Samuka007/asterinas
1
0
Fork 0
mirror of https://github.com/asterinas/asterinas.git synced 2025-06-22 00:43:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make intel_tdx feature as default

Browse Source
This commit is contained in:
Hsy-Intel
2024-07-11 17:18:59 +08:00
committed by Tate, Hongliang Tian
parent 4ae59a8f2e
commit 4292ec2ebb
6 changed files with 49 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kernel/aster-nix/Cargo.toml
View File

@ -42,7 +42,7 @@ smoltcp = { version = "0.9.1", default-features = false, features = [
"socket-raw", "socket-raw",
"socket-dhcpv4", "socket-dhcpv4",
] } ] }
tdx-guest = { version = "0.1.0", optional = true } tdx-guest = { version = "0.1.5", optional = true }
# parse elf file # parse elf file
xmas-elf = "0.8.0" xmas-elf = "0.8.0"

4
ostd/Cargo.toml
View File

@ -32,7 +32,7 @@ num-traits = { version = "0.2", default-features = false }
pod = { git = "https://github.com/asterinas/pod", rev = "d7dba56" } pod = { git = "https://github.com/asterinas/pod", rev = "d7dba56" }
spin = "0.9.4" spin = "0.9.4"
static_assertions = "1.1.0" static_assertions = "1.1.0"
tdx-guest = { version = "0.1.0", optional = true } tdx-guest = { version = "0.1.5", optional = true }
trapframe = { git = "https://github.com/asterinas/trapframe-rs", rev = "4739428" } trapframe = { git = "https://github.com/asterinas/trapframe-rs", rev = "4739428" }
unwinding = { version = "0.2.2", default-features = false, features = ["fde-gnu-eh-frame-hdr", "hide-trace", "panic", "personality", "unwinder"] } unwinding = { version = "0.2.2", default-features = false, features = ["fde-gnu-eh-frame-hdr", "hide-trace", "panic", "personality", "unwinder"] }
volatile = { version = "0.4.5", features = ["unstable"] } volatile = { version = "0.4.5", features = ["unstable"] }
@ -52,6 +52,6 @@ iced-x86 = { version = "1.21.0", default-features = false, features = [
], optional = true } ], optional = true }
[features] [features]
default = ["log_color"] default = ["intel_tdx", "log_color"]
log_color = ["dep:owo-colors"] log_color = ["dep:owo-colors"]
intel_tdx = ["dep:tdx-guest", "dep:iced-x86"] intel_tdx = ["dep:tdx-guest", "dep:iced-x86"]

25
ostd/src/arch/x86/mod.rs
View File

@ -24,14 +24,35 @@ use core::{
sync::atomic::Ordering, sync::atomic::Ordering,
}; };
#[cfg(feature = "intel_tdx")]
use ::tdx_guest::tdx_is_enabled;
use kernel::apic::ioapic; use kernel::apic::ioapic;
use log::{info, warn}; use log::{info, warn};
#[cfg(feature = "intel_tdx")]
use {
crate::early_println,
::tdx_guest::{init_tdx, tdcall::InitError, tdx_is_enabled},
};
pub(crate) fn before_all_init() { pub(crate) fn before_all_init() {
enable_common_cpu_features(); enable_common_cpu_features();
serial::init(); serial::init();
#[cfg(feature = "intel_tdx")]
match init_tdx() {
Ok(td_info) => {
early_println!(
"Intel TDX initialized\ntd gpaw: {}, td attributes: {:?}",
td_info.gpaw,
td_info.attributes
);
}
Err(InitError::TdxGetVpInfoError(td_call_error)) => {
panic!(
"Intel TDX not initialized, Failed to get TD info: {:?}",
td_call_error
);
}
// The machine has no TDX support.
Err(_) => {}
}
} }
pub(crate) fn after_all_init() { pub(crate) fn after_all_init() {

