lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ecc9a68216a982452be4586d4160eeab6d7e27dd.1728903647.git.kai.huang@intel.com>
Date: Tue, 15 Oct 2024 00:31:50 +1300
From: Kai Huang <kai.huang@...el.com>
To: dave.hansen@...el.com,
	kirill.shutemov@...ux.intel.com,
	tglx@...utronix.de,
	bp@...en8.de,
	peterz@...radead.org,
	mingo@...hat.com,
	hpa@...or.com,
	dan.j.williams@...el.com,
	seanjc@...gle.com,
	pbonzini@...hat.com
Cc: x86@...nel.org,
	linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org,
	rick.p.edgecombe@...el.com,
	isaku.yamahata@...el.com,
	adrian.hunter@...el.com,
	nik.borisov@...e.com,
	kai.huang@...el.com
Subject: [PATCH v5 3/8] x86/virt/tdx: Prepare to support reading other global metadata fields

The TDX module provides a set of "Global Metadata Fields".  They report
things like TDX module version, supported features, and fields related
to create/run TDX guests and so on.  TDX supports 8/16/32/64 bits
metadata field element sizes.  For a given metadata field, the element
size is encoded in the metadata field ID.

For now the kernel only reads "TD Memory Region" (TDMR) related metadata
fields and they are all 16-bit.  Thus the kernel only has one primitive
__read_sys_metadata_field16() to read 16-bit metadata field and the
macro, read_sys_metadata_field16(), which does additional build-time
check of the field ID makes sure the field is indeed 16-bit.

Future changes will need to read more metadata fields with different
element sizes.  Rework the {__}read_sys_metadata_field16() primitives to
work with all 8/16/32/64 element sizes.

Note the new primitive __read_sys_metadata_field() takes 'void *buf' and
'int size' and explicitly uses memcpy() to copy the SEAMCALL returned
data (u64) to a pointer of u8/u16/u32/u64, instead of depending on the
compiler to know the size and copy.  But this is fine since the wrapper
read_sys_metadata_field(), which works with a pointer to u8/u16/32/u64,
passes the sizeof() to the __read_sys_metadata_field() internally.  And
it has BUILD_BUG_ON() to verify the metadata element size encoded in the
field ID indeed matches the size passed to __read_sys_metadata_field().

This ensures the users of read_sys_metadata_field() will never screw up.
Also add a comment to point out __read_sys_metadata_field() should not
be used directly.

Signed-off-by: Kai Huang <kai.huang@...el.com>
---

v4 -> v5:
 - Change back to what Dave suggested and update changelog:

   https://lore.kernel.org/lkml/408dee3f-a466-4746-92d3-adf54d35ec7c@intel.com/
   
v3 -> v4:
 - Change to use one primitive for each element size, similar to
   build_mmio_read() macro - Dan.
 - Rewrite changelog based on the new code.
 - "global metadata fields" -> "Global Metadata Fields" - Ardian.

v2 -> v3:
 - Rename read_sys_metadata_field() to tdh_sys_rd() so the former can be
   used as the high level wrapper.  Get rid of "stbuf_" prefix since
   people don't like it.
 
 - Rewrite after removing 'struct field_mapping' and reimplementing
   TD_SYSINFO_MAP().
 
---
 arch/x86/virt/vmx/tdx/tdx.c | 21 +++++++++++----------
 arch/x86/virt/vmx/tdx/tdx.h |  3 ++-
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index 2f7e4abc1bb9..d63efb2d50d1 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -250,7 +250,7 @@ static int build_tdx_memlist(struct list_head *tmb_list)
 	return ret;
 }
 
-static int read_sys_metadata_field(u64 field_id, u64 *data)
+static int tdh_sys_rd(u64 field_id, u64 *data)
 {
 	struct tdx_module_args args = {};
 	int ret;
@@ -270,25 +270,26 @@ static int read_sys_metadata_field(u64 field_id, u64 *data)
 	return 0;
 }
 
-static int __read_sys_metadata_field16(u64 field_id, u16 *val)
+/* Don't use this directly, but use read_sys_metadata_field() instead. */
+static int __read_sys_metadata_field(u64 field_id, void *val, int size)
 {
 	u64 tmp;
 	int ret;
 
-	ret = read_sys_metadata_field(field_id, &tmp);
+	ret = tdh_sys_rd(field_id, &tmp);
 	if (ret)
 		return ret;
 
-	*val = tmp;
+	memcpy(val, &tmp, size);
 
 	return 0;
 }
 
-#define read_sys_metadata_field16(_field_id, _val)		\
-({								\
-	BUILD_BUG_ON(MD_FIELD_ID_ELE_SIZE_CODE(_field_id) !=	\
-			MD_FIELD_ID_ELE_SIZE_16BIT);		\
-	__read_sys_metadata_field16(_field_id, _val);		\
+/* @_val must be a pointer to u8/u16/u32/u64 */
+#define read_sys_metadata_field(_field_id, _val)			\
+({									\
+	BUILD_BUG_ON(MD_FIELD_ELE_SIZE(_field_id) != sizeof(*(_val)));	\
+	__read_sys_metadata_field(_field_id, _val, sizeof(*(_val)));	\
 })
 
 static int get_tdx_sys_info_tdmr(struct tdx_sys_info_tdmr *sysinfo_tdmr)
@@ -296,7 +297,7 @@ static int get_tdx_sys_info_tdmr(struct tdx_sys_info_tdmr *sysinfo_tdmr)
 	int ret = 0;
 
 #define READ_SYS_INFO(_field_id, _member)				\
-	ret = ret ?: read_sys_metadata_field16(MD_FIELD_ID_##_field_id,	\
+	ret = ret ?: read_sys_metadata_field(MD_FIELD_ID_##_field_id,	\
 					&sysinfo_tdmr->_member)
 
 	READ_SYS_INFO(MAX_TDMRS,	     max_tdmrs);
diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h
index 148f9b4d1140..7a8204a05bf7 100644
--- a/arch/x86/virt/vmx/tdx/tdx.h
+++ b/arch/x86/virt/vmx/tdx/tdx.h
@@ -53,7 +53,8 @@
 #define MD_FIELD_ID_ELE_SIZE_CODE(_field_id)	\
 		(((_field_id) & GENMASK_ULL(33, 32)) >> 32)
 
-#define MD_FIELD_ID_ELE_SIZE_16BIT	1
+#define MD_FIELD_ELE_SIZE(_field_id)   \
+	(1 << MD_FIELD_ID_ELE_SIZE_CODE(_field_id))
 
 struct tdmr_reserved_area {
 	u64 offset;
-- 
2.46.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