On Friday, March 24, 2023 10:28 AM, Wang, Lei wrote:
> > +static int __tdx_td_init(struct kvm *kvm) {
> > + struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
> > + cpumask_var_t packages;
> > + unsigned long *tdcs_pa = NULL;
> > + unsigned long tdr_pa = 0;
> > + unsigned long va;
> > + int ret, i;
> > + u64 err;
> > +
> > + ret = tdx_guest_keyid_alloc();
> > + if (ret < 0)
> > + return ret;
> > + kvm_tdx->hkid = ret;
> > +
> > + va = __get_free_page(GFP_KERNEL_ACCOUNT);
> > + if (!va)
> > + goto free_hkid;
> > + tdr_pa = __pa(va);
> > +
> > + tdcs_pa = kcalloc(tdx_info.nr_tdcs_pages, sizeof(*kvm_tdx->tdcs_pa),
> > + GFP_KERNEL_ACCOUNT | __GFP_ZERO);
> > + if (!tdcs_pa)
> > + goto free_tdr;
> > + for (i = 0; i < tdx_info.nr_tdcs_pages; i++) {
> > + va = __get_free_page(GFP_KERNEL_ACCOUNT);
> > + if (!va)
> > + goto free_tdcs;
> > + tdcs_pa[i] = __pa(va);
> > + }
> > +
> > + if (!zalloc_cpumask_var(&packages, GFP_KERNEL)) {
> > + ret = -ENOMEM;
> > + goto free_tdcs;
> > + }
> > + cpus_read_lock();
> > + /*
> > + * Need at least one CPU of the package to be online in order to
> > + * program all packages for host key id. Check it.
> > + */
> > + for_each_present_cpu(i)
> > + cpumask_set_cpu(topology_physical_package_id(i), packages);
> > + for_each_online_cpu(i)
> > + cpumask_clear_cpu(topology_physical_package_id(i),
> packages);
> > + if (!cpumask_empty(packages)) {
> > + ret = -EIO;
> > + /*
> > + * Because it's hard for human operator to figure out the
> > + * reason, warn it.
> > + */
> > + pr_warn("All packages need to have online CPU to create TD.
> Online CPU and retry.\n");
> > + goto free_packages;
> > + }
> > +
> > + /*
> > + * Acquire global lock to avoid TDX_OPERAND_BUSY:
> > + * TDH.MNG.CREATE and other APIs try to lock the global Key Owner
> > + * Table (KOT) to track the assigned TDX private HKID. It doesn't spin
> > + * to acquire the lock, returns TDX_OPERAND_BUSY instead, and let the
> > + * caller to handle the contention. This is because of time limitation
> > + * usable inside the TDX module and OS/VMM knows better about
> process
> > + * scheduling.
> > + *
> > + * APIs to acquire the lock of KOT:
> > + * TDH.MNG.CREATE, TDH.MNG.KEY.FREEID, TDH.MNG.VPFLUSHDONE,
> and
> > + * TDH.PHYMEM.CACHE.WB.
> > + */
> > + mutex_lock(&tdx_lock);
> > + err = tdh_mng_create(tdr_pa, kvm_tdx->hkid);
>
> In the latest (March 2023 ver.) Intel® TDX Module v1.5 ABI Specification, error
> code 0x80000203 represents TDX_RND_NO_ENTROPY:
This patchset is written for what's documented in the TDX 1.0 spec.
We'll update it for 1.5 later.
