| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Nov 2022 13:26:38 +1300
From: Kai Huang <kai.huang@...el.com>
To: linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: linux-mm@...ck.org, seanjc@...gle.com, pbonzini@...hat.com,
dave.hansen@...el.com, dan.j.williams@...el.com,
rafael.j.wysocki@...el.com, kirill.shutemov@...ux.intel.com,
ying.huang@...el.com, reinette.chatre@...el.com,
len.brown@...el.com, tony.luck@...el.com, peterz@...radead.org,
ak@...ux.intel.com, isaku.yamahata@...el.com, chao.gao@...el.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, bagasdotme@...il.com,
sagis@...gle.com, imammedo@...hat.com, kai.huang@...el.com
Subject: [PATCH v7 16/20] x86/virt/tdx: Configure TDX module with TDMRs and global KeyID
After the TDX-usable memory regions are constructed in an array of TDMRs
and the global KeyID is reserved, configure them to the TDX module using
TDH.SYS.CONFIG SEAMCALL. TDH.SYS.CONFIG can only be called once and can
be done on any logical cpu.
Reviewed-by: Isaku Yamahata <isaku.yamahata@...el.com>
Signed-off-by: Kai Huang <kai.huang@...el.com>
---
arch/x86/virt/vmx/tdx/tdx.c | 37 +++++++++++++++++++++++++++++++++++++
arch/x86/virt/vmx/tdx/tdx.h | 2 ++
2 files changed, 39 insertions(+)
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index e2cbeeb7f0dc..3a032930e58a 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -979,6 +979,37 @@ static int construct_tdmrs(struct tdmr_info *tdmr_array, int *tdmr_num)
return ret;
}
+static int config_tdx_module(struct tdmr_info *tdmr_array, int tdmr_num,
+ u64 global_keyid)
+{
+ u64 *tdmr_pa_array;
+ int i, array_sz;
+ u64 ret;
+
+ /*
+ * TDMR_INFO entries are configured to the TDX module via an
+ * array of the physical address of each TDMR_INFO. TDX module
+ * requires the array itself to be 512-byte aligned. Round up
+ * the array size to 512-byte aligned so the buffer allocated
+ * by kzalloc() will meet the alignment requirement.
+ */
+ array_sz = ALIGN(tdmr_num * sizeof(u64), TDMR_INFO_PA_ARRAY_ALIGNMENT);
+ tdmr_pa_array = kzalloc(array_sz, GFP_KERNEL);
+ if (!tdmr_pa_array)
+ return -ENOMEM;
+
+ for (i = 0; i < tdmr_num; i++)
+ tdmr_pa_array[i] = __pa(tdmr_array_entry(tdmr_array, i));
+
+ ret = seamcall(TDH_SYS_CONFIG, __pa(tdmr_pa_array), tdmr_num,
+ global_keyid, 0, NULL, NULL);
+
+ /* Free the array as it is not required anymore. */
+ kfree(tdmr_pa_array);
+
+ return ret;
+}
+
/*
* Detect and initialize the TDX module.
*
@@ -1062,11 +1093,17 @@ static int init_tdx_module(void)
*/
tdx_global_keyid = tdx_keyid_start;
+ /* Pass the TDMRs and the global KeyID to the TDX module */
+ ret = config_tdx_module(tdmr_array, tdmr_num, tdx_global_keyid);
+ if (ret)
+ goto out_free_pamts;
+
/*
* Return -EINVAL until all steps of TDX module initialization
* process are done.
*/
ret = -EINVAL;
+out_free_pamts:
if (ret)
tdmrs_free_pamt_all(tdmr_array, tdmr_num);
else
diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h
index a737f2b51474..c26bab2555ca 100644
--- a/arch/x86/virt/vmx/tdx/tdx.h
+++ b/arch/x86/virt/vmx/tdx/tdx.h
@@ -19,6 +19,7 @@
#define TDH_SYS_INIT 33
#define TDH_SYS_LP_INIT 35
#define TDH_SYS_LP_SHUTDOWN 44
+#define TDH_SYS_CONFIG 45
struct cmr_info {
u64 base;
@@ -86,6 +87,7 @@ struct tdmr_reserved_area {
} __packed;
#define TDMR_INFO_ALIGNMENT 512
+#define TDMR_INFO_PA_ARRAY_ALIGNMENT 512
struct tdmr_info {
u64 base;
--
2.38.1
Powered by blists - more mailing lists