46eqd8MOQhVsn8joHbo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=RD73djsB; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="RD73djsB" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-24cda4063easo340035ad.2 for ; Wed, 03 Sep 2025 23:55:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968914; x=1757573714; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:from:to:cc:subject:date:message-id :reply-to; bh=wnnUKXqaS1PhubecyA39BBSAxyYQ9KOIV0BIog+vX5o=; b=RD73djsBnl2O5gLXX55TuO2dmNBsZG5itgCbMBhtZayL/cpgcXOymzvSsJs/eqXl0t ne1WUBM15DbEVa8OV8aTNYI2g98Ur7yxNn5klBFu683+AmCvbBW5MwcapU5mDkutCVm6 KNt0Xz0mmKH0hPR5LbBPQr73ORrE6vASZgmGZaj65oiFmLPURmKDRuyDYSJ/dxliHM05 vIs080YnRpoLMrYZeeVgI9OauZhR0gkVUAfdh9dj2hOtUwj3MlfvEoMMreZ9KvCj078R LVVyRk7JRsnyiysfl873rjEWTsKYlU07R6p1GN0QD3StqnTY06AKtTzGsLt9vZkZz6+2 Pc6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968914; x=1757573714; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:x-gm-message-state:from:to:cc:subject :date:message-id:reply-to; bh=wnnUKXqaS1PhubecyA39BBSAxyYQ9KOIV0BIog+vX5o=; b=PFw10uJgRUVIHlzexxwUwYLsnbTdh9M8vwC/DtzoEEMw4U/Hf0J8o+Xbk+yB+ezW0I 9E/F15z2myO1z4VfBpAwXlcroM0veYofvlBhihH+YooFgzfH3l9ZqRfPE8qNhfp0vj/a KrxmpNHb6SrOOVMqd/17MCXu6ha24DUIMUX49L7/A7qnDMzIs17uG0HYNNbXG/TIQcbu ywT6XPqlnzAW5C9hQtafVxJBKcLqvtpKAaQmaSN98M8H9nMfL3NIBFU+Yx9zvBLfh7QY SJgCsxO4E5ASRiSh7dVBv2v8PD2Edc8DI5m2uLGCn/wosgZt7aD9Mv5IWvrR5Xba9FBD ++jA== X-Gm-Message-State: AOJu0Yxb3vRQ4zT8m/7k1q6ZzaQB6jE7fYAZpH1m171M8XH2DWOm+AM8 3b7WqVcLqjfZ/JlqLBCBmT5N7SyJH+QcyKJ0P6Xco61F/TztLA9S+QiDpAjwmveMuiuuZiEquze hAg== X-Google-Smtp-Source: AGHT+IHdgqyNpBMpt/bYzJ7+FnZp+WxzXkfhv7pByoS1YtSmKG0gimKr6Fdi62pDlbZtDTPV/NoU2SBoGw== X-Received: from ploq15.prod.google.com ([2002:a17:903:1aaf:b0:248:f37a:bc17]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:e783:b0:242:bba6:fc85 with SMTP id d9443c01a7336-24944b75a04mr252914475ad.56.1756968913924; Wed, 03 Sep 2025 23:55:13 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:37 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-8-sagis@google.com> Subject: [PATCH v10 07/21] KVM: selftests: Define structs to pass parameters to TDX boot code From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TDX registers are inaccesible to KVM. Therefore we need a different mechanism to load boot parameters for TDX code. TDX boot code will read the registers values from memory and set the registers manually. This patch defines the data structures used to communicate between c code and the TDX assembly boot code which will be added in a later patch. Use kbuild.h to expose the offsets into the structs from c code to assembly code. Co-developed-by: Ackerley Tng Signed-off-by: Ackerley Tng Signed-off-by: Sagi Shahar Reviewed-by: Binbin Wu --- tools/testing/selftests/kvm/Makefile.kvm | 18 +++++ .../selftests/kvm/include/x86/tdx/td_boot.h | 69 +++++++++++++++++++ .../kvm/lib/x86/tdx/td_boot_offsets.c | 21 ++++++ 3 files changed, 108 insertions(+) create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/td_boot.h create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/td_boot_offsets= .c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 41b40c676d7f..3f93c093b046 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -19,6 +19,8 @@ LIBKVM +=3D lib/userfaultfd_util.c =20 LIBKVM_STRING +=3D lib/string_override.c =20 +LIBKVM_ASM_DEFS +=3D lib/x86/tdx/td_boot_offsets.c + LIBKVM_x86 +=3D lib/x86/apic.c LIBKVM_x86 +=3D lib/x86/handlers.S LIBKVM_x86 +=3D lib/x86/hyperv.c @@ -230,6 +232,10 @@ OVERRIDE_TARGETS =3D 1 include ../lib.mk include ../cgroup/lib/libcgroup.mk =20 +# Enable Kbuild tools. +include $(top_srcdir)/scripts/Kbuild.include +include $(top_srcdir)/scripts/Makefile.lib + INSTALL_HDR_PATH =3D $(top_srcdir)/usr LINUX_HDR_PATH =3D $(INSTALL_HDR_PATH)/include/ LINUX_TOOL_INCLUDE =3D $(top_srcdir)/tools/include @@ -282,6 +288,7 @@ LIBKVM_S :=3D $(filter %.S,$(LIBKVM)) LIBKVM_C_OBJ :=3D $(patsubst %.c, $(OUTPUT)/%.o, $(LIBKVM_C)) LIBKVM_S_OBJ :=3D $(patsubst %.S, $(OUTPUT)/%.o, $(LIBKVM_S)) LIBKVM_STRING_OBJ :=3D $(patsubst %.c, $(OUTPUT)/%.o, $(LIBKVM_STRING)) +LIBKVM_ASM_DEFS_OBJ +=3D $(patsubst %.c, $(OUTPUT)/%.s, $(LIBKVM_ASM_DEFS)) LIBKVM_OBJS =3D $(LIBKVM_C_OBJ) $(LIBKVM_S_OBJ) $(LIBKVM_STRING_OBJ) $(LIB= CGROUP_O) SPLIT_TEST_GEN_PROGS :=3D $(patsubst %, $(OUTPUT)/%, $(SPLIT_TESTS)) SPLIT_TEST_GEN_OBJ :=3D $(patsubst %, $(OUTPUT)/$(ARCH)/%.o, $(SPLIT_TESTS= )) @@ -308,6 +315,7 @@ $(SPLIT_TEST_GEN_OBJ): $(OUTPUT)/$(ARCH)/%.o: $(ARCH)/%= .c =20 EXTRA_CLEAN +=3D $(GEN_HDRS) \ $(LIBKVM_OBJS) \ + $(LIBKVM_ASM_DEFS_OBJ) \ $(SPLIT_TEST_GEN_OBJ) \ $(TEST_DEP_FILES) \ $(TEST_GEN_OBJ) \ @@ -319,18 +327,28 @@ $(LIBKVM_C_OBJ): $(OUTPUT)/%.o: %.c $(GEN_HDRS) $(LIBKVM_S_OBJ): $(OUTPUT)/%.o: %.S $(GEN_HDRS) $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ =20 +$(LIBKVM_ASM_DEFS_OBJ): $(OUTPUT)/%.s: %.c FORCE + $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -S $< -o $@ + # Compile the string overrides as freestanding to prevent the compiler from # generating self-referential code, e.g. without "freestanding" the compil= er may # "optimize" memcmp() by invoking memcmp(), thus causing infinite recursio= n. $(LIBKVM_STRING_OBJ): $(OUTPUT)/%.o: %.c $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c -ffreestanding $< -o $@ =20 +$(OUTPUT)/include/x86/tdx/td_boot_offsets.h: $(OUTPUT)/lib/x86/tdx/td_boot= _offsets.s FORCE + $(call filechk,offsets,__TDX_BOOT_OFFSETS_H__) + +EXTRA_CLEAN +=3D $(OUTPUT)/include/x86/tdx/td_boot_offsets.h + $(shell mkdir -p $(sort $(dir $(TEST_GEN_PROGS)))) $(SPLIT_TEST_GEN_OBJ): $(GEN_HDRS) $(TEST_GEN_PROGS): $(LIBKVM_OBJS) $(TEST_GEN_PROGS_EXTENDED): $(LIBKVM_OBJS) $(TEST_GEN_OBJ): $(GEN_HDRS) =20 +FORCE: + cscope: include_paths =3D $(LINUX_TOOL_INCLUDE) $(LINUX_HDR_PATH) include = lib .. cscope: $(RM) cscope.* diff --git a/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h b/tools/= testing/selftests/kvm/include/x86/tdx/td_boot.h new file mode 100644 index 000000000000..8eda3ce10220 --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h @@ -0,0 +1,69 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef SELFTEST_TDX_TD_BOOT_H +#define SELFTEST_TDX_TD_BOOT_H + +#include + +#include +#include + +/* + * Layout for boot section (not to scale) + * + * GPA + * _________________________________ 0x1_0000_0000 (4GB) + * | Boot code trampoline | + * |___________________________|____ 0x0_ffff_fff0: Reset vector (16B belo= w 4GB) + * | Boot code | + * |___________________________|____ td_boot will be copied here, so that = the + * | | jmp to td_boot is exactly at the rese= t vector + * | Empty space | + * | | + * |=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94= =80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80= =E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2=94=80=E2= =94=80=E2=94=80=E2=94=80| + * | | + * | | + * | Boot parameters | + * | | + * | | + * |___________________________|____ 0x0_ffff_0000: TD_BOOT_PARAMETERS_GPA + */ +#define FOUR_GIGABYTES_GPA (SZ_4G) + +/* + * The exact memory layout for LGDT or LIDT instructions. + */ +struct __packed td_boot_parameters_dtr { + uint16_t limit; + uint32_t base; +}; + +/* + * Allows each vCPU to be initialized with different eip and esp. + */ +struct td_per_vcpu_parameters { + uint32_t esp_gva; + uint64_t guest_code; +}; + +/* + * Boot parameters for the TD. + * + * Unlike a regular VM, KVM cannot set registers such as esp, eip, etc + * before boot, so to run selftests, these registers' values have to be + * initialized by the TD. + * + * This struct is loaded in TD private memory at TD_BOOT_PARAMETERS_GPA. + * + * The TD boot code will read off parameters from this struct and set up t= he + * vCPU for executing selftests. + */ +struct td_boot_parameters { + uint32_t cr0; + uint32_t cr3; + uint32_t cr4; + struct td_boot_parameters_dtr gdtr; + struct td_boot_parameters_dtr idtr; + struct td_per_vcpu_parameters per_vcpu[]; +}; + +#endif /* SELFTEST_TDX_TD_BOOT_H */ diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/td_boot_offsets.c b/to= ols/testing/selftests/kvm/lib/x86/tdx/td_boot_offsets.c new file mode 100644 index 000000000000..7f76a3585b99 --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86/tdx/td_boot_offsets.c @@ -0,0 +1,21 @@ +// SPDX-License-Identifier: GPL-2.0 +#define COMPILE_OFFSETS + +#include + +#include "tdx/td_boot.h" + +static void __attribute__((used)) common(void) +{ + OFFSET(TD_BOOT_PARAMETERS_CR0, td_boot_parameters, cr0); + OFFSET(TD_BOOT_PARAMETERS_CR3, td_boot_parameters, cr3); + OFFSET(TD_BOOT_PARAMETERS_CR4, td_boot_parameters, cr4); + OFFSET(TD_BOOT_PARAMETERS_GDT, td_boot_parameters, gdtr); + OFFSET(TD_BOOT_PARAMETERS_IDT, td_boot_parameters, idtr); + OFFSET(TD_BOOT_PARAMETERS_PER_VCPU, td_boot_parameters, per_vcpu); + OFFSET(TD_PER_VCPU_PARAMETERS_ESP_GVA, td_per_vcpu_parameters, esp_gva); + OFFSET(TD_PER_VCPU_PARAMETERS_GUEST_CODE, td_per_vcpu_parameters, + guest_code); + DEFINE(SIZEOF_TD_PER_VCPU_PARAMETERS, + sizeof(struct td_per_vcpu_parameters)); +} --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0E3A628C5D3 for ; Thu, 4 Sep 2025 06:55:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968917; cv=none; b=XwUkxEvX74dQlLgZ4yPtoMU65eVM48kqBExjMeFIxJi0Q8CTmr/NnsVmYh1OMspeuObjNZNxpXNAoo4PRoqWLdpqlb7O5bNoii35SNnl1/ovv8bCYBUDmDx2LZX4y/1gfVaLIkY+3gxMtEomqmRZlIWiIUVMvGJVPunrx35JVbk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968917; c=relaxed/simple; bh=n+L9vWeyzbQUQZp/RqgYkXX79E/BX1CQXhnoKJC68eU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=lWKP17pwiLvbl61hPOuNXnXrOfA4itXSLfslROm8uEXu3YGOgAcWX4rB92kTnkVPTMSCIND3maFU4/bPNkf6WNFfi/O9cEs2CP8BZ5Qp+ac3JX7niWbvhMKCLorOzJm3910PjZXNcTa694vEKb+fzSx8bqA4iTnpik47pEmpEnQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vWT3YYQk; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vWT3YYQk" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-329745d6b89so1037656a91.1 for ; Wed, 03 Sep 2025 23:55:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968915; x=1757573715; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=SOAKBocMN15a/GPc9+kQ8WwGfS18ZYkBgBZhxajgBOA=; b=vWT3YYQkQuzNB7g36r0nNQMQmMUqlbH/AodLPt3M4TIaVNDGnDUBCZxsuhQ7+VbNPW BqW9Ow/TAwPdkwk9NViQnamufzlX3lxgGNk1GvHcw6aVMyktE0e4GZlmq0A8e1ZnCsuu tiyFeSj/iDHsmd4WvGmBZwZZdFfv2DISMZnxT4HcI/eadCewiXYh07ndFqmhp6p+DrJz 5s1yKQGXDGl2tiu7XzjvOPfv4sxpPK2ufxishyGG6YJ/kyVTTZDzOO52qPYDuA2cQMFW G5n+et/9JxHnEf2tXK04dFeRu9EaA8Aw7iyW6tWoKHb4UaiCyoxiP5QCSizFPJc2lM0/ +ZMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968915; x=1757573715; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=SOAKBocMN15a/GPc9+kQ8WwGfS18ZYkBgBZhxajgBOA=; b=ZJGJM1rIZrgiAjI2J2trvVgCR4PAmJ3MbG+cEFJPeY1lXadUEwgqw24aBUdDJ3OKao jNw9eGDzAPbXG/74aDwwRmMc2ijIQWgf3X/inv+/efM3aCCc+lBvsKXs8sBc+G1uLCPY esBCzxcbfzFLLA6W1G7o8uVL4usz03Ug8Al0mnSRT3B5ASZwlqpkZQakJpBf6672A+nk OOCyHvXsP56BlzlJ/0A9tbA6dXwH2xPVQoV3yH/G+jBU9aiz/WPA9CcgiPvErAVIByjF 5zMfRwyvbfei0ncPSiLki/AIgAxdKjpAjGigMyXGRDC4EO5L7Bt9SbSJCwAU0cmxBbfG 7YQw== X-Gm-Message-State: AOJu0Yxhhhx5/vt58jsFxBYUqMIuoipWMfxhqMu56WreprrEpAEgAj6f 6Atp76vkGGuk5iSeDUUoXkqmgjA4gylXAodQY0C56fidGBNCpoiQdlCZf4KBeBRvpbb7/gzDz3Q hYA== X-Google-Smtp-Source: AGHT+IF/JgzkvqqUvrXqyvg4ttqyVIVVsNkmsuNFfNqAnjTzj0j4TENvTPgfKFid94anRdEttRjKvvvZcA== X-Received: from pjxx3.prod.google.com ([2002:a17:90b:58c3:b0:32b:4de4:2ac9]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:530d:b0:329:ca48:7090 