27
ostd/src/arch/x86/tdx_guest.rs
View File

@ -16,7 +16,6 @@ use crate::{
kspace::{BOOT_PAGE_TABLE, KERNEL_BASE_VADDR, KERNEL_END_VADDR, KERNEL_PAGE_TABLE}, kspace::{BOOT_PAGE_TABLE, KERNEL_BASE_VADDR, KERNEL_END_VADDR, KERNEL_PAGE_TABLE},
paddr_to_vaddr, paddr_to_vaddr,
page_prop::{PageProperty, PrivilegedPageFlags as PrivFlags}, page_prop::{PageProperty, PrivilegedPageFlags as PrivFlags},
page_table::PageTableError,
PAGE_SIZE, PAGE_SIZE,
}, },
prelude::Paddr, prelude::Paddr,
@ -78,14 +77,14 @@ enum MmioError {
InvalidInstruction, InvalidInstruction,
InvalidAddress, InvalidAddress,
DecodeFailed, DecodeFailed,
TdVmcallError(tdvmcall::TdVmcallError), TdVmcallError,
} }
#[derive(Debug)] #[derive(Debug)]
pub enum PageConvertError { pub enum PageConvertError {
PageTableError(PageTableError), PageTable,
TdCallError(tdcall::TdCallError), TdCall,
TdVmcallError((u64, tdvmcall::TdVmcallError)), TdVmcall,
} }
pub fn handle_virtual_exception(trapframe: &mut dyn TdxTrapFrame, ve_info: &TdgVeInfo) { pub fn handle_virtual_exception(trapframe: &mut dyn TdxTrapFrame, ve_info: &TdgVeInfo) {
@ -187,7 +186,7 @@ fn handle_mmio(trapframe: &mut dyn TdxTrapFrame, ve_info: &TdgVeInfo) -> Result<
// SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the value and size parsed from the instruction are valid. // SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the value and size parsed from the instruction are valid.
unsafe { unsafe {
write_mmio(size, ve_info.guest_physical_address, value) write_mmio(size, ve_info.guest_physical_address, value)
.map_err(MmioError::TdVmcallError)? .map_err(|_| MmioError::TdVmcallError)?
} }
} }
InstrMmioType::WriteImm => { InstrMmioType::WriteImm => {
@ -195,14 +194,14 @@ fn handle_mmio(trapframe: &mut dyn TdxTrapFrame, ve_info: &TdgVeInfo) -> Result<
// SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the value and size parsed from the instruction are valid. // SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the value and size parsed from the instruction are valid.
unsafe { unsafe {
write_mmio(size, ve_info.guest_physical_address, value) write_mmio(size, ve_info.guest_physical_address, value)
.map_err(MmioError::TdVmcallError)? .map_err(|_| MmioError::TdVmcallError)?
} }
} }
InstrMmioType::Read => InstrMmioType::Read =>
// SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the size parsed from the instruction is valid. // SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the size parsed from the instruction is valid.
unsafe { unsafe {
let read_res = read_mmio(size, ve_info.guest_physical_address) let read_res = read_mmio(size, ve_info.guest_physical_address)
.map_err(MmioError::TdVmcallError)? .map_err(|_| MmioError::TdVmcallError)?
as usize; as usize;
match instr.op0_register() { match instr.op0_register() {
Register::RAX => trapframe.set_rax(read_res), Register::RAX => trapframe.set_rax(read_res),
@ -297,7 +296,7 @@ fn handle_mmio(trapframe: &mut dyn TdxTrapFrame, ve_info: &TdgVeInfo) -> Result<
// SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the size parsed from the instruction is valid. // SAFETY: The mmio_gpa obtained from `ve_info` is valid, and the size parsed from the instruction is valid.
unsafe { unsafe {
let read_res = read_mmio(size, ve_info.guest_physical_address) let read_res = read_mmio(size, ve_info.guest_physical_address)
.map_err(MmioError::TdVmcallError)? .map_err(|_| MmioError::TdVmcallError)?
as usize; as usize;
match instr.op0_register() { match instr.op0_register() {
Register::RAX | Register::EAX | Register::AX | Register::AL => { Register::RAX | Register::EAX | Register::AX | Register::AL => {
@ -421,7 +420,7 @@ pub unsafe fn unprotect_gpa_range(gpa: Paddr, page_num: usize) -> Result<(), Pag
}; };
let vaddr = paddr_to_vaddr(gpa); let vaddr = paddr_to_vaddr(gpa);
pt.protect(&(vaddr..vaddr + page_num * PAGE_SIZE), protect_op) pt.protect(&(vaddr..vaddr + page_num * PAGE_SIZE), protect_op)
.map_err(PageConvertError::PageTableError)?; .map_err(|_| PageConvertError::PageTable)?;
// Protect the page in the boot page table if in the boot phase. // Protect the page in the boot page table if in the boot phase.
{ {
let mut boot_pt_lock = BOOT_PAGE_TABLE.lock(); let mut boot_pt_lock = BOOT_PAGE_TABLE.lock();
@ -436,7 +435,7 @@ pub unsafe fn unprotect_gpa_range(gpa: Paddr, page_num: usize) -> Result<(), Pag
(gpa & (!PAGE_MASK)) as u64 | SHARED_MASK, (gpa & (!PAGE_MASK)) as u64 | SHARED_MASK,
(page_num * PAGE_SIZE) as u64, (page_num * PAGE_SIZE) as u64,
) )
.map_err(PageConvertError::TdVmcallError) .map_err(|_| PageConvertError::TdVmcall)
} }
/// Sets the given physical address range to Intel TDX private pages. /// Sets the given physical address range to Intel TDX private pages.
@ -464,7 +463,7 @@ pub unsafe fn protect_gpa_range(gpa: Paddr, page_num: usize) -> Result<(), PageC
}; };
let vaddr = paddr_to_vaddr(gpa); let vaddr = paddr_to_vaddr(gpa);
pt.protect(&(vaddr..vaddr + page_num * PAGE_SIZE), protect_op) pt.protect(&(vaddr..vaddr + page_num * PAGE_SIZE), protect_op)
.map_err(PageConvertError::PageTableError)?; .map_err(|_| PageConvertError::PageTable)?;
// Protect the page in the boot page table if in the boot phase. // Protect the page in the boot page table if in the boot phase.
{ {
let mut boot_pt_lock = BOOT_PAGE_TABLE.lock(); let mut boot_pt_lock = BOOT_PAGE_TABLE.lock();
@ -476,10 +475,10 @@ pub unsafe fn protect_gpa_range(gpa: Paddr, page_num: usize) -> Result<(), PageC
} }
} }
map_gpa((gpa & PAGE_MASK) as u64, (page_num * PAGE_SIZE) as u64) map_gpa((gpa & PAGE_MASK) as u64, (page_num * PAGE_SIZE) as u64)
.map_err(PageConvertError::TdVmcallError)?; .map_err(|_| PageConvertError::TdVmcall)?;
for i in 0..page_num { for i in 0..page_num {
unsafe { unsafe {
accept_page(0, (gpa + i * PAGE_SIZE) as u64).map_err(PageConvertError::TdCallError)?; accept_page(0, (gpa + i * PAGE_SIZE) as u64).map_err(|_| PageConvertError::TdCall)?;
} }
} }
Ok(()) Ok(())

