Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Linux>
  3. Kernel
[PATCH v3 03/11] x86/cpufeatures: Add TDX Guest CPU feature
sathyanarayanan.kuppuswamy at linux
Jun 18, 2021, 4:15 PM
Post #1 of 6 (16 views)
Permalink
Add CPU feature detection for Trusted Domain Extensions support. TDX
feature adds capabilities to keep guest register state and memory
isolated from hypervisor.

For TDX guest platforms, executing CPUID(eax=0x21, ecx=0) will return
following values in EAX, EBX, ECX and EDX.

EAX: Maximum sub-leaf number: 0
EBX/EDX/ECX: Vendor string:

EBX = "Inte"
EDX = "lTDX"
ECX = " "

So when above condition is true, set X86_FEATURE_TDX_GUEST feature cap
bit.

Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
---

Changes since v2:
* Fixed debug prints as per Borislav suggestion.

Changes since v1:
* Fixed commit log issues reported by Borislav.
* Moved header file include to the start of tdx.h.
* Added pr_fmt for TDX.
* Simplified cpuid_has_tdx_guest() implementation as per
Borislav comments.

arch/x86/include/asm/cpufeatures.h | 1 +
arch/x86/include/asm/tdx.h | 20 ++++++++++++++++++++
arch/x86/kernel/Makefile | 1 +
arch/x86/kernel/head64.c | 3 +++
arch/x86/kernel/tdx.c | 29 +++++++++++++++++++++++++++++
5 files changed, 54 insertions(+)
create mode 100644 arch/x86/include/asm/tdx.h
create mode 100644 arch/x86/kernel/tdx.c

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index ac37830ae941..dddc3a27cc8a 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -238,6 +238,7 @@
#define X86_FEATURE_VMW_VMMCALL ( 8*32+19) /* "" VMware prefers VMMCALL hypercall instruction */
#define X86_FEATURE_PVUNLOCK ( 8*32+20) /* "" PV unlock function */
#define X86_FEATURE_VCPUPREEMPT ( 8*32+21) /* "" PV vcpu_is_preempted function */
+#define X86_FEATURE_TDX_GUEST ( 8*32+22) /* Trusted Domain Extensions Guest */

/* Intel-defined CPU features, CPUID level 0x00000007:0 (EBX), word 9 */
#define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* RDFSBASE, WRFSBASE, RDGSBASE, WRGSBASE instructions*/
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
new file mode 100644
index 000000000000..c738bde944d1
--- /dev/null
+++ b/arch/x86/include/asm/tdx.h
@@ -0,0 +1,20 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* Copyright (C) 2020 Intel Corporation */
+#ifndef _ASM_X86_TDX_H
+#define _ASM_X86_TDX_H
+
+#include <linux/cpufeature.h>
+
+#define TDX_CPUID_LEAF_ID 0x21
+
+#ifdef CONFIG_INTEL_TDX_GUEST
+
+void __init tdx_early_init(void);
+
+#else
+
+static inline void tdx_early_init(void) { };
+
+#endif /* CONFIG_INTEL_TDX_GUEST */
+
+#endif /* _ASM_X86_TDX_H */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index 0f66682ac02a..af09ce93a641 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -126,6 +126,7 @@ obj-$(CONFIG_PARAVIRT_CLOCK) += pvclock.o
obj-$(CONFIG_X86_PMEM_LEGACY_DEVICE) += pmem.o

obj-$(CONFIG_JAILHOUSE_GUEST) += jailhouse.o
+obj-$(CONFIG_INTEL_TDX_GUEST) += tdx.o

obj-$(CONFIG_EISA) += eisa.o
obj-$(CONFIG_PCSPKR_PLATFORM) += pcspeaker.o
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
index de01903c3735..d1a4942ae160 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -40,6 +40,7 @@
#include <asm/extable.h>
#include <asm/trapnr.h>
#include <asm/sev.h>
+#include <asm/tdx.h>

/*
* Manage page tables very early on.
@@ -491,6 +492,8 @@ asmlinkage __visible void __init x86_64_start_kernel(char * real_mode_data)

kasan_early_init();

