[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5ce7ebfe54160ea35e432bf50207ebed32db31fc.camel@intel.com>
Date: Mon, 27 Jun 2022 17:23:57 +1200
From: Kai Huang <kai.huang@...el.com>
To: Dave Hansen <dave.hansen@...el.com>, linux-kernel@...r.kernel.org,
kvm@...r.kernel.org
Cc: seanjc@...gle.com, pbonzini@...hat.com, len.brown@...el.com,
tony.luck@...el.com, rafael.j.wysocki@...el.com,
reinette.chatre@...el.com, dan.j.williams@...el.com,
peterz@...radead.org, ak@...ux.intel.com,
kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com,
isaku.yamahata@...el.com
Subject: Re: [PATCH v5 07/22] x86/virt/tdx: Implement SEAMCALL function
On Fri, 2022-06-24 at 11:38 -0700, Dave Hansen wrote:
> On 6/22/22 04:16, Kai Huang wrote:
> > SEAMCALL instruction causes #GP when SEAMRR isn't enabled, and #UD when
> > CPU is not in VMX operation. The TDX_MODULE_CALL macro doesn't handle
> > SEAMCALL exceptions. Leave to the caller to guarantee those conditions
> > before calling __seamcall().
>
> I was trying to make the argument earlier that you don't need *ANY*
> detection for TDX, other than the ability to make a SEAMCALL.
> Basically, patch 01/22 could go away.
>
> You are right that:
>
> The TDX_MODULE_CALL macro doesn't handle SEAMCALL exceptions.
>
> But, it's also not hard to make it *able* to handle exceptions.
>
> So what does patch 01/22 buy us? One EXTABLE entry?
There are below pros if we can detect whether TDX is enabled by BIOS during boot
before initializing the TDX Module:
1) There are requirements from customers to report whether platform supports TDX
and the TDX keyID numbers before initializing the TDX module so the userspace
cloud software can use this information to do something. Sorry I cannot find
the lore link now.
Isaku, if you see, could you provide more info?
2) As you can see, it can be used to handle ACPI CPU/memory hotplug and driver
managed memory hotplug. Kexec() support patch also can use it.
Particularly, in concept, ACPI CPU/memory hotplug is only related to whether TDX
is enabled by BIOS, but not whether TDX module is loaded, or the result of
initializing the TDX module. So I think we should have some code to detect TDX
during boot.
Also, it seems adding EXTABLE to TDX_MODULE_CALL doesn't have significantly less
code comparing to detecting TDX during boot:
diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
index 4b75c930fa1b..4a97ca8eb14c 100644
--- a/arch/x86/include/asm/tdx.h
+++ b/arch/x86/include/asm/tdx.h
@@ -8,6 +8,7 @@
#include <asm/ptrace.h>
#include <asm/shared/tdx.h>
+#ifdef CONFIG_INTEL_TDX_HOST
/*
* SW-defined error codes.
*
@@ -18,6 +19,21 @@
#define TDX_SW_ERROR (TDX_ERROR | GENMASK_ULL(47, 40))
#define TDX_SEAMCALL_VMFAILINVALID (TDX_SW_ERROR | _UL(0xFFFF0000))
+/*
+ * Special error codes to indicate SEAMCALL #GP and #UD.
+ *
+ * SEAMCALL causes #GP when SEAMRR is not properly enabled by BIOS, and
+ * causes #UD when CPU is not in VMX operation. Define two separate
+ * error codes to distinguish the two cases so caller can be aware of
+ * what caused the SEAMCALL to fail.
+ *
+ * Bits 61:48 are reserved bits which will never be set by the TDX
+ * module. Borrow 2 reserved bits to represent #GP and #UD.
+ */
+#define TDX_SEAMCALL_GP (TDX_ERROR | GENMASK_ULL(48, 48))
+#define TDX_SEAMCALL_UD (TDX_ERROR | GENMASK_ULL(49, 49))
+#endif
+
#ifndef __ASSEMBLY__
/*
diff --git a/arch/x86/virt/vmx/tdx/tdxcall.S b/arch/x86/virt/vmx/tdx/tdxcall.S
index 49a54356ae99..7431c47258d9 100644
--- a/arch/x86/virt/vmx/tdx/tdxcall.S
+++ b/arch/x86/virt/vmx/tdx/tdxcall.S
@@ -1,6 +1,7 @@
/* SPDX-License-Identifier: GPL-2.0 */
#include <asm/asm-offsets.h>
#include <asm/tdx.h>
+#include <asm/asm.h>
/*
* TDCALL and SEAMCALL are supported in Binutils >= 2.36.
@@ -45,6 +46,7 @@
/* Leave input param 2 in RDX */
.if \host
+1:
seamcall
/*
* SEAMCALL instruction is essentially a VMExit from VMX root
@@ -57,9 +59,25 @@
* This value will never be used as actual SEAMCALL error code as
* it is from the Reserved status code class.
*/
- jnc .Lno_vmfailinvalid
+ jnc .Lseamcall_out
mov $TDX_SEAMCALL_VMFAILINVALID, %rax
-.Lno_vmfailinvalid:
+ jmp .Lseamcall_out
+2:
+ /*
+ * SEAMCALL caused #GP or #UD. By reaching here %eax contains
+ * the trap number. Check the trap number and set up the return
+ * value to %rax.
+ */
+ cmp $X86_TRAP_GP, %eax
+ je .Lseamcall_gp
+ mov $TDX_SEAMCALL_UD, %rax
+ jmp .Lseamcall_out
+.Lseamcall_gp:
+ mov $TDX_SEAMCALL_GP, %rax
+ jmp .Lseamcall_out
+
+ _ASM_EXTABLE_FAULT(1b, 2b)
+.Lseamcall_out
Powered by blists - more mailing lists