15
ostd/src/arch/x86/trap.rs
View File

@ -7,7 +7,7 @@ use core::sync::atomic::{AtomicBool, Ordering};
use align_ext::AlignExt; use align_ext::AlignExt;
use log::debug; use log::debug;
#[cfg(feature = "intel_tdx")] #[cfg(feature = "intel_tdx")]
use tdx_guest::tdcall; use tdx_guest::{tdcall, tdx_is_enabled};
use trapframe::TrapFrame; use trapframe::TrapFrame;
use super::ex_table::ExTable; use super::ex_table::ExTable;
@ -136,6 +136,14 @@ fn handle_kernel_page_fault(f: &TrapFrame, page_fault_vaddr: u64) {
let vaddr = (page_fault_vaddr as usize).align_down(PAGE_SIZE); let vaddr = (page_fault_vaddr as usize).align_down(PAGE_SIZE);
let paddr = vaddr - LINEAR_MAPPING_BASE_VADDR; let paddr = vaddr - LINEAR_MAPPING_BASE_VADDR;
#[cfg(not(feature = "intel_tdx"))]
let priv_flags = PrivFlags::GLOBAL;
#[cfg(feature = "intel_tdx")]
let priv_flags = if tdx_is_enabled() {
PrivFlags::SHARED | PrivFlags::GLOBAL
} else {
PrivFlags::GLOBAL
};
// SAFETY: // SAFETY:
// 1. We have checked that the page fault address falls within the address range of the direct // 1. We have checked that the page fault address falls within the address range of the direct
// mapping of physical memory. // mapping of physical memory.
@ -149,10 +157,7 @@ fn handle_kernel_page_fault(f: &TrapFrame, page_fault_vaddr: u64) {
PageProperty { PageProperty {
flags: PageFlags::RW, flags: PageFlags::RW,
cache: CachePolicy::Uncacheable, cache: CachePolicy::Uncacheable,
#[cfg(not(feature = "intel_tdx"))] priv_flags,
priv_flags: PrivFlags::GLOBAL,
#[cfg(feature = "intel_tdx")]
priv_flags: PrivFlags::SHARED | PrivFlags::GLOBAL,
}, },
) )
.unwrap(); .unwrap();

11
ostd/src/lib.rs
View File

@ -44,8 +44,6 @@ pub mod trap;
pub mod user; pub mod user;
pub use ostd_macros::main; pub use ostd_macros::main;
#[cfg(feature = "intel_tdx")]
use tdx_guest::init_tdx;
pub use self::{cpu::cpu_local::CpuLocal, error::Error, prelude::Result}; pub use self::{cpu::cpu_local::CpuLocal, error::Error, prelude::Result};
@ -60,15 +58,6 @@ pub use self::{cpu::cpu_local::CpuLocal, error::Error, prelude::Result};
pub fn init() { pub fn init() {
arch::before_all_init(); arch::before_all_init();
#[cfg(feature = "intel_tdx")]
let td_info = init_tdx().unwrap();
#[cfg(feature = "intel_tdx")]
early_println!(
"td gpaw: {}, td attributes: {:?}\nTDX guest is initialized",
td_info.gpaw,
td_info.attributes
);
mm::heap_allocator::init(); mm::heap_allocator::init();
boot::init(); boot::init();