From: Sagi Shahar <[email protected]> Add tdx_init_vm() to handle the mandatory VM-level initialization sequence required for Intel TDX.
For TDX, the guest's CPUID configuration must be "sealed" during KVM_TDX_INIT_VM before any vCPUs are created. This is necessary because the TDX hardware directly virtualizes CPUID and includes the configuration in the guest's initial security measurement. The helper calculates the required CPUID values by filtering the host- supported bits (kvm_get_supported_cpuid) against the "directly configurable" bits reported by KVM_TDX_CAPABILITIES, ensuring compliance with the strict requirements of the TDH.MNG.INIT SEAMCALL. Co-developed-by: Isaku Yamahata <[email protected]> Signed-off-by: Isaku Yamahata <[email protected]> Co-developed-by: Rick Edgecombe <[email protected]> Signed-off-by: Rick Edgecombe <[email protected]> Signed-off-by: Sagi Shahar <[email protected]> Reviewed-by: Ira Weiny <[email protected]> Signed-off-by: Lisa Wang <[email protected]> --- .../selftests/kvm/include/x86/tdx/tdx_util.h | 30 +++++ tools/testing/selftests/kvm/lib/x86/processor.c | 3 + tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c | 137 +++++++++++++++++++++ 3 files changed, 170 insertions(+) diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h index f647e6ca6b34..48d4bd36c35b 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -11,4 +11,34 @@ static inline bool is_tdx_vm(struct kvm_vm *vm) return vm->type == KVM_X86_TDX_VM; } +/* + * TDX ioctls + * Use underscores to avoid collisions with struct member names. + */ +#define __tdx_vm_ioctl(vm, cmd, _flags, arg) \ +({ \ + int r; \ + \ + union { \ + struct kvm_tdx_cmd c; \ + unsigned long raw; \ + } tdx_cmd = { .c = { \ + .id = (cmd), \ + .flags = (u32)(_flags), \ + .data = (u64)(arg), \ + } }; \ + \ + r = __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_OP, &tdx_cmd.raw); \ + r ?: tdx_cmd.c.hw_error; \ +}) + +#define tdx_vm_ioctl(vm, cmd, flags, arg) \ +({ \ + int ret = __tdx_vm_ioctl(vm, cmd, flags, arg); \ + \ + __TEST_ASSERT_VM_VCPU_IOCTL(!ret, #cmd, ret, vm); \ +}) + +void tdx_init_vm(struct kvm_vm *vm, u64 attributes); + #endif /* SELFTESTS_TDX_TDX_UTIL_H */ diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testing/selftests/kvm/lib/x86/processor.c index b68ad1dc7e02..8d06e7186df1 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -802,6 +802,9 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm, unsigned int nr_vcpus) vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); } + if (is_tdx_vm(vm)) + tdx_init_vm(vm, 0); + r = __vm_ioctl(vm, KVM_GET_TSC_KHZ, NULL); TEST_ASSERT(r > 0, "KVM_GET_TSC_KHZ did not provide a valid TSC frequency."); guest_tsc_khz = r; diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c new file mode 100644 index 000000000000..868ff62e22f2 --- /dev/null +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -0,0 +1,137 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include "kvm_util.h" +#include "processor.h" +#include "tdx/tdx_util.h" + +static struct kvm_tdx_capabilities *tdx_read_capabilities(struct kvm_vm *vm) +{ + struct kvm_tdx_capabilities *tdx_cap = NULL; + int nr_cpuid_configs = 4; + int rc = -1; + int i; + + do { + nr_cpuid_configs *= 2; + + tdx_cap = realloc(tdx_cap, sizeof(*tdx_cap) + + sizeof(tdx_cap->cpuid) + + (sizeof(struct kvm_cpuid_entry2) * nr_cpuid_configs)); + TEST_ASSERT(tdx_cap, + "Could not allocate memory for tdx capability nr_cpuid_configs %d\n", + nr_cpuid_configs); + + tdx_cap->cpuid.nent = nr_cpuid_configs; + rc = __tdx_vm_ioctl(vm, KVM_TDX_CAPABILITIES, 0, tdx_cap); + } while (rc < 0 && errno == E2BIG); + + TEST_ASSERT(rc == 0, "KVM_TDX_CAPABILITIES failed: %d %d", + rc, errno); + + pr_debug("tdx_cap: supported_attrs: 0x%016llx\n" + "tdx_cap: supported_xfam 0x%016llx\n", + tdx_cap->supported_attrs, tdx_cap->supported_xfam); + + for (i = 0; i < tdx_cap->cpuid.nent; i++) { + const struct kvm_cpuid_entry2 *config = &tdx_cap->cpuid.entries[i]; + + pr_debug("cpuid config[%d]: leaf 0x%x sub_leaf 0x%x eax 0x%08x ebx 0x%08x ecx 0x%08x edx 0x%08x\n", + i, config->function, config->index, + config->eax, config->ebx, config->ecx, config->edx); + } + + return tdx_cap; +} + +static struct kvm_cpuid_entry2 *tdx_find_cpuid_config(struct kvm_tdx_capabilities *cap, + u32 leaf, u32 sub_leaf) +{ + struct kvm_cpuid_entry2 *config; + u32 i; + + for (i = 0; i < cap->cpuid.nent; i++) { + config = &cap->cpuid.entries[i]; + + if (config->function == leaf && config->index == sub_leaf) + return config; + } + + return NULL; +} + +/* + * Filter CPUID based on TDX supported capabilities + * + * Input Args: + * vm - Virtual Machine + * cpuid_data - CPUID fields to filter + * + * Output Args: None + * + * Return: None + * + * For each CPUID leaf, filter out non-supported bits based on the capabilities reported + * by the TDX module + */ +static void tdx_filter_cpuid(struct kvm_vm *vm, + struct kvm_cpuid2 *cpuid_data) +{ + struct kvm_tdx_capabilities *tdx_cap; + struct kvm_cpuid_entry2 *config; + struct kvm_cpuid_entry2 *e; + int i; + + tdx_cap = tdx_read_capabilities(vm); + + i = 0; + while (i < cpuid_data->nent) { + e = cpuid_data->entries + i; + config = tdx_find_cpuid_config(tdx_cap, e->function, e->index); + + if (!config) { + int left = cpuid_data->nent - i - 1; + + if (left > 0) + memmove(cpuid_data->entries + i, + cpuid_data->entries + i + 1, + sizeof(*cpuid_data->entries) * left); + cpuid_data->nent--; + continue; + } + + e->eax &= config->eax; + e->ebx &= config->ebx; + e->ecx &= config->ecx; + e->edx &= config->edx; + + i++; + } + + free(tdx_cap); +} + +void tdx_init_vm(struct kvm_vm *vm, u64 attributes) +{ + struct kvm_tdx_init_vm *init_vm; + const struct kvm_cpuid2 *tmp; + struct kvm_cpuid2 *cpuid; + + tmp = kvm_get_supported_cpuid(); + + cpuid = allocate_kvm_cpuid2(tmp->nent); + memcpy(cpuid, tmp, kvm_cpuid2_size(tmp->nent)); + tdx_filter_cpuid(vm, cpuid); + + init_vm = calloc(1, sizeof(*init_vm) + + sizeof(init_vm->cpuid.entries[0]) * cpuid->nent); + TEST_ASSERT(init_vm, "init_vm allocation failed"); + + memcpy(&init_vm->cpuid, cpuid, kvm_cpuid2_size(cpuid->nent)); + free(cpuid); + + init_vm->attributes = attributes; + + tdx_vm_ioctl(vm, KVM_TDX_INIT_VM, 0, init_vm); + + free(init_vm); +} -- 2.54.0.746.g67dd491aae-goog
