| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Feb 2022 15:13:04 +1300
From: Kai Huang <kai.huang@...el.com>
To: x86@...nel.org
Cc: tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...el.com, luto@...nel.org, kvm@...r.kernel.org,
pbonzini@...hat.com, seanjc@...gle.com, hpa@...or.com,
peterz@...radead.org, kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, tony.luck@...el.com,
ak@...ux.intel.com, dan.j.williams@...el.com,
chang.seok.bae@...el.com, keescook@...omium.org,
hengqi.arch@...edance.com, laijs@...ux.alibaba.com,
metze@...ba.org, linux-kernel@...r.kernel.org, kai.huang@...el.com
Subject: [RFC PATCH 16/21] x86/virt/tdx: Configure TDX module with TDMRs and global KeyID
After the TDX usable memory regions are constructed in an array of TDMRs
and the global KeyID is reserved, configure them to the TDX module. The
configuration is done via TDH.SYS.CONFIG, which is one call and can be
done on any logical cpu.
Signed-off-by: Kai Huang <kai.huang@...el.com>
---
arch/x86/virt/vmx/tdx.c | 42 +++++++++++++++++++++++++++++++++++++++++
arch/x86/virt/vmx/tdx.h | 2 ++
2 files changed, 44 insertions(+)
diff --git a/arch/x86/virt/vmx/tdx.c b/arch/x86/virt/vmx/tdx.c
index e6c54b2a1f6e..008628674a2f 100644
--- a/arch/x86/virt/vmx/tdx.c
+++ b/arch/x86/virt/vmx/tdx.c
@@ -1203,6 +1203,42 @@ static int construct_tdmrs(struct tdmr_info **tdmr_array, int *tdmr_num)
return ret;
}
+static int config_tdx_module(struct tdmr_info **tdmr_array, int tdmr_num,
+ u64 global_keyid)
+{
+ u64 *tdmr_pa_array;
+ int i, array_sz;
+ int ret;
+
+ /*
+ * TDMR_INFO entries are configured to the TDX module via an
+ * array of the physical address of each TDMR_INFO. TDX requires
+ * the array itself must be 512 aligned. Round up the array size
+ * to 512 aligned so the buffer allocated by kzalloc() meets the
+ * alignment requirement.
+ */
+ array_sz = ALIGN(tdmr_num * sizeof(u64), TDMR_INFO_PA_ARRAY_ALIGNMENT);
+ tdmr_pa_array = kzalloc(array_sz, GFP_KERNEL);
+ if (!tdmr_pa_array)
+ return -ENOMEM;
+
+ for (i = 0; i < tdmr_num; i++)
+ tdmr_pa_array[i] = __pa(tdmr_array[i]);
+
+ /*
+ * TDH.SYS.CONFIG fails when TDH.SYS.LP.INIT is not done on all
+ * BIOS-enabled cpus. tdx_init() only disables CPU hotplug but
+ * doesn't do early check whether all BIOS-enabled cpus are
+ * online, so TDH.SYS.CONFIG can fail here.
+ */
+ ret = seamcall(TDH_SYS_CONFIG, __pa(tdmr_pa_array), tdmr_num,
+ global_keyid, 0, NULL, NULL);
+ /* Free the array as it is not required any more. */
+ kfree(tdmr_pa_array);
+
+ return ret;
+}
+
static int init_tdx_module(void)
{
struct tdmr_info **tdmr_array;
@@ -1248,11 +1284,17 @@ static int init_tdx_module(void)
*/
tdx_global_keyid = tdx_keyid_start;
+ /* Config the TDX module with TDMRs and global KeyID */
+ ret = config_tdx_module(tdmr_array, tdmr_num, tdx_global_keyid);
+ if (ret)
+ goto out_free_pamts;
+
/*
* Return -EFAULT until all steps of TDX module
* initialization are done.
*/
ret = -EFAULT;
+out_free_pamts:
/*
* Free PAMTs allocated in construct_tdmrs() when TDX module
* initialization fails.
diff --git a/arch/x86/virt/vmx/tdx.h b/arch/x86/virt/vmx/tdx.h
index 05bf9fe6bd00..d8e2800397af 100644
--- a/arch/x86/virt/vmx/tdx.h
+++ b/arch/x86/virt/vmx/tdx.h
@@ -95,6 +95,7 @@ struct tdmr_reserved_area {
} __packed;
#define TDMR_INFO_ALIGNMENT 512
+#define TDMR_INFO_PA_ARRAY_ALIGNMENT 512
struct tdmr_info {
u64 base;
@@ -125,6 +126,7 @@ struct tdmr_info {
#define TDH_SYS_INIT 33
#define TDH_SYS_LP_INIT 35
#define TDH_SYS_LP_SHUTDOWN 44
+#define TDH_SYS_CONFIG 45
struct tdx_module_output;
u64 __seamcall(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9,
--
2.33.1
Powered by blists - more mailing lists