Commit 75d090fd authored by Kirill A. Shutemov's avatar Kirill A. Shutemov Committed by Borislav Petkov (AMD)
Browse files

x86/tdx: Add unaccepted memory support 



Hookup TDX-specific code to accept memory.

Accepting the memory is done with ACCEPT_PAGE module call on every page
in the range. MAP_GPA hypercall is not required as the unaccepted memory
is considered private already.

Extract the part of tdx_enc_status_changed() that does memory acceptance
in a new helper. Move the helper tdx-shared.c. It is going to be used by
both main kernel and decompressor.

  [ bp: Fix the INTEL_TDX_GUEST=y, KVM_GUEST=n build. ]

Signed-off-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20230606142637.5171-10-kirill.shutemov@linux.intel.com
parent c2b353ae

arch/x86/Kconfig

+2 −0
Original line number Diff line number Diff line
@@ -884,9 +884,11 @@ config INTEL_TDX_GUEST 
	bool "Intel TDX (Trust Domain Extensions) - Guest Support"

	depends on X86_64 && CPU_SUP_INTEL

	depends on X86_X2APIC

	depends on EFI_STUB

	select ARCH_HAS_CC_PLATFORM

	select X86_MEM_ENCRYPT

	select X86_MCE

	select UNACCEPTED_MEMORY

	help

	  Support running as a guest under Intel TDX.  Without this support,

	  the guest kernel can not boot or run under TDX.

arch/x86/boot/compressed/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -106,7 +106,7 @@ ifdef CONFIG_X86_64 
endif



vmlinux-objs-$(CONFIG_ACPI) += $(obj)/acpi.o

vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o

vmlinux-objs-$(CONFIG_INTEL_TDX_GUEST) += $(obj)/tdx.o $(obj)/tdcall.o $(obj)/tdx-shared.o

vmlinux-objs-$(CONFIG_UNACCEPTED_MEMORY) += $(obj)/mem.o



vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o

arch/x86/boot/compressed/error.c

+19 −0
Original line number Diff line number Diff line
@@ -22,3 +22,22 @@ void error(char *m) 
	while (1)

		asm("hlt");

}



/* EFI libstub  provides vsnprintf() */

#ifdef CONFIG_EFI_STUB

void panic(const char *fmt, ...)

{

	static char buf[1024];

	va_list args;

	int len;



	va_start(args, fmt);

	len = vsnprintf(buf, sizeof(buf), fmt, args);

	va_end(args);



	if (len && buf[len - 1] == '\n')

		buf[len - 1] = '\0';



	error(buf);

}

#endif

arch/x86/boot/compressed/error.h

+1 −0
Original line number Diff line number Diff line
@@ -6,5 +6,6 @@ 


void warn(char *m);

void error(char *m) __noreturn;

void panic(const char *fmt, ...) __noreturn __cold;



#endif /* BOOT_COMPRESSED_ERROR_H */

arch/x86/boot/compressed/mem.c

+34 −1
Original line number Diff line number Diff line
@@ -2,11 +2,44 @@ 


#include "error.h"

#include "misc.h"

#include "tdx.h"

#include <asm/shared/tdx.h>



/*

 * accept_memory() and process_unaccepted_memory() called from EFI stub which

 * runs before decompresser and its early_tdx_detect().

 *

 * Enumerate TDX directly from the early users.

 */

static bool early_is_tdx_guest(void)

{

	static bool once;

	static bool is_tdx;



	if (!IS_ENABLED(CONFIG_INTEL_TDX_GUEST))

		return false;



	if (!once) {

		u32 eax, sig[3];



		cpuid_count(TDX_CPUID_LEAF_ID, 0, &eax,

			    &sig[0], &sig[2],  &sig[1]);

		is_tdx = !memcmp(TDX_IDENT, sig, sizeof(sig));

		once = true;

	}



	return is_tdx;

}



void arch_accept_memory(phys_addr_t start, phys_addr_t end)

{

	/* Platform-specific memory-acceptance call goes here */

	error("Cannot accept memory");

	if (early_is_tdx_guest()) {

		if (!tdx_accept_memory(start, end))

			panic("TDX: Failed to accept memory\n");

	} else {

		error("Cannot accept memory: unknown platform\n");

	}

}



bool init_unaccepted_memory(void)