From: Sagi Shahar <[email protected]> Add memory for TDX boot code in a separate memslot.
Use virt_map() to get identity map in this memory region to allow for seamless transition from paging disabled to paging enabled code. Copy the boot code into the memory region and set up the reset vector at this point. While it's possible to separate the memory allocation and boot code initialization into separate functions, having all the calculations for memory size and offsets in one place simplifies the code and avoids duplications. Handcode the reset vector as suggested by Sean Christopherson. Reviewed-by: Binbin Wu <[email protected]> Suggested-by: Sean Christopherson <[email protected]> Co-developed-by: Erdem Aktas <[email protected]> Signed-off-by: Erdem Aktas <[email protected]> Signed-off-by: Sagi Shahar <[email protected]> Signed-off-by: Lisa Wang <[email protected]> --- tools/testing/selftests/kvm/Makefile.kvm | 1 + .../selftests/kvm/include/x86/tdx/tdx_util.h | 1 + tools/testing/selftests/kvm/lib/x86/processor.c | 4 +- tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c | 47 ++++++++++++++++++++++ 4 files changed, 52 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/kvm/Makefile.kvm b/tools/testing/selftests/kvm/Makefile.kvm index 929965ca4b75..a651a876c522 100644 --- a/tools/testing/selftests/kvm/Makefile.kvm +++ b/tools/testing/selftests/kvm/Makefile.kvm @@ -31,6 +31,7 @@ LIBKVM_x86 += lib/x86/sev.c LIBKVM_x86 += lib/x86/svm.c LIBKVM_x86 += lib/x86/ucall.c LIBKVM_x86 += lib/x86/vmx.c +LIBKVM_x86 += lib/x86/tdx/tdx_util.c LIBKVM_x86 += lib/x86/tdx/td_boot.S LIBKVM_arm64 += lib/arm64/gic.c diff --git a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h index 48d4bd36c35b..d66ea7bc85f9 100644 --- a/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h +++ b/tools/testing/selftests/kvm/include/x86/tdx/tdx_util.h @@ -40,5 +40,6 @@ static inline bool is_tdx_vm(struct kvm_vm *vm) }) void tdx_init_vm(struct kvm_vm *vm, u64 attributes); +void tdx_vm_setup_boot_code_region(struct kvm_vm *vm); #endif /* SELFTESTS_TDX_TDX_UTIL_H */ diff --git a/tools/testing/selftests/kvm/lib/x86/processor.c b/tools/testing/selftests/kvm/lib/x86/processor.c index 5027411665bf..dfabdfd17976 100644 --- a/tools/testing/selftests/kvm/lib/x86/processor.c +++ b/tools/testing/selftests/kvm/lib/x86/processor.c @@ -791,8 +791,10 @@ void kvm_arch_vm_post_create(struct kvm_vm *vm, unsigned int nr_vcpus) vm_sev_ioctl(vm, KVM_SEV_INIT2, &init); } - if (is_tdx_vm(vm)) + if (is_tdx_vm(vm)) { tdx_init_vm(vm, 0); + tdx_vm_setup_boot_code_region(vm); + } r = __vm_ioctl(vm, KVM_GET_TSC_KHZ, NULL); TEST_ASSERT(r > 0, "KVM_GET_TSC_KHZ did not provide a valid TSC frequency."); diff --git a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c index e5c998874a0d..bbfaa9af9c60 100644 --- a/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c +++ b/tools/testing/selftests/kvm/lib/x86/tdx/tdx_util.c @@ -2,8 +2,55 @@ #include "kvm_util.h" #include "processor.h" +#include "tdx/td_boot.h" #include "tdx/tdx_util.h" +/* Arbitrarily selected to avoid overlaps with anything else */ +#define TD_BOOT_CODE_SLOT 20 + +#define X86_RESET_VECTOR 0xfffffff0ul +#define X86_RESET_VECTOR_SIZE 16 + +void tdx_vm_setup_boot_code_region(struct kvm_vm *vm) +{ + size_t total_code_size = TD_BOOT_CODE_SIZE + X86_RESET_VECTOR_SIZE; + gpa_t boot_code_gpa = X86_RESET_VECTOR - TD_BOOT_CODE_SIZE; + gpa_t alloc_gpa = round_down(boot_code_gpa, PAGE_SIZE); + size_t nr_pages = DIV_ROUND_UP(total_code_size, PAGE_SIZE); + gpa_t gpa; + u8 *hva; + + vm_userspace_mem_region_add(vm, VM_MEM_SRC_ANONYMOUS, + alloc_gpa, + TD_BOOT_CODE_SLOT, nr_pages, + KVM_MEM_GUEST_MEMFD); + + gpa = vm_phy_pages_alloc(vm, nr_pages, alloc_gpa, TD_BOOT_CODE_SLOT); + TEST_ASSERT(gpa == alloc_gpa, "Failed vm_phy_pages_alloc\n"); + + virt_map(vm, alloc_gpa, alloc_gpa, nr_pages); + hva = addr_gpa2hva(vm, boot_code_gpa); + memcpy(hva, td_boot, TD_BOOT_CODE_SIZE); + + hva += TD_BOOT_CODE_SIZE; + TEST_ASSERT(hva == addr_gpa2hva(vm, X86_RESET_VECTOR), + "Expected RESET vector at hva 0x%lx, got %lx", + (unsigned long)addr_gpa2hva(vm, X86_RESET_VECTOR), (unsigned long)hva); + + /* + * Handcode "JMP rel8" at the RESET vector to jump back to the TD boot + * code, as there are only 16 bytes at the RESET vector before RIP will + * wrap back to zero. Insert a trailing int3 so that the vCPU crashes + * in case the JMP somehow falls through. Note! The target address is + * relative to the end of the instruction! + */ + TEST_ASSERT(TD_BOOT_CODE_SIZE + 2 <= 128, + "TD boot code not addressable by 'JMP rel8'"); + hva[0] = 0xeb; + hva[1] = 256 - 2 - TD_BOOT_CODE_SIZE; + hva[2] = 0xcc; +} + static struct kvm_tdx_capabilities *tdx_read_capabilities(struct kvm_vm *vm) { struct kvm_tdx_capabilities *tdx_cap = NULL; -- 2.54.0.746.g67dd491aae-goog