with SMTP id 98e67ed59e1d1-329ca4873c6mr14454454a91.37.1756968915479; Wed, 03 Sep 2025 23:55:15 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:38 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-9-sagis@google.com> Subject: [PATCH v10 08/21] KVM: selftests: Add TDX boot code From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Erdem Aktas Add code to boot a TDX test VM. Since TDX registers are inaccesible to KVM, the boot code loads the relevant values from memory into the registers before jumping to the guest code. Signed-off-by: Erdem Aktas Co-developed-by: Ackerley Tng Signed-off-by: Ackerley Tng Co-developed-by: Sagi Shahar Signed-off-by: Sagi Shahar Reviewed-by: Binbin Wu --- tools/testing/selftests/kvm/Makefile.kvm | 3 + .../selftests/kvm/include/x86/tdx/td_boot.h | 5 ++ .../kvm/include/x86/tdx/td_boot_asm.h | 16 +++++ .../selftests/kvm/lib/x86/tdx/td_boot.S | 60 +++++++++++++++++++ 4 files changed, 84 insertions(+) create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm= .h create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 3f93c093b046..d11d02e17cc5 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -31,6 +31,7 @@ LIBKVM_x86 +=3D lib/x86/sev.c LIBKVM_x86 +=3D lib/x86/svm.c LIBKVM_x86 +=3D lib/x86/ucall.c LIBKVM_x86 +=3D lib/x86/vmx.c +LIBKVM_x86 +=3D lib/x86/tdx/td_boot.S =20 LIBKVM_arm64 +=3D lib/arm64/gic.c LIBKVM_arm64 +=3D lib/arm64/gic_v3.c @@ -336,6 +337,8 @@ $(LIBKVM_ASM_DEFS_OBJ): $(OUTPUT)/%.s: %.c FORCE $(LIBKVM_STRING_OBJ): $(OUTPUT)/%.o: %.c $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c -ffreestanding $< -o $@ =20 +$(OUTPUT)/lib/x86/tdx/td_boot.o: $(OUTPUT)/include/x86/tdx/td_boot_offsets= .h + $(OUTPUT)/include/x86/tdx/td_boot_offsets.h: $(OUTPUT)/lib/x86/tdx/td_boot= _offsets.s FORCE $(call filechk,offsets,__TDX_BOOT_OFFSETS_H__) =20 diff --git a/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h b/tools/= testing/selftests/kvm/include/x86/tdx/td_boot.h index 8eda3ce10220..17c3083da9ca 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/td_boot.h @@ -66,4 +66,9 @@ struct td_boot_parameters { struct td_per_vcpu_parameters per_vcpu[]; }; =20 +void td_boot(void); +void td_boot_code_end(void); + +#define TD_BOOT_CODE_SIZE (td_boot_code_end - td_boot) + #endif /* SELFTEST_TDX_TD_BOOT_H */ diff --git a/tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h b/to= ols/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h new file mode 100644 index 000000000000..10b4b527595c --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86/tdx/td_boot_asm.h @@ -0,0 +1,16 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef SELFTEST_TDX_TD_BOOT_ASM_H +#define SELFTEST_TDX_TD_BOOT_ASM_H + +/* + * GPA where TD boot parameters will be loaded. + * + * TD_BOOT_PARAMETERS_GPA is arbitrarily chosen to + * + * + be within the 4GB address space + * + provide enough contiguous memory for the struct td_boot_parameters su= ch + * that there is one struct td_per_vcpu_parameters for KVM_MAX_VCPUS + */ +#define TD_BOOT_PARAMETERS_GPA 0xffff0000 + +#endif // SELFTEST_TDX_TD_BOOT_ASM_H diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S b/tools/test= ing/selftests/kvm/lib/x86/tdx/td_boot.S new file mode 100644 index 000000000000..7aa33caa9a78 --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86/tdx/td_boot.S @@ -0,0 +1,60 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ + +#include "tdx/td_boot_asm.h" +#include "tdx/td_boot_offsets.h" +#include "processor_asm.h" + +.code32 + +.globl td_boot +td_boot: + /* In this procedure, edi is used as a temporary register. */ + cli + + /* Paging is off. */ + + movl $TD_BOOT_PARAMETERS_GPA, %ebx + + /* + * Find the address of struct td_per_vcpu_parameters for this + * vCPU based on esi (TDX spec: initialized with vCPU id). Put + * struct address into register for indirect addressing. + */ + movl $SIZEOF_TD_PER_VCPU_PARAMETERS, %eax + mul %esi + leal TD_BOOT_PARAMETERS_PER_VCPU(%ebx), %edi + addl %edi, %eax + + /* Setup stack. */ + movl TD_PER_VCPU_PARAMETERS_ESP_GVA(%eax), %esp + + /* Setup GDT. */ + leal TD_BOOT_PARAMETERS_GDT(%ebx), %edi + lgdt (%edi) + + /* Setup IDT. */ + leal TD_BOOT_PARAMETERS_IDT(%ebx), %edi + lidt (%edi) + + /* + * Set up control registers (There are no instructions to mov from + * memory to control registers, hence use edi as a scratch register). + */ + movl TD_BOOT_PARAMETERS_CR4(%ebx), %edi + movl %edi, %cr4 + movl TD_BOOT_PARAMETERS_CR3(%ebx), %edi + movl %edi, %cr3 + movl TD_BOOT_PARAMETERS_CR0(%ebx), %edi + movl %edi, %cr0 + + /* Switching to 64bit mode after ljmp and then jump to guest code */ + ljmp $(KERNEL_CS),$1f +1: + jmp *TD_PER_VCPU_PARAMETERS_GUEST_CODE(%eax) + +/* Leave marker so size of td_boot code can be computed. */ +.globl td_boot_code_end +td_boot_code_end: + +/* Disable executable stack. */ +.section .note.GNU-stack,"",%progbits --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 971F128CF77 for ; Thu, 4 Sep 2025 06:55:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968919; cv=none; b=c9OKHPmM+0HRi/m1ngaqP/OXOQfndAnVh6xREXu7c50dka/7XF6b6eTwthyZmvXMP4TP3Cp/gx6es/lkES1PsAiKDqh2vXtnwVhuuism1MbonSB14L3EGG5fw/3/PSsGXcy0Q3vrNgmb+akmkgFz6RaTw671/SIvJpdUgGxEZ84= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968919; c=relaxed/simple; bh=fl5WFH2pE48prKI9Xye9Kp56WYjFCfdYw5kFeG22K4o=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Y55//ZnCHlXAu17i3fM8xoUCf4QQ0m9jv9DD8E9NWMuIQ3faZx+rmBfudATbbBX5FYZCSdmJxNCu9qr73kXHbqvur5zRqdtocZVaY5l4SWBLCqf1xLkH4MsLOR1EQ6mEZfQLdZfP725xK/eIZ/AJy0g6E6husd3KBW9Ckh0JobI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qu/EDxFo; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qu/EDxFo" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-24c9e2213f8so9977255ad.2 for ; Wed, 03 Sep 2025 23:55:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968917; x=1757573717; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=mbSK0q2wvsUvwJsHeMu0UEX5HMzL8ImDejpjGFji5HE=; b=qu/EDxFoOV4ELyAERC3Qntxd6bkNghnA2r0qmvIeUWNwki4V2b8pm+py5zhzI3oufK 7vHYBNuY1oXYfm67uH/mvuOlDFMNZfJ44f3BSqG4HjxvMuUoeJZhXI3gYNkO/IsafBXw NOht/T8ybr7z+drBQI66MvRu/wvQzKFsrxmipxFRZ77fadmsNpGx/Ev0XVh2oAMLfAQa lVPVZ8dvXALSnhePNPzKvkXsmldLPt7cHpctWI3quH8s2PuLEuMrlqRrLi1/s+nEWEXc 5fL7+Gq76WMOzvvfYhxxBlg7bO6gM/yPIsKzqp2el/PxEgfKRJSxUlvSAJtOi/NY13Ag B92Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968917; x=1757573717; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=mbSK0q2wvsUvwJsHeMu0UEX5HMzL8ImDejpjGFji5HE=; b=FrRrVif69LHzcUdbNVw01IQgM6MudVUBDUrjHlwpTOLKX+2RwYTep+0S7fWleOVdmt 658PATY0YaTmVL1D5RICNjFaXg1cPLk8GedssckCHep9+Gr8MRkyx1O/V1fSXWKoxs3T /KM7CLvjETDRh+ws1ose8TP/h8vhPeSrnNpeB7qNNFaaru8jQY2gAKJAqD+Ani8QfeJo f4dAmKflWlE0XVXImZuE6F3VkJqQJ6zgiLVD0x4Kosugi1QjFeEUmu2zsvdAk1q7ARot IltVcUNmaR3jy5IMgwOaySrmofdf5aHmkkOdqYmokh7yK/nx8jrqkILvspWB5Cs3md1c 1jEg== X-Gm-Message-State: AOJu0YyeLt64VYODPg+LIICB0xPkcXFwdsm1DuqYpf+adw7q5qg58OAn d3+XSFxM3c6nbM3b1rS+92P/Cg3VAc0m4/i9FBTAuJcLIz8x5g2yZyvMKz1F3SwLYm5fUqP45di D5Q== X-Google-Smtp-Source: AGHT+IEIVmyBAsxeMnfR2DE0V7+2eEBlwFJC8ibSKdd/uSqU1DT1NSlXejdciIy1eX1XFGzYaP5WdMeUOQ== X-Received: from pfau2.prod.google.com ([2002:a05:6a00:aa82:b0:76e:1da7:f2ba]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:244c:b0:243:c23c:85cc with SMTP id adf61e73a8af0-243d6ddb139mr26453840637.7.1756968917074; Wed, 03 Sep 2025 23:55:17 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:39 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-10-sagis@google.com> Subject: [PATCH v10 09/21] KVM: selftests: Set up TDX boot code region From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add memory for TDX boot code in a separate memslot. Use virt_map() to get identity map in this memory region to allow for seamless transition from paging disabled to paging enabled code. Copy the boot code into the memory region and set up the reset vectors at this point. While it's possible to separate the memory allocation and boot code initialization into separate functions, having all the calculations for memory size and offsets in one place simplifies the code and avoids duplications. Handcode the reset vector as suggested by Sean Christopherson. Suggested-by: Sean Christopherson Co-developed-by: Erdem Aktas Signed-off-by: Erdem Aktas Signed-off-by: Sagi Shahar Reviewed-by: Binbin Wu --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/include/x86/tdx/tdx_util.h | 2 + .../selftests/kvm/lib/x86/tdx/tdx_util.c | 54 +++++++++++++++++++ 3 files changed, 57 insertions(+) create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index d11d02e17cc5..52c90f1c0484 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -31,6 +31,7 @@ LIBKVM_x86 +=3D lib/x86/sev.c LIBKVM_x86 +=3D lib/x86/svm.c LIBKVM_x86 +=3D lib/x86/ucall.c LIBKVM_x86 +=3D lib/x86/vmx.c +LIBKVM_x86 +=3D lib/x86/tdx/tdx_util.c LIBKVM_x86 +=3D lib/x86/tdx/td_boot.S =20 LIBKVM_arm64 +=3D lib/arm64/gic.c diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools= /testing/selftests/kvm/include/x86/tdx/tdx_util.h index 286d5e3c24b1..ec05bcd59145 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -11,4 +11,6 @@ static inline bool is_tdx_vm(struct kvm_vm *vm) return vm->type =3D=3D KVM_X86_TDX_VM; } =20 +void vm_tdx_setup_boot_code_region(struct kvm_vm *vm); + #endif // SELFTESTS_TDX_TDX_UTIL_H diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/tes= ting/selftests/kvm/lib/x86/tdx/tdx_util.c new file mode 100644 index 000000000000..a1cf12de9d56 --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -0,0 +1,54 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include + +#include "kvm_util.h" +#include "processor.h" +#include "tdx/td_boot.h" +#include "tdx/tdx_util.h" + +/* Arbitrarily selected to avoid overlaps with anything else */ +#define TD_BOOT_CODE_SLOT 20 + +#define X86_RESET_VECTOR 0xfffffff0ul +#define X86_RESET_VECTOR_SIZE 16 + +void vm_tdx_setup_boot_code_region(struct kvm_vm *vm) +{ + size_t total_code_size =3D TD_BOOT_CODE_SIZE + X86_RESET_VECTOR_SIZE; + vm_paddr_t boot_code_gpa =3D X86_RESET_VECTOR - TD_BOOT_CODE_SIZE; + vm_paddr_t alloc_gpa =3D round_down(boot_code_gpa, PAGE_SIZE); + size_t nr_pages =3D DIV_ROUND_UP(total_code_size, PAGE_SIZE); + vm_paddr_t gpa; + uint8_t *hva; + + vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, + alloc_gpa, + TD_BOOT_CODE_SLOT, nr_pages, + KVM_MEM_GUEST_MEMFD); + + gpa =3D vm_phy_pages_alloc(vm, nr_pages, alloc_gpa, TD_BOOT_CODE_SLOT); + TEST_ASSERT(gpa =3D=3D alloc_gpa, "Failed vm_phy_pages_alloc\n"); + + virt_map(vm, alloc_gpa, alloc_gpa, nr_pages); + hva =3D addr_gpa2hva(vm, boot_code_gpa); + memcpy(hva, td_boot, TD_BOOT_CODE_SIZE); + + hva +=3D TD_BOOT_CODE_SIZE; + TEST_ASSERT(hva =3D=3D addr_gpa2hva(vm, X86_RESET_VECTOR), + "Expected RESET vector at hva 0x%lx, got %lx", + (unsigned long)addr_gpa2hva(vm, X86_RESET_VECTOR), (unsigned long)hv= a); + + /* + * Handcode "JMP rel8" at the RESET vector to jump back to the TD boot + * code, as there are only 16 bytes at the RESET vector before RIP will + * wrap back to zero. Insert a trailing int3 so that the vCPU crashes + * in case the JMP somehow falls through. Note! The target address is + * relative to the end of the instruction! + */ + TEST_ASSERT(TD_BOOT_CODE_SIZE + 2 <=3D 128, + "TD boot code not addressable by 'JMP rel8'"); + hva[0] =3D 0xeb; + hva[1] =3D 256 - 2 - TD_BOOT_CODE_SIZE; + hva[2] =3D 