The first step of TDX Module updates is shutting down the current TDX Module. This step also packs state information that needs to be preserved across updates as handoff data, which will be consumed by the updated module. The handoff data is stored internally in the SEAM range and is hidden from the kernel. To ensure a successful update, the new module must be able to consume the handoff data generated by the old module. Since handoff data layout may change between modules, the handoff data is versioned. Each module has a native handoff version and provides backward support for several older versions. The complete handoff versioning protocol is complex as it supports both module upgrades and downgrades. See details in IntelĀ® Trust Domain Extensions (IntelĀ® TDX) Module Base Architecture Specification, Revision 348549-007, Chapter 4.5.3 "Handoff Versioning". Ideally, the kernel needs to retrieve the handoff versions supported by the current module and the new module and select a version supported by both. But, since the Linux kernel only supports module upgrades, simply request the current module to generate handoff data using its highest supported version, expecting that the new module will likely support it. Note that only one CPU needs to call the TDX Module's shutdown API. Signed-off-by: Chao Gao Reviewed-by: Tony Lindgren --- v4: - skip the whole handoff metadata if runtime updates are not supported [Yilun] v3: - remove autogeneration stuff in the changelog v2: - add a comment about how handoff version is chosen. - remove the first !ret in get_tdx_sys_info_handoff() as we edited the auto-generated code anyway - remove !! when determining whether a CPU is the primary one - remove unnecessary if-break nesting in TDP_SHUTDOWN --- arch/x86/include/asm/tdx_global_metadata.h | 5 +++++ arch/x86/virt/vmx/tdx/seamldr.c | 10 ++++++++++ arch/x86/virt/vmx/tdx/tdx.c | 15 +++++++++++++++ arch/x86/virt/vmx/tdx/tdx.h | 3 +++ arch/x86/virt/vmx/tdx/tdx_global_metadata.c | 15 +++++++++++++++ 5 files changed, 48 insertions(+) diff --git a/arch/x86/include/asm/tdx_global_metadata.h b/arch/x86/include/asm/tdx_global_metadata.h index 40689c8dc67e..8a9ebd895e70 100644 --- a/arch/x86/include/asm/tdx_global_metadata.h +++ b/arch/x86/include/asm/tdx_global_metadata.h @@ -40,12 +40,17 @@ struct tdx_sys_info_td_conf { u64 cpuid_config_values[128][2]; }; +struct tdx_sys_info_handoff { + u16 module_hv; +}; + struct tdx_sys_info { struct tdx_sys_info_version version; struct tdx_sys_info_features features; struct tdx_sys_info_tdmr tdmr; struct tdx_sys_info_td_ctrl td_ctrl; struct tdx_sys_info_td_conf td_conf; + struct tdx_sys_info_handoff handoff; }; #endif diff --git a/arch/x86/virt/vmx/tdx/seamldr.c b/arch/x86/virt/vmx/tdx/seamldr.c index 70bc577e5957..c59cdd5b1fe4 100644 --- a/arch/x86/virt/vmx/tdx/seamldr.c +++ b/arch/x86/virt/vmx/tdx/seamldr.c @@ -18,6 +18,7 @@ #include #include "seamcall_internal.h" +#include "tdx.h" /* P-SEAMLDR SEAMCALL leaf function */ #define P_SEAMLDR_INFO 0x8000000000000000 @@ -196,6 +197,7 @@ static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size) */ enum tdp_state { TDP_START, + TDP_SHUTDOWN, TDP_DONE, }; @@ -228,8 +230,12 @@ static void ack_state(void) static int do_seamldr_install_module(void *params) { enum tdp_state newstate, curstate = TDP_START; + int cpu = smp_processor_id(); + bool primary; int ret = 0; + primary = cpumask_first(cpu_online_mask) == cpu; + do { /* Chill out and re-read tdp_data */ cpu_relax(); @@ -238,6 +244,10 @@ static int do_seamldr_install_module(void *params) if (newstate != curstate) { curstate = newstate; switch (curstate) { + case TDP_SHUTDOWN: + if (primary) + ret = tdx_module_shutdown(); + break; default: break; } diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index b65b2a609e81..f911c8c63800 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1176,6 +1176,21 @@ int tdx_enable(void) } EXPORT_SYMBOL_FOR_KVM(tdx_enable); +int tdx_module_shutdown(void) +{ + struct tdx_module_args args = {}; + + /* + * Shut down the TDX Module and prepare handoff data for the next + * TDX Module. This SEAMCALL requires a handoff version. Use the + * module's handoff version, as it is the highest version the + * module can produce and is more likely to be supported by new + * modules as new modules likely have higher handoff version. + */ + args.rcx = tdx_sysinfo.handoff.module_hv; + return seamcall_prerr(TDH_SYS_SHUTDOWN, &args); +} + static bool is_pamt_page(unsigned long phys) { struct tdmr_info_list *tdmr_list = &tdx_tdmr_list; diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 82bb82be8567..1c4da9540ae0 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -46,6 +46,7 @@ #define TDH_PHYMEM_PAGE_WBINVD 41 #define TDH_VP_WR 43 #define TDH_SYS_CONFIG 45 +#define TDH_SYS_SHUTDOWN 52 /* * SEAMCALL leaf: @@ -118,4 +119,6 @@ struct tdmr_info_list { int max_tdmrs; /* How many 'tdmr_info's are allocated */ }; +int tdx_module_shutdown(void); + #endif diff --git a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c index 4c9917a9c2c3..6aee10c36489 100644 --- a/arch/x86/virt/vmx/tdx/tdx_global_metadata.c +++ b/arch/x86/virt/vmx/tdx/tdx_global_metadata.c @@ -100,6 +100,20 @@ static int get_tdx_sys_info_td_conf(struct tdx_sys_info_td_conf *sysinfo_td_conf return ret; } +static int get_tdx_sys_info_handoff(struct tdx_sys_info_handoff *sysinfo_handoff) +{ + int ret = 0; + u64 val; + + if (!tdx_supports_runtime_update(&tdx_sysinfo)) + return 0; + + if (!ret && !(ret = read_sys_metadata_field(0x8900000100000000, &val))) + sysinfo_handoff->module_hv = val; + + return ret; +} + static int get_tdx_sys_info(struct tdx_sys_info *sysinfo) { int ret = 0; @@ -115,6 +129,7 @@ static int get_tdx_sys_info(struct tdx_sys_info *sysinfo) ret = ret ?: get_tdx_sys_info_tdmr(&sysinfo->tdmr); ret = ret ?: get_tdx_sys_info_td_ctrl(&sysinfo->td_ctrl); ret = ret ?: get_tdx_sys_info_td_conf(&sysinfo->td_conf); + ret = ret ?: get_tdx_sys_info_handoff(&sysinfo->handoff); return ret; } -- 2.47.3