# HG changeset patch # User root@jcihula-build.jf.intel.com # Date 1181346470 25200 # Node ID 419625d615144db2a973154c34d0fef5e502ddae # Parent bd3d6b4c52ec809f080c89c4ffcf61dc6e445978 Intel(r) Trusted Execution Technology (Intel(r) TXT) support for Xen Changes to Xen files. Signed-off-by: Joseph Cihula diff -r bd3d6b4c52ec -r 419625d61514 Config.mk --- a/Config.mk Fri Jun 01 14:50:52 2007 +0100 +++ b/Config.mk Fri Jun 08 16:47:50 2007 -0700 @@ -93,4 +93,7 @@ XENFB_TOOLS ?= n XENFB_TOOLS ?= n PYTHON_TOOLS ?= y +# Intel(r) Trusted Execution Technology (Intel(r) TXT) +INTEL_TXT ?= n + -include $(XEN_ROOT)/.config diff -r bd3d6b4c52ec -r 419625d61514 xen/Makefile --- a/xen/Makefile Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/Makefile Fri Jun 08 16:47:50 2007 -0700 @@ -58,6 +58,9 @@ _clean: delete-unfresh-files $(MAKE) -f $(BASEDIR)/Rules.mk -C acm clean $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) clean rm -f include/asm *.o $(TARGET)* *~ core +ifeq ($(INTEL_TXT),y) + rm -f include/asm-x86/sboot +endif rm -f include/asm-*/asm-offsets.h rm -f include/xen/acm_policy.h @@ -74,6 +77,9 @@ _distclean: clean $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/compile.h $(MAKE) -f $(BASEDIR)/Rules.mk include/xen/acm_policy.h [ -e include/asm ] || ln -sf asm-$(TARGET_ARCH) include/asm +ifeq ($(INTEL_TXT),y) + [ -e include/asm-x86/sboot ] || ln -sf ../../../sboot/include include/asm-x86/sboot +endif $(MAKE) -f $(BASEDIR)/Rules.mk -C include $(MAKE) -f $(BASEDIR)/Rules.mk -C arch/$(TARGET_ARCH) asm-offsets.s $(MAKE) -f $(BASEDIR)/Rules.mk include/asm-$(TARGET_ARCH)/asm-offsets.h diff -r bd3d6b4c52ec -r 419625d61514 xen/Rules.mk --- a/xen/Rules.mk Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/Rules.mk Fri Jun 08 16:47:50 2007 -0700 @@ -56,6 +56,7 @@ CFLAGS-$(crash_debug) += -DCRASH_DEBUG CFLAGS-$(crash_debug) += -DCRASH_DEBUG CFLAGS-$(perfc) += -DPERF_COUNTERS CFLAGS-$(perfc_arrays) += -DPERF_ARRAYS +CFLAGS-$(INTEL_TXT) += -DCONFIG_TXT ifneq ($(max_phys_cpus),) CFLAGS-y += -DMAX_PHYS_CPUS=$(max_phys_cpus) diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/boot/trampoline.S --- a/xen/arch/x86/boot/trampoline.S Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/boot/trampoline.S Fri Jun 08 16:47:50 2007 -0700 @@ -36,6 +36,15 @@ trampoline_cpu_started: .byte 0 .code32 +#if defined(CONFIG_TXT) + .globl trampoline_txtmode_entry +trampoline_txtmode_entry: + movb $0xA5,SYM_TRAMP_PHYS(trampoline_cpu_started) + mov $1,%bl # EBX != 0 indicates we are an AP + lidt %cs:SYM_TRAMP_PHYS(idt_48) + lgdt %cs:SYM_TRAMP_PHYS(gdt_48) +#endif + trampoline_protmode_entry: /* Set up a few descriptors: on entry only CS is guaranteed good. */ mov $TRAMP_DS,%eax diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/cpu/centaur.c --- a/xen/arch/x86/cpu/centaur.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/cpu/centaur.c Fri Jun 08 16:47:50 2007 -0700 @@ -56,7 +56,7 @@ static u32 __init ramtop(void) /* 16388 * we frob around that catastrophy already */ - if (e820.map[i].type == E820_RESERVED) + if (e820.map[i].type >= E820_RESERVED) { if(e820.map[i].addr >= 0x100000UL && e820.map[i].addr < clip) clip = e820.map[i].addr; diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/domain_build.c --- a/xen/arch/x86/domain_build.