0xcc; +} --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F27928FFE7 for ; Thu, 4 Sep 2025 06:55:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968920; cv=none; b=SbikhFt94puwNR+/+NNYe+1EfnEPQdNcFOMlE39wMx1ycdb8pgtA0M5xo78E5FmLM2Tf1Oph30WEj/CSMWhql6cvLofPnlk0e5DYOUS6MFoe790CG7crJpjT9H6FlwVufyDAn3uLiKjbGLXa7OjNMr+w6qlF8Cvph3pDvP/AL98= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968920; c=relaxed/simple; bh=EjU7KXG/u8BDzqWiSLIwzY5YgLrkcSk96k/s3PgaIBo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tWdci+XhVCc16Sb4sGm0+fJ8EfaPK8CRpD1q/oRztf3+Q3i/Q74clGcvm1NNespAA0NF24IYWbC6Tklm6cuAcZ4AqVQbXcMCLzuPMXLzTn7L6u1KsnyJbso0WPdCB0NzMoMJHm8NNO15svwcY16xSam4vfxsfqvFkkmXSVqnYKQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GgvjP2fs; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GgvjP2fs" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-329ee69e7deso666468a91.3 for ; Wed, 03 Sep 2025 23:55:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968919; x=1757573719; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Dgx8Xu0K0l7QI5WLWZT874WzrkjZA4BwF6/XUfU7Kgk=; b=GgvjP2fsnafsPQj5ldQ6TWBIiyCVIR1an0UK/O8Lv3EXZbPnC/HxC7JV0Q5IxtyDdF iSQMZANuh4Q1gEU4jt4AVHguVD1D3ViYr1lDtQkRJviLV16tljy9qB5obD84hGH3uHRw OUFDlE3Y2yKu40/4N6//Q6RwoxGLDAJckO3DSteaMTwKIPryXF5FTEmXm6yPryxr+lMh 3w5eJXMTAtXBpDCpbqvMEdEHr60jXxNn2EgFjWzP62NYynu2gUQ2Cu9goShL+xZ3mGci /YMaLVyhoL6tXRI8sbN3NneNxxMG06nfLHA/MoxlLBQ55CCGnFp1glq9P6gChoAf9xCU 9DMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968919; x=1757573719; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Dgx8Xu0K0l7QI5WLWZT874WzrkjZA4BwF6/XUfU7Kgk=; b=wiVH6q+IOiu0t17kmirkprsfJYZryQdxB0AEICQY2y5ASDGBtDTplc9uox9QrzUTfu tp7C0LZAjoS+WsLijaqpNOJCy5AJ/vhxITE3YWl5PBq2CEJBihyDGOfW2ph1MKRpT3xs 0GxB29kl37ezc0yeRoMcJiKF+M5ICMXvOZ4PeKhIYgxT2yq26+Dab1IGsDG9tqnqMuZG ZCTtj5QuzYL1KL92X7fkrPSvUjUcrP4JI8OCbjpqgb9Li8WtF5EnAknzX0cxaQvHrmW8 ucGYQI2/z6GokgRY/VPB5pgdDvf26Wk6Fb37McivCnEMTCLFXOa8pXfyMBYS5KZyfdxw PVdg== X-Gm-Message-State: AOJu0Yz5tOOMj3XcDYn5EqzWFhWAehKEk3Opbz7+OkDYT9rwqHBUh9Bo lVDmGv7KQTKngnVmAVgGS4CDyNOsyW0Pcj/G5333F8BDMojWe1T53dLIedfzbAZqbydbtY+r7hW +3Q== X-Google-Smtp-Source: AGHT+IEDD0RpQidmxQgchdEDviTmdvlzKZbtFlp08ExqfbX8gfhH6zR2n2zVMd0EWyK22yxxdHJme2n8bw== X-Received: from pjboh15.prod.google.com ([2002:a17:90b:3a4f:b0:32b:827b:f76e]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:d54d:b0:248:f30e:6a10 with SMTP id d9443c01a7336-24944ab8c9cmr239531135ad.35.1756968918676; Wed, 03 Sep 2025 23:55:18 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:40 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-11-sagis@google.com> Subject: [PATCH v10 10/21] KVM: selftests: Set up TDX boot parameters region From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Allocate memory for TDX boot parameters and define the utility functions necessary to fill this memory with the boot parameters. Co-developed-by: Ackerley Tng Signed-off-by: Ackerley Tng Signed-off-by: Sagi Shahar --- .../selftests/kvm/include/x86/tdx/tdx_util.h | 4 + .../selftests/kvm/lib/x86/tdx/tdx_util.c | 75 +++++++++++++++++++ 2 files changed, 79 insertions(+) diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools= /testing/selftests/kvm/include/x86/tdx/tdx_util.h index ec05bcd59145..dafdc7e46abe 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -12,5 +12,9 @@ static inline bool is_tdx_vm(struct kvm_vm *vm) } =20 void vm_tdx_setup_boot_code_region(struct kvm_vm *vm); +void vm_tdx_setup_boot_parameters_region(struct kvm_vm *vm, uint32_t nr_ru= nnable_vcpus); +void vm_tdx_load_common_boot_parameters(struct kvm_vm *vm); +void vm_tdx_load_vcpu_boot_parameters(struct kvm_vm *vm, struct kvm_vcpu *= vcpu); +void vm_tdx_set_vcpu_entry_point(struct kvm_vcpu *vcpu, void *guest_code); =20 #endif // SELFTESTS_TDX_TDX_UTIL_H diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/tes= ting/selftests/kvm/lib/x86/tdx/tdx_util.c index a1cf12de9d56..ff61333bc848 100644 --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -5,10 +5,12 @@ #include "kvm_util.h" #include "processor.h" #include "tdx/td_boot.h" +#include "tdx/td_boot_asm.h" #include "tdx/tdx_util.h" =20 /* Arbitrarily selected to avoid overlaps with anything else */ #define TD_BOOT_CODE_SLOT 20 +#define TD_BOOT_PARAMETERS_SLOT 21 =20 #define X86_RESET_VECTOR 0xfffffff0ul #define X86_RESET_VECTOR_SIZE 16 @@ -52,3 +54,76 @@ void vm_tdx_setup_boot_code_region(struct kvm_vm *vm) hva[1] =3D 256 - 2 - TD_BOOT_CODE_SIZE; hva[2] =3D 0xcc; } + +void vm_tdx_setup_boot_parameters_region(struct kvm_vm *vm, uint32_t nr_ru= nnable_vcpus) +{ + size_t boot_params_size =3D + sizeof(struct td_boot_parameters) + + nr_runnable_vcpus * sizeof(struct td_per_vcpu_parameters); + int npages =3D DIV_ROUND_UP(boot_params_size, PAGE_SIZE); + vm_paddr_t gpa; + + vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, + TD_BOOT_PARAMETERS_GPA, + TD_BOOT_PARAMETERS_SLOT, npages, + KVM_MEM_GUEST_MEMFD); + gpa =3D vm_phy_pages_alloc(vm, npages, TD_BOOT_PARAMETERS_GPA, TD_BOOT_PA= RAMETERS_SLOT); + TEST_ASSERT(gpa =3D=3D TD_BOOT_PARAMETERS_GPA, "Failed vm_phy_pages_alloc= \n"); + + virt_map(vm, TD_BOOT_PARAMETERS_GPA, TD_BOOT_PARAMETERS_GPA, npages); +} + +void vm_tdx_load_common_boot_parameters(struct kvm_vm *vm) +{ + struct td_boot_parameters *params =3D + addr_gpa2hva(vm, TD_BOOT_PARAMETERS_GPA); + uint32_t cr4; + + TEST_ASSERT_EQ(vm->mode, VM_MODE_PXXV48_4K); + + cr4 =3D kvm_get_default_cr4(); + + /* TDX spec 11.6.2: CR4 bit MCE is fixed to 1 */ + cr4 |=3D X86_CR4_MCE; + + /* Set this because UEFI also sets this up, to handle XMM exceptions */ + cr4 |=3D X86_CR4_OSXMMEXCPT; + + /* TDX spec 11.6.2: CR4 bit VMXE and SMXE are fixed to 0 */ + cr4 &=3D ~(X86_CR4_VMXE | X86_CR4_SMXE); + + /* Set parameters! */ + params->cr0 =3D kvm_get_default_cr0(); + params->cr3 =3D vm->pgd; + params->cr4 =3D cr4; + params->idtr.base =3D vm->arch.idt; + params->idtr.limit =3D kvm_get_default_idt_limit(); + params->gdtr.base =3D vm->arch.gdt; + params->gdtr.limit =3D kvm_get_default_gdt_limit(); + + TEST_ASSERT(params->cr0 !=3D 0, "cr0 should not be 0"); + TEST_ASSERT(params->cr3 !=3D 0, "cr3 should not be 0"); + TEST_ASSERT(params->cr4 !=3D 0, "cr4 should not be 0"); + TEST_ASSERT(params->gdtr.base !=3D 0, "gdt base address should not be 0"); + TEST_ASSERT(params->idtr.base !=3D 0, "idt base address should not be 0"); +} + +void vm_tdx_load_vcpu_boot_parameters(struct kvm_vm *vm, struct kvm_vcpu *= vcpu) +{ + struct td_boot_parameters *params =3D + addr_gpa2hva(vm, TD_BOOT_PARAMETERS_GPA); + struct td_per_vcpu_parameters *vcpu_params =3D + ¶ms->per_vcpu[vcpu->id]; + + vcpu_params->esp_gva =3D kvm_allocate_vcpu_stack(vm); +} + +void vm_tdx_set_vcpu_entry_point(struct kvm_vcpu *vcpu, void *guest_code) +{ + struct td_boot_parameters *params =3D + addr_gpa2hva(vcpu->vm, TD_BOOT_PARAMETERS_GPA); + struct td_per_vcpu_parameters *vcpu_params =3D + ¶ms->per_vcpu[vcpu->id]; + + vcpu_params->guest_code =3D (uint64_t)guest_code; +} --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A7A7F296BA2 for ; Thu, 4 Sep 2025 06:55:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968922; cv=none; b=td+cDa7FlGpWLEgACej6CEnDHgL6V8pRuw+pARFF2GgBjgI1j1HU4MlN4wM/SqG1itIA8xTLtB5k3xdOh3AcOT67fPLJ679WVOg6a8cI6C6u6sqz7oFlXVhD8m3NwjhiO0ad4jgzlYi/uuQr3eLkHJ7jbITLqI1JD641l8RGF2w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968922; c=relaxed/simple; bh=DsOMXiVoMzD7AjveM4os7tdOwV3YpbNGpBZ+UsnN0/k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=AQhoGPlsU9vuCb08XntwE960sMx+Q86+lAlBlFfSm3ZyXx+kQ+jTMQM4cQSw/6oW42uZHeQWUA2c/bg62HTfP0cbqaQSvyk+Fxk5iYenhqmLw3OlETr6w8JnqQ+wtbdDnj9q+AvEM7bYa7l6hlx8QfLOKVuF71Oo79JJaMipHrU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qWQDuyD/; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qWQDuyD/" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-32b58eeb874so605263a91.3 for ; Wed, 03 Sep 2025 23:55:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968920; x=1757573720; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=FDaZx4H9qbNOCPJR00gXyS56Y7NvQgh76OJPTkrUQig=; b=qWQDuyD/qBPabd13NsMt4lQL6jyNbe66Tn2CEmQNtNSgH9ETAWPNuimGpiVcES3Sln JQ7BdQYZpFYgHUQX1fpXhThKL0WcnRwKdIU7zoukjGl4YGminvbc6jr5Yi1pdtsjtaiY ctDQ+bV20eVrzbAAN5VUYMWgyvy5l4odfad5CuZO2Rqo4tV2Vykz1Qrs8YGunVpEJ4Lk y8+x6okmBl65rb0dvFOGR2cFzohe9LyffixNRQ7WNNqqrXw7gV60EpAa5BWISmhI65pV cLtVbN+tYLFBeKo17a5GVy8nUzs1D8JhO3zL4aVm/PGpXGRRqj5iEren83fqz2Hu3qUg k8Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968920; x=1757573720; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=FDaZx4H9qbNOCPJR00gXyS56Y7NvQgh76OJPTkrUQig=; b=nedAt7aZzYsxZnOqSM7AtKeYgifgDHBC9+W8SCUt+a6CTrWC/WS53sA4LR9NmGvfQI gvQR5xn3jE/EjV2NoSCr0Fc6EYEvIJ4Awamoqs7AQY7z0UrufgZjanTJq9fedS4bTLKk DJgazRgGTrhUVmE8RpIP2xPVfqnlLJrjBFIPpC6dZ1VnsfUsmgfA8CC6NAhfdtd9G1Gm psqUkESVQRhfKqra1tMNyA9RorAp5Ts6bTBo6qqoYZ6gCIq53x8XtkqoU/coIHMKLVE6 umFtQnMli7oO09yj85vZN4zMYjix6+ByMxcfvsI17xsoyW7+k6Te375krosi3xfJdbvz E3sA== X-Gm-Message-State: AOJu0YzCP4H+EVikBhMNdIRYE5y70eXisv6/6U5xWlZjk04VoKxhAyLo sKQ4fjLVCURs3lpOiTkQdM8pZ+Q9oYhaYkCRlDQignNUMgpDzQ511mnCjjxzuvFEOwpoSeNz/D4 wUg== X-Google-Smtp-Source: AGHT+IFwkf7FIzU9KeSXQcb1R3yIatVLrOEcgEEjvXReXde8fLVjRfRLB+K0+EJVwCWgTd750O/qpZWEUg== X-Received: from pjbcz11.prod.google.com ([2002:a17:90a:d44b:b0:324:e6a7:84ce]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:3809:b0:329:dff0:701b with SMTP id 98e67ed59e1d1-329dff070c6mr14129656a91.17.1756968920139; Wed, 03 Sep 2025 23:55:20 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:41 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-12-sagis@google.com> Subject: [PATCH v10 11/21] KVM: selftests: Add helper to initialize TDX VM From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" KVM_TDX_INIT_VM needs to be called after KVM_CREATE_VM and before creating any VCPUs, thus before KVM_SET_CPUID2. KVM_TDX_INIT_VM accepts the CPUID values directly. Since KVM_GET_CPUID2 can't be used at this point, calculate the CPUID values manually by using kvm_get_supported_cpuid() and filter the returned CPUIDs against the supported CPUID values read from the TDX module. Co-developed-by: Isaku Yamahata Signed-off-by: Isaku Yamahata Co-developed-by: Rick Edgecombe Signed-off-by: Rick Edgecombe Signed-off-by: Sagi Shahar --- .../selftests/kvm/include/x86/tdx/tdx_util.h | 54 +++++++ .../selftests/kvm/lib/x86/tdx/tdx_util.c | 132 ++++++++++++++++++ 2 files changed, 186 insertions(+) diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools= /testing/selftests/kvm/include/x86/tdx/tdx_util.h index dafdc7e46abe..a2509959c7ce 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -11,6 +11,60 @@ static inline bool is_tdx_vm(struct kvm_vm *vm) return vm->type =3D=3D KVM_X86_TDX_VM; } =20 +/* + * TDX ioctls + */ + +#define __vm_tdx_vm_ioctl(vm, cmd, metadata, arg) \ +({ \ + int r; \ + \ + union { \ + struct kvm_tdx_cmd c; \ + unsigned long raw; \ + } tdx_cmd =3D { .c =3D { \ + .id =3D (cmd), \ + .flags =3D (uint32_t)(metadata), \ + .data =3D (uint64_t)(arg), \ + } }; \ + \ + r =3D __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd.raw); \ + r ?: tdx_cmd.c.hw_error; \ +}) + +#define vm_tdx_vm_ioctl(vm, cmd, flags, arg) \ +({ \ + int ret =3D __vm_tdx_vm_ioctl(vm, cmd, flags, arg); \ + \ + __TEST_ASSERT_VM_VCPU_IOCTL(!ret, #cmd, ret, vm); \ +}) + +#define __vm_tdx_vcpu_ioctl(vcpu, cmd, metadata, arg) \ +({ \ + int r; \ + \ + union { \ + struct kvm_tdx_cmd c; \ + unsigned long raw; \ + } tdx_cmd =3D { .c =3D { \ + .id =3D (cmd), \ + .flags =3D (uint32_t)(metadata), \ + .data =3D (uint64_t)(arg), \ + } }; \ + \ + r =3D __vcpu_ioctl(vcpu, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd.raw); \ + r ?: tdx_cmd.c.hw_error; \ +}) + +#define vm_tdx_vcpu_ioctl(vcpu, cmd, flags, arg) \ +({ \ + int ret =3D __vm_tdx_vcpu_ioctl(vcpu, cmd, flags, arg); \ + \ + __TEST_ASSERT_VM_VCPU_IOCTL(!ret, #cmd, ret, (vcpu)->vm); \ +}) + +void vm_tdx_init_vm(struct kvm_vm *vm, uint64_t attributes); + void vm_tdx_setup_boot_code_region(struct kvm_vm *vm); void vm_tdx_setup_boot_parameters_region(struct kvm_vm *vm, uint32_t nr_ru= nnable_vcpus); void vm_tdx_load_common_boot_parameters(struct kvm_vm *vm); diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/tes= ting/selftests/kvm/lib/x86/tdx/tdx_util.c index ff61333bc848..aa0cb6c2205b 100644 --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -127,3 +127,135 @@ void vm_tdx_set_vcpu_entry_point(struct kvm_vcpu *vcp= u, void *guest_code) =20 vcpu_params->guest_code =3D (uint64_t)guest_code; } + +static struct kvm_tdx_capabilities *tdx_read_capabilities(struct kvm_vm *v= m) +{ + struct kvm_tdx_capabilities *tdx_cap =3D NULL; + int nr_cpuid_configs =3D 4; + int rc =3D -1; + int i; + + do { + nr_cpuid_configs *=3D 2; + + tdx_cap =3D realloc(tdx_cap, sizeof(*tdx_cap) + + sizeof(tdx_cap->cpuid) + + (sizeof(struct kvm_cpuid_entry2) * nr_cpuid_configs)); + TEST_ASSERT(tdx_cap, + "Could not allocate memory for tdx capability nr_cpuid_configs %d\n= ", + nr_cpuid_configs); + + tdx_cap->cpuid.nent =3D nr_cpuid_configs; + rc =3D __vm_tdx_vm_ioctl(vm, KVM_TDX_CAPABILITIES, 0, tdx_cap); + } while (rc < 0 && errno =3D=3D E2BIG); + + TEST_ASSERT(rc =3D=3D 0, "KVM_TDX_CAPABILITIES failed: %d %d", + rc, errno); + + pr_debug("tdx_cap: supported_attrs: 0x%016llx\n" + "tdx_cap: supported_xfam 0x%016llx\n", + tdx_cap->supported_attrs, tdx_cap->supported_xfam); + + for (i =3D 0; i < tdx_cap->cpuid.nent; i++) { + const struct kvm_cpuid_entry2 *config =3D &tdx_cap->cpuid.entries[i]; + + pr_debug("cpuid config[%d]: leaf 0x%x sub_leaf 0x%x eax 0x%08x ebx 0x%08= x ecx 0x%08x edx 0x%08x\n", + i, config->function, config->index, + config->eax, config->ebx, config->ecx, config->edx); + } + + return tdx_cap; +} + +static struct kvm_cpuid_entry2 *tdx_find_cpuid_config(struct kvm_tdx_capab= ilities *cap, + uint32_t leaf, uint32_t sub_leaf) +{ + struct kvm_cpuid_entry2 *config; + uint32_t i; + + for (i =3D 0; i < cap->cpuid.nent; i++) { + config =3D &cap->cpuid.entries[i]; + + if (config->function =3D=3D leaf && config->index =3D=3D sub_leaf) + return config; + } + + return NULL; +} + +/* + * Filter CPUID based on TDX supported capabilities + * + * Input Args: + * vm - Virtual Machine + * cpuid_data - CPUID fileds to filter + * + * Output Args: None + * + * Return: None + * + * For each CPUID leaf, filter out non-supported bits based on the capabil= ities reported + * by the TDX module + */ +static void vm_tdx_filter_cpuid(struct kvm_vm *vm, + struct kvm_cpuid2 *cpuid_data) +{ + struct kvm_tdx_capabilities *tdx_cap; + struct kvm_cpuid_entry2 *config; + struct kvm_cpuid_entry2 *e; + int i; + + tdx_cap =3D tdx_read_capabilities(vm); + + i =3D 0; + while (i < cpuid_data->nent) { + e =3D cpuid_data->entries + i; + config =3D tdx_find_cpuid_config(tdx_cap, e->function, e->index); + + if (!config) { + int left =3D cpuid_data->nent - i - 1; + + if (left > 0) + memmove(cpuid_data->entries + i, + cpuid_data->entries + i + 1, + sizeof(*cpuid_data->entries) * left); + cpuid_data->nent--; + continue; + } + + e->eax &=3D config->eax; + e->ebx &=3D config->ebx; + e->ecx &=3D config->ecx; + e->edx &=3D config->edx; + + i++; + } + + free(tdx_cap); +} + +void vm_tdx_init_vm(struct kvm_vm *vm, uint64_t attributes) +{ + struct kvm_tdx_init_vm *init_vm; + const struct kvm_cpuid2 *tmp; + struct kvm_cpuid2 *cpuid; + + tmp =3D kvm_get_supported_cpuid(); + + cpuid =3D allocate_kvm_cpuid2(MAX_NR_CPUID_ENTRIES); + memcpy(cpuid, tmp, kvm_cpuid2_size(tmp->nent)); + vm_tdx_filter_cpuid(vm, cpuid); + + init_vm =3D calloc(1, sizeof(*init_vm) + + sizeof(init_vm->cpuid.entries[0]) * cpuid->nent); + TEST_ASSERT(init_vm, "init_vm allocation failed"); + + memcpy(&init_vm->cpuid, cpuid, kvm_cpuid2_size(cpuid->nent)); + free(cpuid); + + init_vm->attributes =3D attributes; + + vm_tdx_vm_ioctl(vm, KVM_TDX_INIT_VM, 0, init_vm); + + free(init_vm); +} --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1349B29293D for ; Thu, 4 Sep 2025 06:55:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968923; cv=none; b=UwUJnH39PUYbYDPCSPtmB3XbOXsWbqBdBwrW1NRMPR9xjPGk3zlZ+brd/ZTLv871Gk932MWVLzRrJVTmOTAtCaacJu4xvIeRXsUrWMaR5iydnDin2h6zFiIPLYIzNWY/EtzYxE2y0ElA0xGGSI1X5Pu7HxW6tCb3D4POt78R6mw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968923; c=relaxed/simple; bh=aonB/eCuRYccRY3VvDhmGFtx766iDhuLel2iFuyfPvg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Gi3swZAVwlnynZ7hcFqQgKtHbtEHAt4lwl1KN3y9tNwXmD4s5pbuYvuw3KpZWB5SjOTMVsMRDY4Mm3TyUKvMkYmBKC7TQafDQJyu+UOaR0subucxy6j1BpkP4aWS9T8QjL0whd3z8LydEqC51frUb34dLuxHVa41zhdpRZ238Mo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=GHDsK5Ms; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="GHDsK5Ms" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-329745d6960so621029a91.0 for ; Wed, 03 Sep 2025 23:55:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968921; x=1757573721; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qvz/RUhUzWK3YIgJJiz6JbOWQToi8UuNVcz+/1d9b6I=; b=GHDsK5MsAxRggN8MPd96QUG9UIUHn0pfsyYCtpnYrmhrkYwsD7hM/fiV8KOnCNdW5P SkmlnxQ2KYca14SgJZFcHUenorcWwYIFOtLKkVB4mekRmjHLw9bw8qJZpMquwroZFlaZ 3YLbjb/YlGpGw+a7gii08gCHzdeiBzcuisBMxXXBTt0tdQkja4kdvxYBIKpZRYVHUs85 lSy4GsKD7w67dQe0UX1e1TmkC+46ThiFg/DJPL9VrbbNSzczmgIlzf3bnQP3BxD8zJTi QOavwF8T7pyUoKD95LTIg0vJF0P0TnrFLS+2HKr3AcUgcgRMmo6U8Yda1rS+JWpr6Vuh gc+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968921; x=1757573721; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qvz/RUhUzWK3YIgJJiz6JbOWQToi8UuNVcz+/1d9b6I=; b=eHmSNwR+l3ckBU9uWY+NOnIAqMdNqklsKM9ayO5g6ijwfgZQKdrrhg+ycr9tcQdks3 nXrROpUlWO584qZo75q6RumvFrf9Y3JjqXzUeAlAPkJ9H10Kewg1E88bQgvgXuFw1ByX 8cnia7zozxYlz6O25NxyOswzS+yUwtVi91lWPy6sJYMQ3JCl/G/Q8OsyFIx8AS2Q8APA MfbfTDW1u1PQK1/6FGE57GpPPXnO+co4mKBdZedIkXD6sjZbadRfk0BCmoFVstCaHHms aLfDSRwkbjLxmQcaIZqYP0g6/EPH8Pv944UGSK9YlIW++LmCIeQEO7QLKKANzN4W8+3e g7VQ== X-Gm-Message-State: AOJu0Yyt7F6/YEozhs8F85/w48lLYYo7cZkTkureD7+iyX4TJ8MMJw9Y R1tfP2xjoGXWUH0gtRnwh1eGuZWU5uDbNxcHmnn5NiOM89ueOkAOrQXnUS6B8aa8adBlI670vV7 Qug== X-Google-Smtp-Source: AGHT+IHOjWuQK34dUf4IdxwrpKRnSqRG6X0hBaPJ0I2Ra4SwU/ya2UpxFzedgGOgdGACsTrDLh7HJK5caQ== X-Received: from pjbse15.prod.google.com ([2002:a17:90b:518f:b0:32b:95bb:dbc]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:570d:b0:329:f535:6e3c with SMTP id 98e67ed59e1d1-329f5356ef7mr10386542a91.35.1756968921579; Wed, 03 Sep 2025 23:55:21 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:42 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-13-sagis@google.com> Subject: [PATCH v10 12/21] KVM: selftests: TDX: Use KVM_TDX_CAPABILITIES to validate TDs' attribute configuration From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Isaku Yamahata Make sure that all the attributes enabled by the test are reported as supported by the TDX module. This also exercises the KVM_TDX_CAPABILITIES ioctl. Signed-off-by: Isaku Yamahata Co-developed-by: Sagi Shahar Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/tes= ting/selftests/kvm/lib/x86/tdx/tdx_util.c index aa0cb6c2205b..1b5c01faf1cd 100644 --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -234,6 +234,18 @@ static void vm_tdx_filter_cpuid(struct kvm_vm *vm, free(tdx_cap); } =20 +static void tdx_check_attributes(struct kvm_vm *vm, uint64_t attributes) +{ + struct kvm_tdx_capabilities *tdx_cap; + + tdx_cap =3D tdx_read_capabilities(vm); + + /* Make sure all the attributes are reported as supported by the TDX modu= le */ + TEST_ASSERT_EQ(attributes & tdx_cap->supported_attrs, attributes); + + free(tdx_cap); +} + void vm_tdx_init_vm(struct kvm_vm *vm, uint64_t attributes) { struct kvm_tdx_init_vm *init_vm; @@ -253,6 +265,8 @@ void vm_tdx_init_vm(struct kvm_vm *vm, uint64_t attribu= tes) memcpy(&init_vm->cpuid, cpuid, kvm_cpuid2_size(cpuid->nent)); free(cpuid); =20 + tdx_check_attributes(vm, attributes); + init_vm->attributes =3D attributes; =20 vm_tdx_vm_ioctl(vm, KVM_TDX_INIT_VM, 0, init_vm); --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9DFA7299948 for ; Thu, 4 Sep 2025 06:55:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968925; cv=none; b=VohpKrTyjVAbyDI5LjE6EF/bVbdZ8ic0b8OKigIxtt7ksq6v8J90Aln8KgxR1sZJtPmFTi+CYR5Hbe9WpEA58+XFN+yJ7o4SCxpAfa1GSV7kqdMxS3+WJeKRF6XTwcYkIGYadV4KgB2A4s2IXClv5XU27eJ0K1u6zGEFiyRrN/I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968925; c=relaxed/simple; bh=GeCmIZcp73sN4bfgUEfC130l9bcLrxWIZQUoDTJWL1U=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=k8VlAxFSWl8uai4LrMXR63ENVens0mGFbHPs/Wtwc6LPGoXsoZV8nyG39Y+SzC6hpfFMXTeuMK96NuwhzCAB+Tsntfd/Nf3YsokVvgkLmlolfW13LDqe6gCmE8kdukhIOfzGGUfEBZx8wMbOUSlbQueh+ls/RcLJdpuT31/En2k= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=KBkF1H2F; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="KBkF1H2F" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-b47174c65b0so875662a12.2 for ; Wed, 03 Sep 2025 23:55:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968923; x=1757573723; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=NlHmyC/s2DMAn4LeE4kWGtmiYzzcSa5Wh+lZGt38VW0=; b=KBkF1H2FUITBXxNjfkhEI+4ye7TYibkiqkRYtXLgLAINJioYe7VrDcB2e0cvEvWXqD Ps89GW/WqG/x7C5m3AEyekupgO2CK7sBPhq/KJ6mmn18rzJlqp5/IvdptRpvwvC3JmCJ nFx+fJmzs8n/SFkcItBUEfaq5B/Y+1qh47DfNsS+YPUD0oHl6xshVoMJx+8oEXQxiVnU xJLdqHRYk9NPakR3WumBPcuI1Rd/l0DSVfM1zmW5Yrk9K+Q5KuY7gJRM0603c+YE3Mml YOzOdiL0TjcXvaaA9kwM8QlgzNMV4hEpovWqQciN5vFFollH3rcqTtdyYsjHFNO2RX3H J9rA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968923; x=1757573723; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=NlHmyC/s2DMAn4LeE4kWGtmiYzzcSa5Wh+lZGt38VW0=; b=FdteNs7tlDFJjp5JQyxdpoS9PK+gwnXxuTfA/x8zfmQhXsD0jbQy4L/58nOcMtB7E0 spU2gd8m/5C5y1YUxRQevwuXBH2dXv0Uo8EdwZ7nypogZdHuPiWn43JTVpfNet9TY6FU EUyn+sO+c4xYTk+0yEqjxuvh/p9t5/hnKlcPrD/RT3+IDdk977h4zxeEgg2Ed8BofJ0M fgktudzKpmlA8UW5n/7EtfLlAXm8cvDgOXstirpLNQ+5Ggt3XKEpkAjj+PwWN7UkWVvb zKW49nTWu7byPBYvc6O3VyHNuX2DW3GrHL0CTfZiORD7ky/GyjxJKXE1Fa4KPnpPSIi/ cXgQ== X-Gm-Message-State: AOJu0Yyfc136snKokND/keMQzNu3DGVQa79WuvyeYGd2UdWJO/D63Dua Kbq2omXMYLcy81yTea0jfyzknLQyfwIVCXvjcZ9/VxQh+RwGAbR8f5BH7HKXqKK28dvpjPUwNVb 0QA== X-Google-Smtp-Source: AGHT+IFMenAkmxXYl1G7PJiglG5TLw/xUAw89iop9i9/oF33+c4PpyUOod1RcjChgVfS6I66JQJF7Gpydg== X-Received: from pfbbv7.prod.google.com ([2002:a05:6a00:4147:b0:772:46da:4dd1]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:33a9:b0:24c:1f78:1803 with SMTP id adf61e73a8af0-24c1f783314mr1248402637.38.1756968923008; Wed, 03 Sep 2025 23:55:23 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:43 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-14-sagis@google.com> Subject: [PATCH v10 13/21] KVM: selftests: Add helpers to init TDX memory and finalize VM From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ackerley Tng TDX protected memory needs to be measured and encrypted before it can be used by the guest. Traverse the VM's memory regions and initialize all the protected ranges by calling KVM_TDX_INIT_MEM_REGION. Once