Re: [PATCH v11 02/20] x86/virt/tdx: Detect TDX during kernel boot

From: Isaku Yamahata
Date: Tue Jun 06 2023 - 19:44:16 EST

Next message: Isaku Yamahata: "Re: [PATCH v11 05/20] x86/virt/tdx: Add SEAMCALL infrastructure"
Previous message: Sean Christopherson: "Re: [PATCH] x86/fpu/xstate: clear XSAVE features if DISABLED_MASK set"
In reply to: Huang, Kai: "Re: [PATCH v11 02/20] x86/virt/tdx: Detect TDX during kernel boot"
Next in thread: Kai Huang: "[PATCH v11 03/20] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jun 05, 2023 at 02:27:15AM +1200,
Kai Huang <kai.huang@xxxxxxxxx> wrote:
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> new file mode 100644
> index 000000000000..2d91e7120c90
> --- /dev/null
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -0,0 +1,92 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Copyright(c) 2023 Intel Corporation.
> + *
> + * Intel Trusted Domain Extensions (TDX) support
> + */
> +
> +#define pr_fmt(fmt) "tdx: " fmt
> +
> +#include <linux/types.h>
> +#include <linux/cache.h>
> +#include <linux/init.h>
> +#include <linux/errno.h>
> +#include <linux/printk.h>
> +#include <asm/msr-index.h>
> +#include <asm/msr.h>
> +#include <asm/tdx.h>
> +
> +static u32 tdx_global_keyid __ro_after_init;
> +static u32 tdx_guest_keyid_start __ro_after_init;
> +static u32 tdx_nr_guest_keyids __ro_after_init;
> +
> +static int __init record_keyid_partitioning(u32 *tdx_keyid_start,
> + u32 *nr_tdx_keyids)
> +{
> + u32 _nr_mktme_keyids, _tdx_keyid_start, _nr_tdx_keyids;
> + int ret;
> +
> + /*
> + * IA32_MKTME_KEYID_PARTIONING:
> + * Bit [31:0]: Number of MKTME KeyIDs.
> + * Bit [63:32]: Number of TDX private KeyIDs.
> + */
> + ret = rdmsr_safe(MSR_IA32_MKTME_KEYID_PARTITIONING, &_nr_mktme_keyids,
> + &_nr_tdx_keyids);
> + if (ret)
> + return -ENODEV;
> +
> + if (!_nr_tdx_keyids)
> + return -ENODEV;
> +
> + /* TDX KeyIDs start after the last MKTME KeyID. */
> + _tdx_keyid_start = _nr_mktme_keyids + 1;
> +
> + *tdx_keyid_start = _tdx_keyid_start;
> + *nr_tdx_keyids = _nr_tdx_keyids;
> +
> + return 0;
> +}
> +
> +static int __init tdx_init(void)
> +{
> + u32 tdx_keyid_start, nr_tdx_keyids;
> + int err;
> +
> + err = record_keyid_partitioning(&tdx_keyid_start, &nr_tdx_keyids);
> + if (err)
> + return err;
> +
> + pr_info("BIOS enabled: private KeyID range [%u, %u)\n",
> + tdx_keyid_start, tdx_keyid_start + nr_tdx_keyids);
> +
> + /*
> + * The TDX module itself requires one 'global KeyID' to protect
> + * its metadata. If there's only one TDX KeyID, there won't be
> + * any left for TDX guests thus there's no point to enable TDX
> + * at all.
> + */
> + if (nr_tdx_keyids < 2) {
> + pr_info("initialization failed: too few private KeyIDs available.\n");

Because this case is against the admin expectation, pr_warn() or pr_err()?
Except that, looks good to me
Reviewed-by: Isaku Yamahata <isaku.yamahata@xxxxxxxxx>
--
Isaku Yamahata <isaku.yamahata@xxxxxxxxx>

Next message: Isaku Yamahata: "Re: [PATCH v11 05/20] x86/virt/tdx: Add SEAMCALL infrastructure"
Previous message: Sean Christopherson: "Re: [PATCH] x86/fpu/xstate: clear XSAVE features if DISABLED_MASK set"
In reply to: Huang, Kai: "Re: [PATCH v11 02/20] x86/virt/tdx: Detect TDX during kernel boot"
Next in thread: Kai Huang: "[PATCH v11 03/20] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]