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/domain_build.c Fri Jun 08 16:47:50 2007 -0700 @@ -29,6 +29,10 @@ #include #include +#ifdef CONFIG_TXT +#include +#include +#endif extern unsigned long initial_images_nrpages(void); extern void discard_initial_images(void); @@ -990,6 +994,25 @@ int __init construct_dom0( rc |= iomem_deny_access(dom0, mfn, mfn); } +#ifdef CONFIG_TXT + /* remove access to E820_PROTECTED I/O regions */ + for ( i = 0; i < e820.nr_map; i++ ) + { + if ( e820.map[i].type == E820_PROTECTED) + { + mfn = paddr_to_pfn(e820.map[i].addr); + /* only unmap I/O pages */ + if ( !mfn_valid(mfn) ) + { + nr_pages = (e820.map[i].size + PAGE_SIZE - 1) >> PAGE_SHIFT; + printk("SBOOT: removing protected range @ mfn %lx, size %lx " + "from dom0\n", mfn, nr_pages); + rc |= iomem_deny_access(dom0, mfn, mfn + nr_pages - 1); + } + } + } +#endif + BUG_ON(rc != 0); return 0; diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/e820.c --- a/xen/arch/x86/e820.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/e820.c Fri Jun 08 16:47:50 2007 -0700 @@ -4,6 +4,11 @@ #include #include #include +#ifdef CONFIG_TXT +#include +#include +#include +#endif /* opt_mem: Limit of physical RAM. Any RAM beyond this point is ignored. */ unsigned long long opt_mem; @@ -52,6 +57,14 @@ static void __init print_e820_memory_map case E820_NVS: printk("(ACPI NVS)\n"); break; +#ifdef CONFIG_TXT + case E820_PROTECTED: + printk("(PROTECTED)\n"); + break; + case E820_MLE_SHARED: + printk("(MLE_SHARED)\n"); + break; +#endif default: printk("type %u\n", map[i].type); break; } diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/hvm/vmx/vmx.c --- a/xen/arch/x86/hvm/vmx/vmx.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/hvm/vmx/vmx.c Fri Jun 08 16:47:50 2007 -0700 @@ -50,6 +50,9 @@ #include #include #include +#ifdef CONFIG_TXT +#include +#endif char *vmx_msr_bitmap; @@ -1229,7 +1232,8 @@ int start_vmx(void) if ( eax & IA32_FEATURE_CONTROL_MSR_LOCK ) { - if ( (eax & IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON) == 0x0 ) + if ( (eax & (IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX | + IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_IN_SMX) ) == 0x0) { printk("VMX disabled by Feature Control MSR.\n"); return 0; @@ -1237,10 +1241,19 @@ int start_vmx(void) } else { - wrmsr(IA32_FEATURE_CONTROL_MSR, - IA32_FEATURE_CONTROL_MSR_LOCK | - IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON, 0); - } + eax = IA32_FEATURE_CONTROL_MSR_LOCK | + IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX | + IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_IN_SMX; + wrmsr(IA32_FEATURE_CONTROL_MSR, eax, 0); + } + +#ifdef CONFIG_TXT + if ( !sboot_in_measured_env() && + !(eax & IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX) ) { + printk("VMX only allowed in SMX but SMX not active\n"); + return 0; + } +#endif set_in_cr4(X86_CR4_VMXE); diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/mm.c --- a/xen/arch/x86/mm.