all the memory is initialized, the VM can be finalized by calling KVM_TDX_FINALIZE_VM. Signed-off-by: Ackerley Tng Co-developed-by: Erdem Aktas Signed-off-by: Erdem Aktas Co-developed-by: Sagi Shahar Signed-off-by: Sagi Shahar --- .../selftests/kvm/include/x86/tdx/tdx_util.h | 2 + .../selftests/kvm/lib/x86/tdx/tdx_util.c | 61 +++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools= /testing/selftests/kvm/include/x86/tdx/tdx_util.h index a2509959c7ce..2467b6c35557 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -71,4 +71,6 @@ void vm_tdx_load_common_boot_parameters(struct kvm_vm *vm= ); void vm_tdx_load_vcpu_boot_parameters(struct kvm_vm *vm, struct kvm_vcpu *= vcpu); void vm_tdx_set_vcpu_entry_point(struct kvm_vcpu *vcpu, void *guest_code); =20 +void vm_tdx_finalize(struct kvm_vm *vm); + #endif // SELFTESTS_TDX_TDX_UTIL_H diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/tes= ting/selftests/kvm/lib/x86/tdx/tdx_util.c index 1b5c01faf1cd..d5df2de81a75 100644 --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -273,3 +273,64 @@ void vm_tdx_init_vm(struct kvm_vm *vm, uint64_t attrib= utes) =20 free(init_vm); } + +static void tdx_init_mem_region(struct kvm_vm *vm, void *source_pages, + uint64_t gpa, uint64_t size) +{ + uint32_t metadata =3D KVM_TDX_MEASURE_MEMORY_REGION; + struct kvm_tdx_init_mem_region mem_region =3D { + .source_addr =3D (uint64_t)source_pages, + .gpa =3D gpa, + .nr_pages =3D size / PAGE_SIZE, + }; + struct kvm_vcpu *vcpu; + + vcpu =3D list_first_entry_or_null(&vm->vcpus, struct kvm_vcpu, list); + + TEST_ASSERT((mem_region.nr_pages > 0) && + ((mem_region.nr_pages * PAGE_SIZE) =3D=3D size), + "Cannot add partial pages to the guest memory.\n"); + TEST_ASSERT(((uint64_t)source_pages & (PAGE_SIZE - 1)) =3D=3D 0, + "Source memory buffer is not page aligned\n"); + vm_tdx_vcpu_ioctl(vcpu, KVM_TDX_INIT_MEM_REGION, metadata, &mem_region); +} + +static void load_td_private_memory(struct kvm_vm *vm) +{ + struct userspace_mem_region *region; + int ctr; + + hash_for_each(vm->regions.slot_hash, ctr, region, slot_node) { + const struct sparsebit *protected_pages =3D region->protected_phy_pages; + const vm_paddr_t gpa_base =3D region->region.guest_phys_addr; + const uint64_t hva_base =3D region->region.userspace_addr; + const sparsebit_idx_t lowest_page_in_region =3D gpa_base >> vm->page_shi= ft; + + sparsebit_idx_t i; + sparsebit_idx_t j; + + if (!sparsebit_any_set(protected_pages)) + continue; + + TEST_ASSERT(region->region.guest_memfd !=3D -1, + "TD private memory must be backed by guest_memfd"); + + sparsebit_for_each_set_range(protected_pages, i, j) { + const uint64_t size_to_load =3D (j - i + 1) * vm->page_size; + const uint64_t offset =3D + (i - lowest_page_in_region) * vm->page_size; + const uint64_t hva =3D hva_base + offset; + const uint64_t gpa =3D gpa_base + offset; + + vm_set_memory_attributes(vm, gpa, size_to_load, + KVM_MEMORY_ATTRIBUTE_PRIVATE); + tdx_init_mem_region(vm, (void *)hva, gpa, size_to_load); + } + } +} + +void vm_tdx_finalize(struct kvm_vm *vm) +{ + load_td_private_memory(vm); + vm_tdx_vm_ioctl(vm, KVM_TDX_FINALIZE_VM, 0, NULL); +} --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4384129AB11 for ; Thu, 4 Sep 2025 06:55:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968926; cv=none; b=fzXZ+JwZTVs6lrRixUdAsokHzdgGCOlZ10s1adTYaruZFTmFj3T9ZdhHiD4LSlNnQG5sw1wwtiOVyASDrIcIS6SVDcG3WseeiorPFN1JDetXluBy0zG2FD6luuDjaQrAacB/pJOdEE+Mtu7aSi3npjzMyaIow5WiUYihqV2k0L4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968926; c=relaxed/simple; bh=kdmXN70NkCarKlPiM7rjh7lKLuyNoeGTY57Ar9pmI1k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=r59OcCecozr3rNc91tULyRU1cdomlIggSs3DaQyQHQKmlWJ7AWbBtH6cTxTTZRY+oshn/TMP98A/KWRH9F5m1Hdzo5w9JGLFEaeNfS7L34COXhQ5HK2Np8T24csN5SkhhnV8qvlAjwRg9QyNSFfCExQ+WPDQ+iSuG6WU0sw5jZc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=4VbrBfsf; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="4VbrBfsf" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-b47174c65b0so875684a12.2 for ; Wed, 03 Sep 2025 23:55:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968924; x=1757573724; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=YqMpdEsUV2fviIjFSLurfARDNWwMLyzNa0D38zVRRV4=; b=4VbrBfsfq5xdoOu8ahuhN3hs+2zXZGA4GvqWDS/m5v1HVqPzy0pEi6axeQfI5LtcrA KcxVnumuBgba7LpP/4ZyhkD2Y7tqQLWwV+3s+c/gx5SwBQ0J7SCzzACF0gt/jbiqQfbR ToPPRWMVNy4fkOWLFLdJ8Bh7k1jxM9e4Krd3TdjLs/Ngvxea/gqnWfoNzXHoLrEIaXs/ FmWxb/+K9hHHTW2fN35jOm08UyZt4N2WsA0FvhiBbSctFV1obVMuRsq0uEnGfmVV9Jd2 MeY0lRTCrU+aaChWyHcfltIAmF3yoxZmB/5ea/M6bQwDu7nrGCtDJUyywy6Zr3DAP2Za uz2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968924; x=1757573724; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=YqMpdEsUV2fviIjFSLurfARDNWwMLyzNa0D38zVRRV4=; b=brS8c76pKnt7yFAxX3ga5707Q1pSC6hPvLGJwocY+n+LQ4j9rQCihd5wsvYc8qCJni fxPwTH2EGtFNVvA3JE8TrJLVLwR7kpuzzaL7Bt59BeVLVJQgrkbeaZst8dVdkuBYue85 u9vgNB3vQk4ldLlG9OasLTqQ3TR5ZmiO7QyQ3W1Oo9FDRHzDd8V1QPT6ajUzI8E5p88C vkLy2tdFc7WwDgbRxNzvMsJT/tiw55ET5lUhRLwVSqiQEoNzaJCYnUKk7lxMJ9Bz7UXF Uy3Dl3k/1nalBmIeXQyuCsSMIBOnfAhn1txC8OLdnNkOtjuO+4lRBduBiRl7SWilcHDu pWDw== X-Gm-Message-State: AOJu0YzvLERbJ6ip3/E+KeoTXezKpSBUD+uu8CX1ARP73FAImp/yV21+ A29BhgOTmT/N5HAYFPTSJosd6IbRpJEiIG0L3KPrDixGdmnFMVUhbJMeI+YYqBkf0AaIQJxye2X IYQ== X-Google-Smtp-Source: AGHT+IHU8aE69lKsl42MpOIXvrUGk5nPmd3Q6iw3H5xSke4+EKRTEKinRjrjK+lfCvuFoVBO6ts+bPx8dA== X-Received: from pfch21.prod.google.com ([2002:a05:6a00:1715:b0:76e:396a:e2dd]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:9997:b0:243:c76d:ac8c with SMTP id adf61e73a8af0-243d6f051cdmr28758575637.32.1756968924573; Wed, 03 Sep 2025 23:55:24 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:44 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-15-sagis@google.com> Subject: [PATCH v10 14/21] KVM: selftests: Call TDX init when creating a new TDX vm From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TDX VMs need to issue the KVM_TDX_INIT_VM ioctl after VM creation to initialize the TD. This ioctl also sets the cpuids and attributes for the VM. Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/lib/x86/processor.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index 623168ea9a44..c255fe1951be 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -641,6 +641,9 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm) vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); } =20 + if (is_tdx_vm(vm)) + vm_tdx_init_vm(vm, 0); + r =3D __vm_ioctl(vm, KVM_GET_TSC_KHZ, NULL); TEST_ASSERT(r > 0, "KVM_GET_TSC_KHZ did not provide a valid TSC frequency= ."); guest_tsc_khz =3D r; --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BC71F29B8D3 for ; Thu, 4 Sep 2025 06:55:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968928; cv=none; b=WhBVnt03Os1c3cHGSbi8kBJaPayMBsxv2SmPPo4GodAfn5aE6cqtOIpDzn/nA/oDEw9XeCbDyCnblXXds3C5LUicB6V/gtWT77po6ypwULcn8UzR+adyIla14DvnOYCv24QLkwDiw+hhGnc7h32n/JFdvyUhpDDlkcOMFSqjCkk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968928; c=relaxed/simple; bh=jzB6ZNggPgXQrt5oRvtMpK/C1hmf8zACld+Ecgq9TtU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YiEEPvVhbHP15dIKS1Ctl30C7EFQuTT1P5ZVV6gds6m9W7DHSibFYVg6eHWjFWTbQeRtJ7MBNQmkp6C3iwGqH17kjhxwnXu1INXfDL3Q0Mk7/q7xDQ0HEOjvFGADOCMD9CYO1F6zZCOJHRVpWg4Syjur/nmE5hUCBXi/Zfu21yc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mVd5SMVD; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mVd5SMVD" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-b47174bdce2so488144a12.2 for ; Wed, 03 Sep 2025 23:55:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968926; x=1757573726; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=JxE+Xj3ugJHUcqN9a7F7aAsq//VgXJ8T/JzaLukZcD8=; b=mVd5SMVDUybeFqyXNebGqCtiwpQjoRXMwjGx23FkKwg7GsJDWSGqlWDlMulTn1tDgx 16F3Zyu1hhlUdOnzAjAnFX4ORerOUUOIi+0KspYHnuIWLZeREm6WkQ1WzPuW4c567s0L UzS5kObvn5/AcuuNL3sP1xmb8+RoVMSEkIgpGuJLHm5GLcktmjsCAgWJsN4bNHwQN0Dx zkorZMp87kdzvkfsVTI2qbYbQ3MtDME3i2russAzuO0ylVG33kPnU8SSvlrOzY3Q0/b3 V5q5WN8tmu02ubD5jq9ade3cJnFh44j3bKaJfcemJ1/XxM1722KaXfDgzjhiTG7HZ60t 7ZjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968926; x=1757573726; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JxE+Xj3ugJHUcqN9a7F7aAsq//VgXJ8T/JzaLukZcD8=; b=IIfm3fifx3/Jm7YMbVZucfHUa4Ca40zVb1QR6YnLEX49sR/WrNoEF7L4uLicqylQeI s62DCBxXlkPrCNil5xMU7l496gV1WhI3GhPNAU7sr0l/14X9sSKFCOXoOTPVNyPVJEGx ePmSFVTA76ef9XbNEZJgzKw7RA7lhHMXXy+BZmghl5GNLm7KJSXfBxZB4p7uksbkHXEG c7mAzdb4nbqIDezuty5AKyRppqZp33JBUfAIimelqgglZds2+iW2pOC9UfUrpQ6YdCCy /rdtYJ39e6Z395BRP9eK5RLzyfkve9KUvg/YeoqPAvj5phGANRRj7sCXnlDV88rSaPIH rM7w== X-Gm-Message-State: AOJu0YyoKrSj0keHxO7vXjFEZUV+7SbEiv1JZQe+fiNV6uy0ft5ugBbM lgo2UfX/mABfp0HVaT6Du2yWVbxvv1KZmgmXkUujxgY6cz5kVGlMF8zdlx7MO1mmF4OUM1+0JTt TcA== X-Google-Smtp-Source: AGHT+IGoSYrzfeX5RVnQxdwXezOdW2R08Qc3RSSjnfBqAMU0OXMTqtk5sU6FDVAGyyN96wJHsxaP6juUfQ== X-Received: from pfbdh11.prod.google.com ([2002:a05:6a00:478b:b0:771:e00d:cee]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a20:3d1c:b0:243:ca15:f84c with SMTP id adf61e73a8af0-243d6f0bc0bmr25910996637.37.1756968926069; Wed, 03 Sep 2025 23:55:26 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:45 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-16-sagis@google.com> Subject: [PATCH v10 15/21] KVM: selftests: Setup memory regions for TDX on vm creation From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Guest registers are inaccessible to kvm for TDX VMs. In order to set register values for TDX we use a special boot code which loads the register values from memory and write them into the appropriate registers. This patch sets up the memory regions used for the boot code and the boot parameters for TDX. Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/lib/kvm_util.