+ tdx_early_init();
+
idt_setup_early_handler();

copy_bootdata(__va(real_mode_data));
diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c
new file mode 100644
index 000000000000..b1492e076168
--- /dev/null
+++ b/arch/x86/kernel/tdx.c
@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: GPL-2.0
+/* Copyright (C) 2020 Intel Corporation */
+
+#undef pr_fmt
+#define pr_fmt(fmt) "x86/tdx: " fmt
+
+#include <asm/tdx.h>
+
+static inline bool cpuid_has_tdx_guest(void)
+{
+ u32 eax, sig[3];
+
+ if (cpuid_eax(0) < TDX_CPUID_LEAF_ID)
+ return false;
+
+ cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &sig[0], &sig[1], &sig[2]);
+
+ return !memcmp("IntelTDX ", sig, 12);
+}
+
+void __init tdx_early_init(void)
+{
+ if (!cpuid_has_tdx_guest())
+ return;
+
+ setup_force_cpu_cap(X86_FEATURE_TDX_GUEST);
+
+ pr_info("Guest initialized\n");
+}
--
2.25.1
Re: [PATCH v3 03/11] x86/cpufeatures: Add TDX Guest CPU feature [ In reply to ]
bp at alien8
Jun 18, 2021, 6:15 PM
Post #2 of 6 (16 views)
Permalink
On Fri, Jun 18, 2021 at 03:57:47PM -0700, Kuppuswamy Sathyanarayanan wrote:
> Add CPU feature detection for Trusted Domain Extensions support. TDX
> feature adds capabilities to keep guest register state and memory
> isolated from hypervisor.
>
> For TDX guest platforms, executing CPUID(eax=0x21, ecx=0) will return
> following values in EAX, EBX, ECX and EDX.
>
> EAX: Maximum sub-leaf number: 0
> EBX/EDX/ECX: Vendor string:
>
> EBX = "Inte"
> EDX = "lTDX"
> ECX = " "
>
> So when above condition is true, set X86_FEATURE_TDX_GUEST feature cap
> bit.
>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> Reviewed-by: Andi Kleen <ak@linux.intel.com>
> Reviewed-by: Tony Luck <tony.luck@intel.com>
> ---
>
> Changes since v2:
> * Fixed debug prints as per Borislav suggestion.
>
> Changes since v1:
> * Fixed commit log issues reported by Borislav.
> * Moved header file include to the start of tdx.h.
> * Added pr_fmt for TDX.
> * Simplified cpuid_has_tdx_guest() implementation as per
> Borislav comments.

From Documentation/process/submitting-patches.rst:

"Both Tested-by and Reviewed-by tags, once received on mailing list from tester
or reviewer, should be added by author to the applicable patches when sending
next versions. However if the patch has changed substantially in following
version, these tags might not be applicable anymore and thus should be removed.
Usually removal of someone's Tested-by or Reviewed-by tags should be mentioned
in the patch changelog (after the '---' separator)."

IOW, for the next revisions of your patchsets, you should drop
Reviewed-by: tags on patches when they've changed more than trivially
because otherwise those tags have no meaning at all.

Also, please take the time to peruse the above document on the kernel
process while waiting.

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette
Re: [PATCH v3 03/11] x86/cpufeatures: Add TDX Guest CPU feature [ In reply to ]
sathyanarayanan.kuppuswamy at linux
Jun 18, 2021, 6:15 PM
Post #3 of 6 (16 views)
Permalink
On 6/18/21 4:39 PM, Borislav Petkov wrote:
> From Documentation/process/submitting-patches.rst:
>
> "Both Tested-by and Reviewed-by tags, once received on mailing list from tester
> or reviewer, should be added by author to the applicable patches when sending
> next versions. However if the patch has changed substantially in following
> version, these tags might not be applicable anymore and thus should be removed.
> Usually removal of someone's Tested-by or Reviewed-by tags should be mentioned
> in the patch changelog (after the '---' separator)."
>
> IOW, for the next revisions of your patchsets, you should drop
> Reviewed-by: tags on patches when they've changed more than trivially
> because otherwise those tags have no meaning at all.
>
> Also, please take the time to peruse the above document on the kernel
> process while waiting.

I will make sure to remove the Reviewed-by/Tested-by tags for the changed patches
in the next submission. But, IMO, changes made in this patch is minimal. Nothing
changed functionally. So, do we still need to remove the tags for this patch?