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/mm.c Fri Jun 08 16:47:50 2007 -0700 @@ -110,6 +110,9 @@ #include #include #include +#ifdef CONFIG_TXT +#include +#endif #define MEM_LOG(_f, _a...) gdprintk(XENLOG_WARNING , _f "\n" , ## _a) @@ -213,7 +216,13 @@ void __init arch_init_memory(void) /* Any areas not specified as RAM by the e820 map are considered I/O. */ for ( i = 0, pfn = 0; i < e820.nr_map; i++ ) { +#ifdef CONFIG_TXT + if ( e820.map[i].type != E820_RAM && + e820.map[i].type != E820_PROTECTED && + e820.map[i].type != E820_MLE_SHARED ) +#else if ( e820.map[i].type != E820_RAM ) +#endif continue; /* Every page from cursor to start of next RAM region is I/O. */ rstart_pfn = PFN_UP(e820.map[i].addr); @@ -226,6 +235,9 @@ void __init arch_init_memory(void) } /* Skip the RAM region. */ pfn = rend_pfn; + /* e820 map may include MMIO regions */ + if ( !mfn_valid(pfn) ) + break; } BUG_ON(pfn != max_page); diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/setup.c --- a/xen/arch/x86/setup.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/setup.c Fri Jun 08 16:47:50 2007 -0700 @@ -33,6 +33,16 @@ #include #include #include +#ifdef CONFIG_TXT +#include +#include + +/* global holding pointer to shared data; NULL means no measured launch */ +mle_kernel_shared_t *g_mle_shared = NULL; + +/* protected mode AP TXT entry point */ +extern char trampoline_txtmode_entry[]; +#endif #if defined(CONFIG_X86_64) #define BOOTSTRAP_DIRECTMAP_END (1UL << 32) @@ -351,6 +361,9 @@ void __init __start_xen(multiboot_info_t .parity = 'n', .stop_bits = 1 }; +#ifdef CONFIG_TXT + unsigned long mle_shared_phys = 0; /* phys addr of shared data page */ +#endif extern void early_page_fault(void); set_intr_gate(TRAP_page_fault, &early_page_fault); @@ -420,8 +433,16 @@ void __init __start_xen(multiboot_info_t ((u64)map->base_addr_high << 32) | (u64)map->base_addr_low; e820_raw[e820_raw_nr].size = ((u64)map->length_high << 32) | (u64)map->length_low; - e820_raw[e820_raw_nr].type = - (map->type > E820_NVS) ? E820_RESERVED : map->type; + e820_raw[e820_raw_nr].type = map->type; +#ifdef CONFIG_TXT + /* look for MLE/kernel shared page (E820_MLE_SHARED) */ + /* we can't fixmap it yet, so just save the phys addr */ + if ( e820_raw[e820_raw_nr].type == E820_MLE_SHARED ) { + mle_shared_phys = e820_raw[e820_raw_nr].addr; + printk("SBOOT: found MLE/kernel shared page at %lx\n", + mle_shared_phys); + } +#endif e820_raw_nr++; bytes += map->size + 4; @@ -756,6 +777,18 @@ void __init __start_xen(multiboot_info_t paging_init(); +#ifdef CONFIG_TXT + if ( mle_shared_phys != 0 ) { + /* we found the shared page so map it */ + set_fixmap(FIX_MLE_SHARED_BASE, mle_shared_phys); + g_mle_shared = (mle_kernel_shared_t *)fix_to_virt(FIX_MLE_SHARED_BASE); + printk("SBOOT: MLE/kernel shared page fixmap-ed to %p, version=%d\n", + g_mle_shared, g_mle_shared->version); + /* set the AP entry point to the TXT special one */ + g_mle_shared->ap_entry = boot_trampoline_pa(trampoline_txtmode_entry); + } +#endif + /* Unmap the first page of CPU0's stack. */ memguard_guard_stack(cpu0_stack); diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/shutdown.c --- a/xen/arch/x86/shutdown.