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/sel= ftests/kvm/lib/kvm_util.c index b4c8702ba4bd..d8a944b5ada3 100644 --- a/tools/testing/selftests/kvm/lib/kvm_util.c +++ b/tools/testing/selftests/kvm/lib/kvm_util.c @@ -4,6 +4,7 @@ * * Copyright (C) 2018, Google LLC. */ +#include "tdx/tdx_util.h" #include "test_util.h" #include "kvm_util.h" #include "processor.h" @@ -465,7 +466,7 @@ void kvm_set_files_rlimit(uint32_t nr_vcpus) static bool is_guest_memfd_required(struct vm_shape shape) { #ifdef __x86_64__ - return shape.type =3D=3D KVM_X86_SNP_VM; + return (shape.type =3D=3D KVM_X86_SNP_VM || shape.type =3D=3D KVM_X86_TDX= _VM); #else return false; #endif @@ -499,6 +500,12 @@ struct kvm_vm *__vm_create(struct vm_shape shape, uint= 32_t nr_runnable_vcpus, for (i =3D 0; i < NR_MEM_REGIONS; i++) vm->memslots[i] =3D 0; =20 + if (is_tdx_vm(vm)) { + /* Setup additional mem regions for TDX. */ + vm_tdx_setup_boot_code_region(vm); + vm_tdx_setup_boot_parameters_region(vm, nr_runnable_vcpus); + } + kvm_vm_elf_load(vm, program_invocation_name); =20 /* --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 68A3029BDB4 for ; Thu, 4 Sep 2025 06:55:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968930; cv=none; b=RGVlO472G6amQ1htYXHt7UQ+qvTtl2Kp3Aq2A1LBBHS3drr5Le9vnSjCt7IpNcZweDTaZE4EuzZrN/n9q7h8SL8o5E82T+FCWNFYnFBFSdeEZmtLK0wsiBwRxFf69pbtHrbp8/+JZsNUST3A4r0uWtxWr1LThfTIDpTAZTT7NgU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968930; c=relaxed/simple; bh=A3rvNv5tLE6sXzjWetLlKSM8k2q2gEXk49EouZJdocs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=mwonVaY3DDBdh0TY7JOrr+CF9iotpRLrHINK5jEAgcT3NqFOtC311S8l1z8ATCZkJ+YbFFVOqR/0tg84cjz/OHrAcO+hZXLyqUqXIYKHXiWRlQiVhmVHNOPqVYk6MChGiz4CMNuXtdciJbtf7P29w1DcYG1fnMahIEzyXbQJPpU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=v/UKW17+; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="v/UKW17+" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-248eec89618so9990465ad.1 for ; Wed, 03 Sep 2025 23:55:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968928; x=1757573728; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=7jyzFRHHiSGpkjG2s+KNnXbL/OeDAvT2CWWv4I+ohEc=; b=v/UKW17+yXm+POY8T+V38W1I0sjblkHsI+MFHch4DhumNF4VSPrywAguzrCRGPlglh LgnfG1OYHk9WSDsZ9Uh2dZJQv7PHZJbA8o9C7N9yojS7z+LMfpVdeZNw58ZUbZ8u4ku/ syNYliZQe1ov94Q+sZSLYwHqB1/5ZdnjPqEL0tfxCrCI1CAgPbIiGrP01WCqxA6DJCzy a+7re2latKmqMNmLfJujocCq5fdHUnDXJ1L4KEO32OY2vXA/vg5uWL5NEy02tAUSmXwh n4hDYILU9OhZAFWbFyZGDZJXIBNcyQdZDIdEXzETD+GQa0/JQd6WFV/9WB9iGlHhX8KL Z30A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968928; x=1757573728; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=7jyzFRHHiSGpkjG2s+KNnXbL/OeDAvT2CWWv4I+ohEc=; b=fZlyMkKYLf0M27HAIm+gpwaTxNMS00NoODK5PencVY4jflJtgEJH45aQ9PY4CuH970 xsa9RjEkmmacWMY6pg2GGOq6EO9O3hBphJMbjkOmwdUMNJDXM+UqZDQwQTn5usGniVPb ggwqqXyJi+Q9ge1zzjpL95QxPvpB62T3juLSluRHjs3vFbUr/EYRDM9aqSLD6nH9HyId OonWQwue0Ws33PCtz/rhYqBhoBYcTuaWBvBAhEeRKEEp34hq/cWNtuwnQSUB/AmoLBow DStOONwnLHEEz+EVW4CIbRw0DbZnSNufWx5r0rM6TrnRqbTBK5SZhflDtdxWmjmbRNF7 kUrg== X-Gm-Message-State: AOJu0YzJGfbk6GlJme6GfthJOjPBHQdyxWo23QfBkmhk0LtzMMeyls53 iNfW233uO0CIzdy6WM2Pusg11qjHEMghTXzTl952wZqJBFg7RqBeHGebWDEERl4pSbmzciFHO3Y BXg== X-Google-Smtp-Source: AGHT+IFvmfVW+KjlSTZrEQuN275lpqi6Zns8OFz+/5+P3JxjVk+2+fXszGsfdn7feAXTaG2YLUI81w0/kA== X-Received: from plao20.prod.google.com ([2002:a17:903:3014:b0:248:df48:c4e]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:ce03:b0:248:cd0b:3454 with SMTP id d9443c01a7336-24944873445mr201783715ad.9.1756968927646; Wed, 03 Sep 2025 23:55:27 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:46 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-17-sagis@google.com> Subject: [PATCH v10 16/21] KVM: selftests: Call KVM_TDX_INIT_VCPU when creating a new TDX vcpu From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" TDX VMs need to issue the KVM_TDX_INIT_VCPU ioctl for each vcpu after vcpu creation. Since the cpuids for TD are managed by the TDX module, read the values virtualized for the TD using KVM_TDX_GET_CPUID and set them in kvm using KVM_SET_CPUID2 so that kvm has an accurate view of the VM cpuid values. Signed-off-by: Sagi Shahar --- .../testing/selftests/kvm/lib/x86/processor.c | 35 ++++++++++++++----- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index c255fe1951be..b1e5f4137629 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -685,6 +685,19 @@ vm_vaddr_t kvm_allocate_vcpu_stack(struct kvm_vm *vm) return stack_vaddr; } =20 +static void vm_tdx_vcpu_add(struct kvm_vm *vm, struct kvm_vcpu *vcpu) +{ + struct kvm_cpuid2 *cpuid; + + cpuid =3D allocate_kvm_cpuid2(MAX_NR_CPUID_ENTRIES); + vm_tdx_vcpu_ioctl(vcpu, KVM_TDX_GET_CPUID, 0, cpuid); + vcpu_init_cpuid(vcpu, cpuid); + free(cpuid); + vm_tdx_vcpu_ioctl(vcpu, KVM_TDX_INIT_VCPU, 0, NULL); + + vm_tdx_load_vcpu_boot_parameters(vm, vcpu); +} + struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, uint32_t vcpu_id) { struct kvm_mp_state mp_state; @@ -692,15 +705,21 @@ struct kvm_vcpu *vm_arch_vcpu_add(struct kvm_vm *vm, = uint32_t vcpu_id) struct kvm_vcpu *vcpu; =20 vcpu =3D __vm_vcpu_add(vm, vcpu_id); - vcpu_init_cpuid(vcpu, kvm_get_supported_cpuid()); - vcpu_init_sregs(vm, vcpu); - vcpu_init_xcrs(vm, vcpu); =20 - /* Setup guest general purpose registers */ - vcpu_regs_get(vcpu, ®s); - regs.rflags =3D regs.rflags | 0x2; - regs.rsp =3D kvm_allocate_vcpu_stack(vm); - vcpu_regs_set(vcpu, ®s); + if (is_tdx_vm(vm)) { + vm_tdx_vcpu_add(vm, vcpu); + } else { + vcpu_init_cpuid(vcpu, kvm_get_supported_cpuid()); + + vcpu_init_sregs(vm, vcpu); + vcpu_init_xcrs(vm, vcpu); + + /* Setup guest general purpose registers */ + vcpu_regs_get(vcpu, ®s); + regs.rflags =3D regs.rflags | 0x2; + regs.rsp =3D kvm_allocate_vcpu_stack(vm); + vcpu_regs_set(vcpu, ®s); + } =20 /* Setup the MP state */ mp_state.mp_state =3D 0; --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C905B28726B for ; Thu, 4 Sep 2025 06:55:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968931; cv=none; b=b1Q6AKmHeojxwTyruc2sZmYeDB2le9cS9pYGmvw37fKpZ3BSk6CYgmp7RqYirpfLqC2bJnZiYMtUChd72YQada6AOmSPpLMlhrczRhEcisSSWMmeHre4fRGmGy8+bBbFCw8GVIcYr89/G1nRwgbc8LXsFppmm/MhXv/MGNp7ZJk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968931; c=relaxed/simple; bh=RW05ySQDdsIFpEjdK0DhL1N2wBFwDRbslCaLfnA5S1Q=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ei2//OUTXLz9QJmDe3ssWjRN6xxXhzH0hWeH9fIklZhJv/zZlS8/cB64G1F0s+m9+9X9N1E7GF001Mqt6oT5wElVb8cbut/hKzJKTL18/C+YUYay2ZjxChkWhxnnpQ1L4Jq9cL4H+TU5L2M/P4Tg+nvJtoc/BsO0o9rxY7uerlk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=mf6c99XR; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="mf6c99XR" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2445806b18aso9214495ad.1 for ; Wed, 03 Sep 2025 23:55:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968929; x=1757573729; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Pwpwna9XgBpUtgEehRSSyfXaOgUGlQYKXpp1R7Oe4SU=; b=mf6c99XR5RZqlnBYe0Pnlp4jqoEnr3fvcgDw2/PEYyXawT4mXjjAQS8VgC6pR6/cBv WSNas3V7cDFIpuidq8i+MDXhk43ZH8kIpdHe4tATFXbr6WHbC0PS4X2VGyGw8qLaU4Ns sfSWJTw6IeLSM8iCtSze6z650++vVQQ1AHAGQV26qFLg847BtP6OvTJV5R1ehmZ5EE1E u6/VOt8tRZDWOFPn3lLfYc98Z/foXTFTyDTX6hlTdYGLoOtUXZ40DkV8rp940RRCgRgu 6PEPzxCL3KA8HCZPc09MfVXFjh/LBuo2M3hhOpoE/AUWxHYIkZDd2V4/pR0RZ0ub/T2x //4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968929; x=1757573729; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Pwpwna9XgBpUtgEehRSSyfXaOgUGlQYKXpp1R7Oe4SU=; b=pPNTMm06ZrqwscHe9EaymDfb91NeHBMoHCv6dVk3Uvqq7cjh4tOKAowTYY0Xj1KHQb Dn72kl13TkoAQC6MknuIGlFLjs/CrW6K574I9miyAyPefaCRdsgCKX1wBMlaCka3WkUa SGpdSbIVM1lBfR2l87GaYMm0/MldyCjN+qe+fC+tE1Clq33IHv9ThvkwKnXbujcYG9cJ CGPHVjL4FAc3mfvnNQ9siaLWGDdOHucPFcOfBQTAJuoiBHVLriyLYjXiCsT48gGcRUqs 8LvfgjgCQHRahGJF9w8AzchhcdJMjo4wZOnASI3XaQyIRwX5kvojVMpl0NvpNef4kPAw vHCA== X-Gm-Message-State: AOJu0YxUV3UUmiNkXwUBiqv2XYHRQ/LrcAGwXgftSIZLONW9cVXCRcFW HRqNfm72KVvmtqdr++jehYXj8vewuP6DEdydoWYH1If7QNSfUFr7B4b2D7v1+qNtysCOE2tZfd+ Iow== X-Google-Smtp-Source: AGHT+IGTvEeHEwVjQcaCZIJtCzHKu5Fk7QZqOq/RQ0i8WE5vhn5/ejm8chAGsKWMY9tCoRWfG5svPLcwPQ== X-Received: from pjbsx12.prod.google.com ([2002:a17:90b:2ccc:b0:30a:7da4:f075]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:db03:b0:249:c66:199e with SMTP id d9443c01a7336-24944a177fbmr236741125ad.26.1756968929203; Wed, 03 Sep 2025 23:55:29 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:47 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-18-sagis@google.com> Subject: [PATCH v10 17/21] KVM: selftests: Set entry point for TDX guest code From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Since the rip register is inaccessible for TDX VMs, we need a different way to set the guest entry point for TDX VMs. This is done by writing the guest code address to a predefined location in the guest memory and loading it into rip as part of the TDX boot code. Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/lib/x86/processor.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testin= g/selftests/kvm/lib/x86/processor.c index b1e5f4137629..4a831b0f206e 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -654,9 +654,13 @@ void vcpu_arch_set_entry_point(struct kvm_vcpu *vcpu, = void *guest_code) { struct kvm_regs regs; =20 - vcpu_regs_get(vcpu, ®s); - regs.rip =3D (unsigned long) guest_code; - vcpu_regs_set(vcpu, ®s); + if (is_tdx_vm(vcpu->vm)) + vm_tdx_set_vcpu_entry_point(vcpu, guest_code); + else { + vcpu_regs_get(vcpu, ®s); + regs.rip =3D (unsigned long) guest_code; + vcpu_regs_set(vcpu, ®s); + } } =20 vm_vaddr_t kvm_allocate_vcpu_stack(struct kvm_vm *vm) --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9786529E10B for ; Thu, 4 Sep 2025 06:55:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968933; cv=none; b=nvesBNpJvFB4YJgqB25uzvdtIPubdfZLnj9AWcQhSOlYeqDlkvKmPPlgm8seBaCu+Wm+ir2nMzD/SnjzNoeRl2rbvlM0fbitYGxKVUwq33FgbzvIcfqmUVXDRDY6XQlblDHSzly51J6w5vSwOcpGIyfGInnikth01BiRTVHiADI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968933; c=relaxed/simple; bh=MUgQBp6vRFo7sXMgwIB2mol8gobNRqEKNtGpNStsSJQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=H1xV5mofbga9K6NlkZi5s7xugW0mJDmHBeW8XNSEmbKDuxc2SNCWTMAPp6mMd3M/unBgrNo6X0aWdLXaaBTTOzgKUDA+hOjv1qm/wt2odkPk1L66aR0e6Bs71YmQW1RBIDgoXdQulB+eUACI/MYIErfSqK3xJiWQPTiaM8sKZSI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=vFXgurYB; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="vFXgurYB" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-24cb39fbd78so10051825ad.2 for ; Wed, 03 Sep 2025 23:55:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968931; x=1757573731; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ulVO7uPLf4Mu0wVTfDv5b2aggzO7G9j4YwfhmPLZ8a0=; b=vFXgurYBYo1rzpLQq8LNu6omw+qjNn3zoLZXz1DPAKCJgFEBU6QxX9eAgTG+8G8twX QnNiKfjz5fGPCJfzLM0LuMGqHt34zvOIfHpKfH2GwQ+8JWVi1JJF5oyx70kxdiQBnv4x avTx9U+ecxiiAi32+BR2W9S6XEtmRxxmTpip/71BignjgXbuSnbQ1lllaZaMbPsAj3fR H8v6yHG/Sfey72wuflxE8P8Tcu9aXmLOvgg+XikQpqh+8tcICyUGQchnw7Ck4MrrghHh 7Rx6ro+8mFCMxGC8nNr4TLpigeL5Ch7cCBZ1wN2wRN6Yl0UGO92rOKif1vhCfDPRh7K/ D+Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968931; x=1757573731; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ulVO7uPLf4Mu0wVTfDv5b2aggzO7G9j4YwfhmPLZ8a0=; b=kmtYl6egaxqFnhe2BHoOeUxO8ca3wOhGgVuQVOVJilxqY5Qrrh/UFk+j5XxwZVzk8N f4jpzJbJYFWz1VMXoynLr10BYB7vqhdv/j95H6nnjjWP10WbPoAGLKIMRnqcHB8L5rVG 2dQss2VO+x14AAbQhJKWHSMbmclRGwqqJk3CoxCu7dsgcDh7hACA/mp5aKpTRZVn9o8W Iuk8BqPaNRqg2fHZMBxfY/ZmvWNjGMbAsC6fP1n3Mh/2iDCgzodsbhxaixY2BjtsRQXl dF14stGj5bhFeLi6BHaaF7f0elejv8B2xnwmN8cRXPlzE4qy8j4mtoE7ozCsIt6R1pxn qZ8g== X-Gm-Message-State: AOJu0YyNoHnihXb7sXy9wJVcNnic4HXJQwVfX0mCjqNd/OSclYoxzRDp DMVWK9wTjLWbKddQ/YK6Fs8XwMSuceX2oT7rKkwTT67eMiiDhib7iNdsCCuA/1VE+c4JZPRwR6F +tA== X-Google-Smtp-Source: AGHT+IGeiwfA4j2/+8IeF34AuahcKnJ2C/OChtIgJZTCxd+cM5S5Z68QzCafNkguy2rF3T/O768NY9Q0kg== X-Received: from pjwx3.prod.google.com ([2002:a17:90a:c2c3:b0:32b:9f1c:fa6]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:19eb:b0:24c:c8fe:e273 with SMTP id d9443c01a7336-24cc8fee5d8mr21240015ad.7.1756968930641; Wed, 03 Sep 2025 23:55:30 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:48 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-19-sagis@google.com> Subject: [PATCH v10 18/21] KVM: selftests: Add support for TDX TDCALL from guest From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Erdem Aktas Add support for TDX guests to issue TDCALLs to the TDX module. Signed-off-by: Erdem Aktas Co-developed-by: Sagi Shahar Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/Makefile.kvm | 8 ++ .../selftests/kvm/include/x86/tdx/tdcall.h | 34 +++++++ .../selftests/kvm/lib/x86/tdx/tdcall.S | 93 +++++++++++++++++++ .../kvm/lib/x86/tdx/tdcall_offsets.c | 16 ++++ 4 files changed, 151 insertions(+) create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/tdcall.h create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdcall.S create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdcall_offsets.c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 52c90f1c0484..2d4fd68984a0 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -20,6 +20,7 @@ LIBKVM +=3D lib/userfaultfd_util.c LIBKVM_STRING +=3D lib/string_override.c =20 LIBKVM_ASM_DEFS +=3D lib/x86/tdx/td_boot_offsets.c +LIBKVM_ASM_DEFS +=3D lib/x86/tdx/tdcall_offsets.c =20 LIBKVM_x86 +=3D lib/x86/apic.c LIBKVM_x86 +=3D lib/x86/handlers.S @@ -33,6 +34,7 @@ LIBKVM_x86 +=3D lib/x86/ucall.c LIBKVM_x86 +=3D lib/x86/vmx.c LIBKVM_x86 +=3D lib/x86/tdx/tdx_util.c LIBKVM_x86 +=3D lib/x86/tdx/td_boot.S +LIBKVM_x86 +=3D lib/x86/tdx/tdcall.S =20 LIBKVM_arm64 +=3D lib/arm64/gic.c LIBKVM_arm64 +=3D lib/arm64/gic_v3.c @@ -343,7 +345,13 @@ $(OUTPUT)/lib/x86/tdx/td_boot.o: $(OUTPUT)/include/x86= /tdx/td_boot_offsets.h $(OUTPUT)/include/x86/tdx/td_boot_offsets.h: $(OUTPUT)/lib/x86/tdx/td_boot= _offsets.s FORCE $(call filechk,offsets,__TDX_BOOT_OFFSETS_H__) =20 +$(OUTPUT)/lib/x86/tdx/tdcall.o: $(OUTPUT)/include/x86/tdx/tdcall_offsets.h + +$(OUTPUT)/include/x86/tdx/tdcall_offsets.h: $(OUTPUT)/lib/x86/tdx/tdcall_o= ffsets.s FORCE + $(call filechk,offsets,__TDCALL__OFFSETS_H__) + EXTRA_CLEAN +=3D $(OUTPUT)/include/x86/tdx/td_boot_offsets.h +EXTRA_CLEAN +=3D $(OUTPUT)/include/x86/tdx/tdcall_offsets.h =20 $(shell mkdir -p $(sort $(dir $(TEST_GEN_PROGS)))) $(SPLIT_TEST_GEN_OBJ): $(GEN_HDRS) diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdcall.h b/tools/t= esting/selftests/kvm/include/x86/tdx/tdcall.h new file mode 100644 index 000000000000..60c70646f876 --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdcall.h @@ -0,0 +1,34 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* Adapted from arch/x86/include/asm/shared/tdx.h */ + +#ifndef SELFTESTS_TDX_TDCALL_H +#define SELFTESTS_TDX_TDCALL_H + +#include + +#define TDX_TDCALL_HAS_OUTPUT BIT(0) + +#ifndef __ASSEMBLY__ + +#include + +/* + * Used in __tdx_tdcall() to pass down and get back registers' values of + * the TDCALL instruction when requesting services from the VMM. + * + * This is a software only structure and not part of the TDX module/VMM AB= I. + */ +struct tdx_tdcall_args { + u64 r10; + u64 r11; + u64 r12; + u64 r13; + u64 r14; + u64 r15; +}; + +/* Used to request services from the VMM */ +u64 __tdx_tdcall(struct tdx_tdcall_args *args, unsigned long flags); + +#endif // __ASSEMBLY__ +#endif // SELFTESTS_TDX_TDCALL_H diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdcall.S b/tools/testi= ng/selftests/kvm/lib/x86/tdx/tdcall.S new file mode 100644 index 000000000000..05869e86b9d8 --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdcall.S @@ -0,0 +1,93 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* Adapted from arch/x86/virt/vmx/tdx/tdxcall.S */ + +#ifndef __ASSEMBLY__ +#define __ASSEMBLY__ +#endif + +#include +#include "tdx/tdcall.h" +#include "tdx/tdcall_offsets.h" + +/* + * TDCALL is supported in Binutils >=3D 2.36, add it for older version. + */ +#define tdcall .byte 0x66,0x0f,0x01,0xcc + +/* + * Bitmasks of exposed registers (with VMM). + */ +#define TDX_R10 BIT(10) +#define TDX_R11 BIT(11) +#define TDX_R12 BIT(12) +#define TDX_R13 BIT(13) +#define TDX_R14 BIT(14) +#define TDX_R15 BIT(15) + +/* + * These registers are clobbered to hold arguments for each + * TDVMCALL. They are safe to expose to the VMM. + * Each bit in this mask represents a register ID. Bit field + * details can be found in TDX GHCI specification, section + * titled "TDCALL [TDG.VP.VMCALL] leaf". + */ +#define TDVMCALL_EXPOSE_REGS_MASK \ + (TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15) + +.code64 +.section .text + +.globl __tdx_tdcall +.type __tdx_tdcall, @function +__tdx_tdcall: + /* Set up stack frame */ + push %rbp + movq %rsp, %rbp + + /* Save callee-saved GPRs as mandated by the x86_64 ABI */ + push %r15 + push %r14 + push %r13 + push %r12 + + /* Mangle function call ABI into TDCALL ABI: */ + /* Set TDCALL leaf ID (TDVMCALL (0)) in RAX */ + xor %eax, %eax + + /* Copy tdcall registers from arg struct: */ + movq TDX_TDCALL_R10(%rdi), %r10 + movq TDX_TDCALL_R11(%rdi), %r11 + movq TDX_TDCALL_R12(%rdi), %r12 + movq TDX_TDCALL_R13(%rdi), %r13 + movq TDX_TDCALL_R14(%rdi), %r14 + movq TDX_TDCALL_R15(%rdi), %r15 + + movl $TDVMCALL_EXPOSE_REGS_MASK, %ecx + + tdcall + + /* TDVMCALL leaf return code is in R10 */ + movq %r10, %rax + + /* Copy tdcall result registers to arg struct if needed */ + testq $TDX_TDCALL_HAS_OUTPUT, %rsi + jz .Lout + + movq %r10, TDX_TDCALL_R10(%rdi) + movq %r11, TDX_TDCALL_R11(%rdi) + movq %r12, TDX_TDCALL_R12(%rdi) + movq %r13, TDX_TDCALL_R13(%rdi) + movq %r14, TDX_TDCALL_R14(%rdi) + movq %r15, TDX_TDCALL_R15(%rdi) +.Lout: + /* Restore callee-saved GPRs as mandated by the x86_64 ABI */ + pop %r12 + pop %r13 + pop %r14 + pop %r15 + + pop %rbp + ret + +/* Disable executable stack */ +.section .note.GNU-stack,"",%progbits diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdcall_offsets.c b/too= ls/testing/selftests/kvm/lib/x86/tdx/tdcall_offsets.c new file mode 100644 index 000000000000..dcd4457be6e5 --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdcall_offsets.c @@ -0,0 +1,16 @@ +// SPDX-License-Identifier: GPL-2.0 +#define COMPILE_OFFSETS + +#include + +#include "tdx/tdcall.h" + +static void __attribute__((used)) common(void) +{ + OFFSET(TDX_TDCALL_R10, tdx_tdcall_args, r10); + OFFSET(TDX_TDCALL_R11, tdx_tdcall_args, r11); + OFFSET(TDX_TDCALL_R12, tdx_tdcall_args, r12); + OFFSET(TDX_TDCALL_R13, tdx_tdcall_args, r13); + OFFSET(TDX_TDCALL_R14, tdx_tdcall_args, r14); + OFFSET(TDX_TDCALL_R15, tdx_tdcall_args, r15); +} --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E9CF52857EA for ; Thu, 4 Sep 2025 06:55:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968934; cv=none; b=Sckn+923bihIcptL9WwZgbSOOT9Qhp5JxGK5fJTviSLC79AEoyygLjQ7frq2BwNVlbLWaulKDsChzJ3mSgT1WDMvDJKXWtMSiaTGblxuEQZURmbXyrWxFRNDraPwOgTpgxlhsxqo164v22d+kWXNGloQeY6ii+r+FVUhC/bOm6M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968934; c=relaxed/simple; bh=hzGFMgxPgiU24vsXArlIv7U3vM7g+M9P+mccb58lX9c=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=NqKE6QFlryNaNvJAnNOAMxD81T2UcDTpOv57hyK8FOZiwGz4J5eVf3HHpzs9EPXx+QeW+CXEMZ7Ad4QXKrPrNUGVmvS1YwjjE41gfOYRyHqt0/qU7xQtdcB2xHsoFFodcJfnYUIJzPsYxpOktqAp7ePPaVoXvfJB1a85P8QeGOQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=PBsuYiJP; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="PBsuYiJP" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-248eec89618so9992505ad.1 for ; Wed, 03 Sep 2025 23:55:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968932; x=1757573732; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=9UX1Rmgz0kZ8N5Zzn+bY2xvvNkdxwsBMWh8MtnA4+GY=; b=PBsuYiJPs/FlU73o4wvXk1Qiinadd/TO9BnIqyeZi0DEwdqtZuLYE4B4C+G6rXir4H 67c5581E9i5K0rxCWGaF93UoPDpw42INO0cjTOZxuLOt1ncVyEx0suRzS/GCHo60wpgO XXxncRe+K+migRVsLQX7aEz+0Y8b3AY9Eg/358g2t+CL68f+Mii04kbBiZpOKueP08fV MCNJI0P+KYMarxlJCkY0vb6CkCJtMBp57shgO46qFxaHprhvWyLTgqog4oTtvGR6f+pC 0q0oEM0kZCSsdAQZqULXICtf2pkWZDFrmdMWGpQZW82qko+EpyPpXo+QQjIQQCarFesq 6URw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968932; x=1757573732; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9UX1Rmgz0kZ8N5Zzn+bY2xvvNkdxwsBMWh8MtnA4+GY=; b=uOSxzfoKFqFo5AMHE3TGLmIN9GBYHNpmOlk2Yiz5o4QyvZa5RN1FAok/awwfbJgzIl IOedgnTmXXl5ovMzkUXmkKcK5XYy8iABrHzegbfwbgxgkKi6otXvhD4e1dQqY8mnZW6W Dh7UY6UbfGzDOJDb5JL2qxBNG6JQYpN6O4B+OwZei4PM4dj9ohwtovaiY8E03rX+zVFW tM9SmiC3Jf3NW/bv6/gqes92jTnMPyKbEdQ3M8Xlk329xF9KxNnM8qVtA0nG9We1pZm7 wog7FIZ3gGYP2WYRJ1xZa3Z5eiVOUeYfatdxGB53D0UVwoTa7dZ6sqhVsYuJPajenv/D 9dgg== X-Gm-Message-State: AOJu0YwJaujOj9SpFnYfpcCh/bEKhwUkYj+99jDuQ9z2BNLsFC8u+pcP PDSC9L8MQE0uL2b+3QCxqd2ztQec/mnjW6OBQQuHz/g3HfAg2txzRy4BUMVhZIzvEQ2gJpaHD6C sdQ== X-Google-Smtp-Source: AGHT+IHOlHSl+cTZyC4uq0Q+4FX/lDRZCbT49C2vuUwUTLFpr3fu9v9q9yWaZlGTC0/nL8JeHBMtiOebmw== X-Received: from plat5.prod.google.com ([2002:a17:902:e1c5:b0:24a:f8cf:c06a]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:ce03:b0:248:cd0b:3454 with SMTP id d9443c01a7336-24944873445mr201786195ad.9.1756968932344; Wed, 03 Sep 2025 23:55:32 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:49 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-20-sagis@google.com> Subject: [PATCH v10 19/21] KVM: selftests: Add wrapper for TDX MMIO from guest From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add utility function to issue MMIO TDCALL from TDX guests. Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/include/x86/tdx/tdx.h | 14 +++++++++++ tools/testing/selftests/kvm/lib/x86/tdx/tdx.c | 23 +++++++++++++++++++ 3 files changed, 38 insertions(+) create mode 100644 tools/testing/selftests/kvm/include/x86/tdx/tdx.h create mode 100644 tools/testing/selftests/kvm/lib/x86/tdx/tdx.c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 2d4fd68984a0..1a73e08c8437 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -35,6 +35,7 @@ LIBKVM_x86 +=3D lib/x86/vmx.c LIBKVM_x86 +=3D lib/x86/tdx/tdx_util.c LIBKVM_x86 +=3D lib/x86/tdx/td_boot.S LIBKVM_x86 +=3D lib/x86/tdx/tdcall.S +LIBKVM_x86 +=3D lib/x86/tdx/tdx.c =20 LIBKVM_arm64 +=3D lib/arm64/gic.c LIBKVM_arm64 +=3D lib/arm64/gic_v3.c diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx.h b/tools/test= ing/selftests/kvm/include/x86/tdx/tdx.h new file mode 100644 index 000000000000..22b096402998 --- /dev/null +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx.h @@ -0,0 +1,14 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef SELFTESTS_TDX_TDX_H +#define SELFTESTS_TDX_TDX_H + +#include + +/* MMIO direction */ +#define MMIO_READ 0 +#define MMIO_WRITE 1 + +uint64_t tdg_vp_vmcall_ve_request_mmio_write(uint64_t address, uint64_t si= ze, + uint64_t data_in); + +#endif // SELFTESTS_TDX_TDX_H diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx.c b/tools/testing/= selftests/kvm/lib/x86/tdx/tdx.c new file mode 100644 index 000000000000..f9c1acd5b30c --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx.c @@ -0,0 +1,23 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include "tdx/tdcall.h" +#include "tdx/tdx.h" + +#define TDG_VP_VMCALL 0 + +#define TDG_VP_VMCALL_VE_REQUEST_MMIO 48 + +uint64_t tdg_vp_vmcall_ve_request_mmio_write(uint64_t address, uint64_t si= ze, + uint64_t data_in) +{ + struct tdx_tdcall_args args =3D { + .r10 =3D TDG_VP_VMCALL, + .r11 =3D TDG_VP_VMCALL_VE_REQUEST_MMIO, + .r12 =3D size, + .r13 =3D MMIO_WRITE, + .r14 =3D address, + .r15 =3D data_in, + }; + + return __tdx_tdcall(&args, 0); +} --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8567A2BDC20 for ; Thu, 4 Sep 2025 06:55:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968936; cv=none; b=IGkJg0ieFQDipw8sDE3aQ1cIG7DP0lgIy8jKvkorKipA2HEPzz+JZZ0ACScW0hWAIQVPjbs4ZU8TH0d6bXq8hC5RZsnsB6mANJWVxEzksrPGQNIqCgugHEF/zD/dN+xBiGesm4TIrtyNMUAX4bjcZezKOM4Ca/gdC1p9ojQe3oI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968936; c=relaxed/simple; bh=82imUpUGSrASE3Ews8yZjglaw3mYQKnEEacvVHA3ZMU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VupNnaESsmA+t0rP/oAexTUxYMnZ13JarcqspCLoQeCGv3Jqsl0okOup1ErPBVqIhG6m3mTYl/mNsBHWjx2WEyVGNlPwQM2P0TJYVG3yjCwDTTPIMaeep6YLOsq/Ds3sXE5D/coAJb54cVb/41ga6Gl+UWdWefas6xu/5b3ymqo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MHtgfCZR; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MHtgfCZR" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-329dbf4476cso553499a91.1 for ; Wed, 03 Sep 2025 23:55:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968934; x=1757573734; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=gEbqVx1XUrmfHL/bfo75/bOQleA+IfiyOTZneZaFJoQ=; b=MHtgfCZRlzzy+B1FnCuKz64C5x++VmiPA7BvlutupPDVQBi+P9SgS6K+HLsBkwrNJX IL0G9dSoSofxv3OI+ebB/A2xcLUj8nbROUmoM7+g6fPxJr9BKniBy4/62oDFhDnOz0EY iRlg9tG//Q+V1+zcLb2qmY2Je44Tse7ojTRfUqKVZZZrUwXTW1Bt6xNWcDo6LeR6Oevu Y9+DixkzAJCvtur0DjGjXq4xqTmGP1BCCcQ5MCYjQ4ogW4RXO0WZ7FX0AkIB9JePFqW9 uqtvP8bBzF5nwvGd0MjDQ8F/tuaoRUDsjydrimq8rhcE7nZ7TErQ6d/NF2TFuJTmiTSx JtNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968934; x=1757573734; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gEbqVx1XUrmfHL/bfo75/bOQleA+IfiyOTZneZaFJoQ=; b=lQPC50rMak7gIOXnNJ5ygrNLVEAJZ+9bLUdu3FnDiPkkuUunj7ZuvQuWiO1IGD5VYb msiuV/IemrZBZNH43HIPnNgf+H1+zfcKCzc7Mzy83guj99mItOOi/RR2ANmKag2/W18Z ppAKYheOO0TnVNtrBEReNaL0j9punZk3CXivD+QoS/NzC0KpMO6QCDfyzpLFKiQRjMzA q+4Tsuh9CihI7b2epuKe2tsC/gStXBo6h83QLFNfaIzLOAoRb2xGVi95mxPGTe+OofuO mDDfR6KS9R0pj6AmQ3fb1cOkBTOHyke2snJlNe9K4SuPAyAbpI2BH7UIraXvejQy+658 Hjbg== X-Gm-Message-State: AOJu0Yx8Kdu+bObAqixCfZTKOx6nsHpTE6UNQXnlIeP5AhhVyasIhGMH gytF6D73vAlRR6lRdQ+1/93RWbeV1w6u8EWMxAKguIJTUuR4Aad2ItqhWeTGHYam4hV2GdCB/Je qMQ== X-Google-Smtp-Source: AGHT+IHxg5XX+QGRvB3eVe6BPmD4a7wWjsiBO7i2k5ga/0nig7c6kMIoh8dnmBhJcA/htRSJV7twgBolAg== X-Received: from pjn16.prod.google.com ([2002:a17:90b:5710:b0:32b:58d1:a610]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:384c:b0:329:e708:c88e with SMTP id 98e67ed59e1d1-329e708c9fdmr12000946a91.20.1756968933985; Wed, 03 Sep 2025 23:55:33 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:50 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-21-sagis@google.com> Subject: [PATCH v10 20/21] KVM: selftests: Add ucall support for TDX From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Ackerley Tng ucalls for non-Coco VMs work by having the guest write to the rdi register, then perform an io instruction to exit to the host. The host then reads rdi using kvm_get_regs(). CPU registers can't be read using kvm_get_regs() for TDX, so TDX guests use MMIO to pass the struct ucall's hva to the host. MMIO was chosen because it is one of the simplest (hence unlikely to fail) mechanisms that support passing 8 bytes from guest to host. Signed-off-by: Ackerley Tng Co-developed-by: Sagi Shahar Signed-off-by: Sagi Shahar --- .../testing/selftests/kvm/include/x86/ucall.h | 4 +- tools/testing/selftests/kvm/lib/x86/ucall.c | 45 ++++++++++++++++--- 2 files changed, 41 insertions(+), 8 deletions(-) diff --git a/tools/testing/selftests/kvm/include/x86/ucall.h b/tools/testin= g/selftests/kvm/include/x86/ucall.h index d3825dcc3cd9..0494a4a21557 100644 --- a/tools/testing/selftests/kvm/include/x86/ucall.h +++ b/tools/testing/selftests/kvm/include/x86/ucall.h @@ -6,8 +6,6 @@ =20 #define UCALL_EXIT_REASON KVM_EXIT_IO =20 -static inline void ucall_arch_init(struct kvm_vm *vm, vm_paddr_t mmio_gpa) -{ -} +void ucall_arch_init(struct kvm_vm *vm, vm_paddr_t mmio_gpa); =20 #endif diff --git a/tools/testing/selftests/kvm/lib/x86/ucall.c b/tools/testing/se= lftests/kvm/lib/x86/ucall.c index 1265cecc7dd1..0ad24baaa3c4 100644 --- a/tools/testing/selftests/kvm/lib/x86/ucall.c +++ b/tools/testing/selftests/kvm/lib/x86/ucall.c @@ -5,11 +5,34 @@ * Copyright (C) 2018, Red Hat, Inc. */ #include "kvm_util.h" +#include "tdx/tdx.h" =20 #define UCALL_PIO_PORT ((uint16_t)0x1000) =20 +static uint8_t vm_type; +static vm_paddr_t host_ucall_mmio_gpa; +static vm_paddr_t ucall_mmio_gpa; + +void ucall_arch_init(struct kvm_vm *vm, vm_paddr_t mmio_gpa) +{ + vm_type =3D vm->type; + sync_global_to_guest(vm, vm_type); + + host_ucall_mmio_gpa =3D ucall_mmio_gpa =3D mmio_gpa; + + if (vm_type =3D=3D KVM_X86_TDX_VM) + ucall_mmio_gpa |=3D vm->arch.s_bit; + + sync_global_to_guest(vm, ucall_mmio_gpa); +} + void ucall_arch_do_ucall(vm_vaddr_t uc) { + if (vm_type =3D=3D KVM_X86_TDX_VM) { + tdg_vp_vmcall_ve_request_mmio_write(ucall_mmio_gpa, 8, uc); + return; + } + /* * FIXME: Revert this hack (the entire commit that added it) once nVMX * preserves L2 GPRs across a nested VM-Exit. If a ucall from L2, e.g. @@ -46,11 +69,23 @@ void *ucall_arch_get_ucall(struct kvm_vcpu *vcpu) { struct kvm_run *run =3D vcpu->run; =20 - if (run->exit_reason =3D=3D KVM_EXIT_IO && run->io.port =3D=3D UCALL_PIO_= PORT) { - struct kvm_regs regs; + switch (vm_type) { + case KVM_X86_TDX_VM: + if (vcpu->run->exit_reason =3D=3D KVM_EXIT_MMIO && + vcpu->run->mmio.phys_addr =3D=3D host_ucall_mmio_gpa && + vcpu->run->mmio.len =3D=3D 8 && vcpu->run->mmio.is_write) { + uint64_t data =3D *(uint64_t *)vcpu->run->mmio.data; + + return (void *)data; + } + return NULL; + default: + if (run->exit_reason =3D=3D KVM_EXIT_IO && run->io.port =3D=3D UCALL_PIO= _PORT) { + struct kvm_regs regs; =20 - vcpu_regs_get(vcpu, ®s); - return (void *)regs.rdi; + vcpu_regs_get(vcpu, ®s); + return (void *)regs.rdi; + } + return NULL; } - return NULL; } --=20 2.51.0.338.gd7d06c2dae-goog From nobody Sun Sep 14 12:58:31 2025 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2A104285CA1 for ; Thu, 4 Sep 2025 06:55:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968937; cv=none; b=JBb5CgfAzMJwBvZoP8oF08solFiQayanJk0n41DSnz2Y0aQU2TBU7+o040MCA0kEh1Sg7z10qTCVTUkjHy4NCZRGJ0OlXxyI8YmlJ9sNCQDaqXLC2+Z/Pgj96hPPavVIXdsnaww96N20KPAYf4wefb56kdDOg91hzPZEAsJyMcU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756968937; c=relaxed/simple; bh=n5R2ZA5nD4duw34bOYSLZZY4wDHfqasy7+07P7hy0UE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=HT8PFWTgorPJSb0RPKfylRC7Y/0anIOLiHrhoAoliYfuNIc2AsF6scteb9kADWnS9jqbjWhnErQJeaFTwkRqqfK0P7M+5xapoNKBgETeGKBFQumOQu2vL3AE/xcPuxgZmVDasz8Gkm83G5Y/sMLtOPgJSZALnw/D5jHs8pLEvMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=jOJzRI/B; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--sagis.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="jOJzRI/B" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-327b5e7f2f6so851051a91.2 for ; Wed, 03 Sep 2025 23:55:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1756968935; x=1757573735; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=4yB9yOXY7Gz8M5J2AkG68rpmry/ggMKSfTcUt8sHdGE=; b=jOJzRI/BfWsq5s7ff1vcKDdyHqZUZoGAhuR0iY/PJ1OwlkQdcg5Xm+vafLj/f9kQly 004hN2ekrmD7gcHCZmHICgaiRXvRFznTDTDxTQ2NhXjgNRizzpMptfWhYcM0sZSdAJyX gCLab0nOW+FmOgsof/w1JZ7XzKueeNdmAAla5q+hySBqIA3W99PZUWqbSlXLqJhF3h2g iNMrvVExEDKRCI99lL9uC+PmyhLqMMa7W85O7kHC1qI68a9ZxuZJme0uiX4YPAq0cfJd u7oJCJ8mNZ/9VI9LSUWt6VXmx47rSHOyeyKpBabuk5KSFf43PHS0v7hoc6+wVoACMDSD pYzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756968935; x=1757573735; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=4yB9yOXY7Gz8M5J2AkG68rpmry/ggMKSfTcUt8sHdGE=; b=olWPJfA1MhgOPvq2LlFcCZx/JN38sDSZJB1bC2MJVpD9pkoBEu6S7u1LGmxpt16N+b UaykTObPsIvpvMzeEkKaYALAsjpIp2iMguJm0VwJxF/M/DYZavWMB4Y3+Z20pjxk06FO 02Hq7xHSCOpTrMg8TpzoW+IQUolvkCfTVgmHVD4W4mMAa6Uqhlj+jVPv6aP92O8OmlKP 5ZG4q/VQw7dJ0GIboti7pqcPJXWxDbSaoAKCzdXect2QaXP8PewBwRLeHZEN2scfZNUX bRPMi0kPaGwGetHrr7Tkm0CaHOfYIKbD9ttpoPywV9QYQSol9v5WFrPIR7jzhonVA4tv zd8g== X-Gm-Message-State: AOJu0Yyja/s18DDRf4I3iUtk2k/wgmCoQLSearTNgn/CIBLqoNcIH/dA f5R2Q8VUcLtLrwUCEA2l0CwpkJj46QrCWeWEIjCkeoeWUIJBthxOu73hXyMTjbewF2yURmDnq2+ I5w== X-Google-Smtp-Source: AGHT+IFpJtOTBtEH30kjlV9qshasFJ6VZRx9xb8RK+RSnnYf1AYHxgBz5mEyM5mVxSvYniQwjkKBo72C8w== X-Received: from pjh5.prod.google.com ([2002:a17:90b:3f85:b0:325:7c49:9cce]) (user=sagis job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:2ecc:b0:329:e3dc:db6c with SMTP id 98e67ed59e1d1-329e3dcdc0bmr11848843a91.23.1756968935487; Wed, 03 Sep 2025 23:55:35 -0700 (PDT) Date: Wed, 3 Sep 2025 23:54:51 -0700 In-Reply-To: <20250904065453.639610-1-sagis@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250904065453.639610-1-sagis@google.com> X-Mailer: git-send-email 2.51.0.338.gd7d06c2dae-goog Message-ID: <20250904065453.639610-22-sagis@google.com> Subject: [PATCH v10 21/21] KVM: selftests: Add TDX lifecycle test From: Sagi Shahar To: linux-kselftest@vger.kernel.org, Paolo Bonzini , Shuah Khan , Sean Christopherson , Ackerley Tng , Ryan Afranji , Andrew Jones , Isaku Yamahata , Erdem Aktas , Rick Edgecombe , Sagi Shahar , Roger Wang , Binbin Wu , Oliver Upton , "Pratik R. Sampat" , Reinette Chatre , Ira Weiny , Chao Gao , Chenyi Qiang Cc: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Adding a test to verify TDX lifecycle by creating a simple TD. Signed-off-by: Sagi Shahar --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/include/x86/tdx/tdx_util.h | 10 ++++++ .../selftests/kvm/lib/x86/tdx/tdx_util.c | 18 +++++++++++ tools/testing/selftests/kvm/x86/tdx_vm_test.c | 31 +++++++++++++++++++ 4 files changed, 60 insertions(+) create mode 100644 tools/testing/selftests/kvm/x86/tdx_vm_test.c diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selft= ests/kvm/Makefile.kvm index 1a73e08c8437..1a76e9fa45d6 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -155,6 +155,7 @@ TEST_GEN_PROGS_x86 +=3D rseq_test TEST_GEN_PROGS_x86 +=3D steal_time TEST_GEN_PROGS_x86 +=3D system_counter_offset_test TEST_GEN_PROGS_x86 +=3D pre_fault_memory_test +TEST_GEN_PROGS_x86 +=3D x86/tdx_vm_test =20 # Compiled outputs used by test targets TEST_GEN_PROGS_EXTENDED_x86 +=3D x86/nx_huge_pages_test diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools= /testing/selftests/kvm/include/x86/tdx/tdx_util.h index 2467b6c35557..775ca249f74d 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -11,6 +11,14 @@ static inline bool is_tdx_vm(struct kvm_vm *vm) return vm->type =3D=3D KVM_X86_TDX_VM; } =20 +/* + * Verify that TDX is supported by KVM. + */ +static inline bool is_tdx_enabled(void) +{ + return !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_TDX_VM)); +} + /* * TDX ioctls */ @@ -72,5 +80,7 @@ void vm_tdx_load_vcpu_boot_parameters(struct kvm_vm *vm, = struct kvm_vcpu *vcpu); void vm_tdx_set_vcpu_entry_point(struct kvm_vcpu *vcpu, void *guest_code); =20 void vm_tdx_finalize(struct kvm_vm *vm); +struct kvm_vm *vm_tdx_create_with_one_vcpu(void *guest_code, + struct kvm_vcpu **vcpu); =20 #endif // SELFTESTS_TDX_TDX_UTIL_H diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/tes= ting/selftests/kvm/lib/x86/tdx/tdx_util.c index d5df2de81a75..a2764f5d687c 100644 --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -334,3 +334,21 @@ void vm_tdx_finalize(struct kvm_vm *vm) load_td_private_memory(vm); vm_tdx_vm_ioctl(vm, KVM_TDX_FINALIZE_VM, 0, NULL); } + +struct kvm_vm *vm_tdx_create_with_one_vcpu(void *guest_code, + struct kvm_vcpu **vcpu) +{ + struct vm_shape shape =3D { + .mode =3D VM_MODE_DEFAULT, + .type =3D KVM_X86_TDX_VM, + }; + struct kvm_vm *vm; + struct kvm_vcpu *vcpus[1]; + + vm =3D __vm_create_with_vcpus(shape, 1, 0, guest_code, vcpus); + *vcpu =3D vcpus[0]; + + vm_tdx_finalize(vm); + + return vm; +} diff --git a/tools/testing/selftests/kvm/x86/tdx_vm_test.c b/tools/testing/= selftests/kvm/x86/tdx_vm_test.c new file mode 100644 index 000000000000..a9ee489eea1a --- /dev/null +++ b/tools/testing/selftests/kvm/x86/tdx_vm_test.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include "kvm_util.h" +#include "tdx/tdx_util.h" +#include "ucall_common.h" +#include "kselftest_harness.h" + +static void guest_code_lifecycle(void) +{ + GUEST_DONE(); +} + +TEST(verify_td_lifecycle) +{ + struct kvm_vcpu *vcpu; + struct kvm_vm *vm; + struct ucall uc; + + vm =3D vm_tdx_create_with_one_vcpu(guest_code_lifecycle, &vcpu); + + vcpu_run(vcpu); + TEST_ASSERT_EQ(get_ucall(vcpu, &uc), UCALL_DONE); + + kvm_vm_free(vm); +} + +int main(int argc, char **argv) +{ + TEST_REQUIRE(is_tdx_enabled()); + return test_harness_run(argc, argv); +} --=20 2.51.0.338.gd7d06c2dae-goog