--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer
Re: [PATCH v3 03/11] x86/cpufeatures: Add TDX Guest CPU feature [ In reply to ]
bp at alien8
Jun 19, 2021, 12:15 AM
Post #4 of 6 (16 views)
Permalink
On Fri, Jun 18, 2021 at 05:13:39PM -0700, Kuppuswamy, Sathyanarayanan wrote:
> On 6/18/21 4:39 PM, Borislav Petkov wrote:
> > From Documentation/process/submitting-patches.rst:
> >
> > "Both Tested-by and Reviewed-by tags, once received on mailing list from tester
> > or reviewer, should be added by author to the applicable patches when sending
> > next versions. However if the patch has changed substantially in following
> > version, these tags might not be applicable anymore and thus should be removed.
> > Usually removal of someone's Tested-by or Reviewed-by tags should be mentioned
> > in the patch changelog (after the '---' separator)."
> >
> > IOW, for the next revisions of your patchsets, you should drop
> > Reviewed-by: tags on patches when they've changed more than trivially
> > because otherwise those tags have no meaning at all.
> >
> > Also, please take the time to peruse the above document on the kernel
> > process while waiting.
>
> I will make sure to remove the Reviewed-by/Tested-by tags for the changed patches
> in the next submission. But, IMO, changes made in this patch is minimal. Nothing
> changed functionally. So, do we still need to remove the tags for this patch?

My note was more of a general reminder: "for the next revisions of
your patchsets" above. I simply replied to the first mail with a patch
changelog.

Also, maybe our documentation text is not really clear. It says "changed
substantially", you understood that as "changed functionally" and I've
seen people complain about smaller things. But ok, let's agree on
functional changes here.

Thx.

--
Regards/Gruss,
Boris.

https://people.kernel.org/tglx/notes-about-netiquette
Re: [PATCH v3 03/11] x86/cpufeatures: Add TDX Guest CPU feature [ In reply to ]
xiaoyao.li at intel
Jul 15, 2021, 6:15 AM
Post #5 of 6 (16 views)
Permalink
On 6/19/2021 6:57 AM, Kuppuswamy Sathyanarayanan wrote:
> Add CPU feature detection for Trusted Domain Extensions support. TDX
> feature adds capabilities to keep guest register state and memory
> isolated from hypervisor.
>
> For TDX guest platforms, executing CPUID(eax=0x21, ecx=0) will return
> following values in EAX, EBX, ECX and EDX.
>
> EAX: Maximum sub-leaf number: 0
> EBX/EDX/ECX: Vendor string:
>
> EBX = "Inte"
> EDX = "lTDX"
> ECX = " "
>
> So when above condition is true, set X86_FEATURE_TDX_GUEST feature cap
> bit.
>

...

> +static inline bool cpuid_has_tdx_guest(void)
> +{
> + u32 eax, sig[3];
> +
> + if (cpuid_eax(0) < TDX_CPUID_LEAF_ID)
> + return false;
> +
> + cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &sig[0], &sig[1], &sig[2]);

As change log describes, EBX + EDX + ECX is "IntelTDX ", not EBX +
ECX + EDX. So it should be

cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &sig[0], &sig[2], &sig[1]);

Please also correct early_cpuid_has_tdx_guest()

> +
> + return !memcmp("IntelTDX ", sig, 12);
> +}
> +
> +void __init tdx_early_init(void)
> +{
> + if (!cpuid_has_tdx_guest())
> + return;
> +
> + setup_force_cpu_cap(X86_FEATURE_TDX_GUEST);
> +
> + pr_info("Guest initialized\n");
> +}
>
Re: [PATCH v3 03/11] x86/cpufeatures: Add TDX Guest CPU feature [ In reply to ]
sathyanarayanan.kuppuswamy at linux
Jul 18, 2021, 10:15 PM
Post #6 of 6 (16 views)
Permalink
On 7/15/21 4:56 AM, Xiaoyao Li wrote:
>>
>
> As change log describes, EBX + EDX + ECX is "IntelTDX    ", not EBX + ECX + EDX. So it should be
>
>     cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax, &sig[0], &sig[2], &sig[1]);
>
> Please also correct early_cpuid_has_tdx_guest()

Good catch. I will fix this in next submission.

--
Sathyanarayanan Kuppuswamy
Linux Kernel Developer

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal