| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <814d3dff-c168-4c68-ba25-30b282a37420@linux.intel.com>
Date: Mon, 9 Dec 2024 11:08:35 +0800
From: Binbin Wu <binbin.wu@...ux.intel.com>
To: Chao Gao <chao.gao@...el.com>
Cc: pbonzini@...hat.com, seanjc@...gle.com, kvm@...r.kernel.org,
rick.p.edgecombe@...el.com, kai.huang@...el.com, adrian.hunter@...el.com,
reinette.chatre@...el.com, xiaoyao.li@...el.com,
tony.lindgren@...ux.intel.com, isaku.yamahata@...el.com,
yan.y.zhao@...el.com, michael.roth@....com, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 3/7] KVM: TDX: Handle KVM hypercall with TDG.VP.VMCALL
On 12/9/2024 10:58 AM, Chao Gao wrote:
> On Sun, Dec 01, 2024 at 11:53:52AM +0800, Binbin Wu wrote:
>> From: Isaku Yamahata <isaku.yamahata@...el.com>
>>
>> Handle KVM hypercall for TDX according to TDX Guest-Host Communication
>> Interface (GHCI) specification.
>>
>> The TDX GHCI specification defines the ABI for the guest TD to issue
>> hypercalls. When R10 is non-zero, it indicates the TDG.VP.VMCALL is
>> vendor-specific. KVM uses R10 as KVM hypercall number and R11-R14
>> as 4 arguments, while the error code is returned in R10. Follow the
>> ABI and handle the KVM hypercall for TDX.
>>
>> Signed-off-by: Isaku Yamahata <isaku.yamahata@...el.com>
>> Co-developed-by: Binbin Wu <binbin.wu@...ux.intel.com>
>> Signed-off-by: Binbin Wu <binbin.wu@...ux.intel.com>
>> ---
>> Hypercalls exit to userspace breakout:
>> - Renamed from "KVM: TDX: handle KVM hypercall with TDG.VP.VMCALL" to
>> "KVM: TDX: Handle KVM hypercall with TDG.VP.VMCALL".
>> - Update the change log.
>> - Rebased on Sean's "Prep KVM hypercall handling for TDX" patch set.
>> https://lore.kernel.org/kvm/20241128004344.4072099-1-seanjc@google.com
>> - Use the right register (i.e. R10) to set the return code after returning
>> back from userspace.
>> ---
>> arch/x86/kvm/vmx/tdx.c | 31 +++++++++++++++++++++++++++++++
>> 1 file changed, 31 insertions(+)
>>
>> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
>> index 19fd8a5dabd0..4cc55b120ab0 100644
>> --- a/arch/x86/kvm/vmx/tdx.c
>> +++ b/arch/x86/kvm/vmx/tdx.c
>> @@ -957,8 +957,39 @@ static int tdx_handle_triple_fault(struct kvm_vcpu *vcpu)
>> return 0;
>> }
>>
>> +
>> +static int complete_hypercall_exit(struct kvm_vcpu *vcpu)
>> +{
>> + kvm_r10_write(vcpu, vcpu->run->hypercall.ret);
> Use tdvmcall_set_return_code() here? it would be more self-explanatory.
Yes, it's better.
Thanks!
>
>> + return 1;
>> +}
>> +
>> +static int tdx_emulate_vmcall(struct kvm_vcpu *vcpu)
>> +{
>> + int r;
>> +
>> + /*
>> + * ABI for KVM tdvmcall argument:
>> + * In Guest-Hypervisor Communication Interface(GHCI) specification,
>> + * Non-zero leaf number (R10 != 0) is defined to indicate
>> + * vendor-specific. KVM uses this for KVM hypercall. NOTE: KVM
>> + * hypercall number starts from one. Zero isn't used for KVM hypercall
>> + * number.
>> + *
>> + * R10: KVM hypercall number
>> + * arguments: R11, R12, R13, R14.
>> + */
>> + r = __kvm_emulate_hypercall(vcpu, r10, r11, r12, r13, r14, true, 0,
> note r10-14 are not declared in this function.
__kvm_emulate_hypercall() is a macro, so these will be replaced by
kvm_{r10, r11, r12, r13, r14}_read().
>
>> + complete_hypercall_exit);
>> +
>> + return r > 0;
>> +}
>> +
>> static int handle_tdvmcall(struct kvm_vcpu *vcpu)
>> {
>> + if (tdvmcall_exit_type(vcpu))
>> + return tdx_emulate_vmcall(vcpu);
>> +
>> switch (tdvmcall_leaf(vcpu)) {
>> default:
>> break;
>> --
>> 2.46.0
>>
Powered by blists - more mailing lists