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/shutdown.c Fri Jun 08 16:47:50 2007 -0700 @@ -21,6 +21,10 @@ #include #include #include +#include +#ifdef CONFIG_TXT +#include +#endif /* reboot_str: comma-separated list of reboot options. */ static char __initdata reboot_str[10] = ""; @@ -29,6 +33,8 @@ static long no_idt[2]; static long no_idt[2]; static int reboot_mode; +static void machine_teardown(void *data); + static inline void kb_wait(void) { int i; @@ -38,18 +44,11 @@ static inline void kb_wait(void) break; } -static void __attribute__((noreturn)) __machine_halt(void *unused) -{ - for ( ; ; ) - __asm__ __volatile__ ( "hlt" ); -} - void machine_halt(void) { - watchdog_disable(); - console_start_sync(); - smp_call_function(__machine_halt, NULL, 1, 0); - __machine_halt(NULL); + bool reboot = false; + + machine_teardown(&reboot); } #ifdef __i386__ @@ -197,24 +196,39 @@ static void machine_real_restart(const u #endif -void machine_restart(char *cmd) +/* + * generic teardown (i.e. kill watchdog, disable hvm, disable IO APIC, etc.) + * + * will teardown APs and leave in hlt loop + * will teardown BSP and reboot or halt + * + * first statement in caller fn should be call to us (because we may need to + * call the caller back on the BSP if we were initially called on an AP, so + * that the stack is right) + */ +static void machine_teardown(void *data) { int i; + bool reboot = *(bool *)data; + +#ifdef CONFIG_TXT + /* let sboot exit measured environment (GETSEC[SEXIT], etc.) */ + sboot_shutdown(machine_teardown, data); +#else + /* Ensure we are the boot CPU. */ + if ( GET_APIC_ID(apic_read(APIC_ID)) != boot_cpu_physical_apicid ) + { + /* Send IPI to the boot CPU (logical cpu 0). */ + on_selected_cpus(cpumask_of_cpu(0), (void *)machine_teardown, + data, 1, 0); + for ( ; ; ) + safe_halt(); + } watchdog_disable(); console_start_sync(); local_irq_enable(); - - /* Ensure we are the boot CPU. */ - if ( GET_APIC_ID(apic_read(APIC_ID)) != boot_cpu_physical_apicid ) - { - /* Send IPI to the boot CPU (logical cpu 0). */ - on_selected_cpus(cpumask_of_cpu(0), (void *)machine_restart, - NULL, 1, 0); - for ( ; ; ) - safe_halt(); - } /* * Stop all CPUs and turn off local APICs and the IO-APIC, so @@ -223,29 +237,42 @@ void machine_restart(char *cmd) smp_send_stop(); disable_IO_APIC(); hvm_disable(); +#endif + + /* just shutdown, not reboot */ + if ( !reboot ) { + for ( ; ; ) + __asm__ __volatile__ ( "hlt" ); + } /* Rebooting needs to touch the page at absolute address 0. */ *((unsigned short *)__va(0x472)) = reboot_mode; - if (reboot_thru_bios <= 0) - { + if (reboot_thru_bios <= 0) { for ( ; ; ) - { - /* Pulse the keyboard reset line. */ - for ( i = 0; i < 100; i++ ) { - kb_wait(); - udelay(50); - outb(0xfe,0x64); /* pulse reset low */ - udelay(50); + /* Pulse the keyboard reset line. */ + for ( i = 0; i < 100; i++ ) { + kb_wait(); + udelay(50); + outb(0xfe,0x64); /* pulse reset low */ + udelay(50); + } + + /* That didn't work - force a triple fault.. */ + __asm__ __volatile__("lidt %0": "=m" (no_idt)); + __asm__ __volatile__("int3"); } - - /* That didn't work - force a triple fault.. */ - __asm__ __volatile__("lidt %0": "=m" (no_idt)); - __asm__ __volatile__("int3"); - } } machine_real_restart(jump_to_bios, sizeof(jump_to_bios)); +} + + +void machine_restart(char * __unused) +{ + bool reboot = true; + + machine_teardown(&reboot); } #ifndef reboot_thru_bios @@ -333,3 +360,15 @@ static int __init reboot_init(void) return 0; } __initcall(reboot_init); + + + +/* + * Local variables: + * mode: C + * c-set-style: "BSD" + * c-basic-offset: 4 + * tab-width: 4 + * indent-tabs-mode: nil + * End: + */ diff -r bd3d6b4c52ec -r 419625d61514 xen/arch/x86/smp.c --- a/xen/arch/x86/smp.c Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/arch/x86/smp.c Fri Jun 08 16:47:50 2007 -0700 @@ -306,12 +306,13 @@ int on_selected_cpus( static void stop_this_cpu (void *dummy) { - cpu_clear(smp_processor_id(), cpu_online_map); - local_irq_disable(); disable_local_APIC(); hvm_disable(); + /* don't clear until just before we shutdown */ + cpu_clear(smp_processor_id(), cpu_online_map); + for ( ; ; ) __asm__ __volatile__ ( "hlt" ); } diff -r bd3d6b4c52ec -r 419625d61514 xen/include/asm-x86/cpufeature.h --- a/xen/include/asm-x86/cpufeature.h Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/include/asm-x86/cpufeature.h Fri Jun 08 16:47:50 2007 -0700 @@ -77,6 +77,7 @@ #define X86_FEATURE_MWAIT (4*32+ 3) /* Monitor/Mwait support */ #define X86_FEATURE_DSCPL (4*32+ 4) /* CPL Qualified Debug Store */ #define X86_FEATURE_VMXE (4*32+ 5) /* Virtual Machine Extensions */ +#define X86_FEATURE_SMXE (4*32+ 6) /* Safer Mode Extensions */ #define X86_FEATURE_EST (4*32+ 7) /* Enhanced SpeedStep */ #define X86_FEATURE_TM2 (4*32+ 8) /* Thermal Monitor 2 */ #define X86_FEATURE_CID (4*32+10) /* Context ID */ diff -r bd3d6b4c52ec -r 419625d61514 xen/include/asm-x86/fixmap.h --- a/xen/include/asm-x86/fixmap.h Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/include/asm-x86/fixmap.h Fri Jun 08 16:47:50 2007 -0700 @@ -17,6 +17,9 @@ #include #include #include +#ifdef CONFIG_TXT +#include +#endif /* * Here we define all the compile-time 'special' virtual @@ -40,6 +43,12 @@ enum fixed_addresses { FIX_KEXEC_BASE_0, FIX_KEXEC_BASE_END = FIX_KEXEC_BASE_0 \ + ((KEXEC_XEN_NO_PAGES >> 1) * KEXEC_IMAGE_NR) - 1, +#ifdef CONFIG_TXT + FIX_MLE_SHARED_BASE, + FIX_TXT_PRIV_BASE, + FIX_TXT_PUB_BASE = FIX_TXT_PRIV_BASE + NR_TXT_CONFIG_PAGES, + FIX_TXT_END = FIX_TXT_PUB_BASE + NR_TXT_CONFIG_PAGES, +#endif __end_of_fixed_addresses }; diff -r bd3d6b4c52ec -r 419625d61514 xen/include/asm-x86/msr.h --- a/xen/include/asm-x86/msr.h Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/include/asm-x86/msr.h Fri Jun 08 16:47:50 2007 -0700 @@ -122,7 +122,10 @@ static inline void wrmsrl(unsigned int m #define MSR_IA32_VMX_PROCBASED_CTLS2 0x48b #define IA32_FEATURE_CONTROL_MSR 0x3a #define IA32_FEATURE_CONTROL_MSR_LOCK 0x1 -#define IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON 0x4 +#define IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_IN_SMX 0x2 +#define IA32_FEATURE_CONTROL_MSR_ENABLE_VMXON_OUTSIDE_SMX 0x4 +#define IA32_FEATURE_CONTROL_MSR_SENTER_PARAM_CTL 0x7f00 +#define IA32_FEATURE_CONTROL_MSR_ENABLE_SENTER 0x8000 /* AMD/K8 specific MSRs */ #define MSR_EFER 0xc0000080 /* extended feature register */ diff -r bd3d6b4c52ec -r 419625d61514 xen/include/asm-x86/processor.h --- a/xen/include/asm-x86/processor.h Fri Jun 01 14:50:52 2007 +0100 +++ b/xen/include/asm-x86/processor.h Fri Jun 08 16:47:50 2007 -0700 @@ -80,6 +80,7 @@ #define X86_CR4_OSFXSR 0x0200 /* enable fast FPU save and restore */ #define X86_CR4_OSXMMEXCPT 0x0400 /* enable unmasked SSE exceptions */ #define X86_CR4_VMXE 0x2000 /* enable VMX */ +#define X86_CR4_SMXE 0x4000 /* enable SMX */ /* * Trap/fault mnemonics.