Re: [PATCH v8 020/103] KVM: TDX: create/destroy VM structure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/30/2022 4:57 PM, Binbin Wu wrote:

On 2022/8/30 3:09, Isaku Yamahata wrote:

+}
+
+static int tdx_reclaim_page(unsigned long va, hpa_t pa, bool do_wb, u16 hkid)
+{
+    struct tdx_module_output out;
+    u64 err;
+
+    err = tdh_phymem_page_reclaim(pa, &out);
+    if (WARN_ON_ONCE(err)) {
+        pr_tdx_error(TDH_PHYMEM_PAGE_RECLAIM, err, &out);
+        return -EIO;
+    }
+
+    if (do_wb) {
+        err = tdh_phymem_page_wbinvd(set_hkid_to_hpa(pa, hkid));
+        if (WARN_ON_ONCE(err)) {
+            pr_tdx_error(TDH_PHYMEM_PAGE_WBINVD, err, NULL);
+            return -EIO;
+        }
+    }
+
+    tdx_clear_page(va);
Is it really necessary to clear the reclaimed page using MOVDIR64?

According to the TDX module spec,  when add a page to TD, both for control structures and TD private memory, during the process some function of the
TDX module will initialize the page using binding hkid and direct write
(MOVDIR64B).

So still need to clear the page using direct write to avoid integrity error when re-assign one page from old keyid to a new keyid as you mentioned in
the comment?
Yes. As you described above, TDX module does when assining a page to a private hkid. i.e. TDH.MEM.PAGE.{ADD, AUG}.  But when re-assigning a page from an old
private hkid to a new _shared_ hkid, i.e. TDH.MEM.PAGE.REMOVE or
TDH.PHYMEM.PAGE.RECLAIM, TDX module doesn't.

Is the reason you added the tdx_clear_page() here due to the description in 1.3.1 of Intel CPU Architectural Extensions Specification for TDX (343754-002US)?

NO. The purpose of tdx_clear_page() is to update the HKID associated with the memory to 0. Otherwise the page cannot be used for host/KVM. Because the cacheline is still associated with a TD HKID, and it will get TD-bit mismatch when host accesses it without MOVDIR64B to update the HKID.

The description as following:
"MKTME on an SOC that supports SEAM might support an integrity protected, memory encryption mode. When using keys with integrity enabled, the MKTME associates a message authentication code (MAC) with each cache line. By design, when reading a cache line using a KeyID with integrity enabled, if the MAC stored in the metadata does not match the MAC regenerated by the MKTME, then the cache line is marked poisoned to prevent the data from being consumed. Integrity protected memory must be initialized before being read, and such initialization must be performed using 64-bytes direct-store with 64-byte write atomicity using the MOVDIR64B instruction"

Actually I have a question about the description,  does the initialization using MOVDIR64B must associated with the according hkid?


MOVDIR64B is just an instruction to write memory. What HKID is used depends on your purpose. When TDX module tries to initialize the private memory for TDs, TD's HKID is embedded into the PA. When host kernel/KVM tries to reclaim the memory from TD, it needs to embed HKID 0 into PA to clear the page.




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux