From patchwork Mon Feb 26 08:26:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Isaku Yamahata X-Patchwork-Id: 206438 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id bq27csp1949640dyb; Mon, 26 Feb 2024 01:04:15 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWvDppgkOjtQHNo56QZLOzvat9A6sCFfsYXlHCNyG48i1TLbAekbETfmjH36Bcs7Ri0gDFoipzAg5tOmK9QbnmcYcO7Ww== X-Google-Smtp-Source: AGHT+IF2DnN+ZVZOCljrMUSpa7o9vvsQjiJavlOyCBBuYp4DBiosq0t1PWV1FkImuK7uvguqwSps X-Received: by 2002:a17:906:4f91:b0:a3e:7d36:62b1 with SMTP id o17-20020a1709064f9100b00a3e7d3662b1mr3750512eju.46.1708938255200; Mon, 26 Feb 2024 01:04:15 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708938255; cv=pass; d=google.com; s=arc-20160816; b=xSiM3Mon02OcJcWeZzlcteG+wHDp9OFKCa0JO0D59xDFyEpBLy3YFvTS/fWeVt+rIV cMCr1sx3sOMxqEJRCqlCv5lzjmIjIThOtqvRMDraRe9scJF2vl+zC1OuEOCZh+y8KbLM IU0DJ6mAO67zwSlH6svnfM8jcx/lUIqEwELWQlPJhWn1I2pFfl7EjcXi8wvasax7g5qU d2OifU0RA2kbqNnC5JbrAbJ2utvfojR5vxyo2067K+sfZgS+QXnhSTE2hFLxkdMxpHbG yBWvaFnzF6RAflyoWhUljfJ2umnf6JH/28Aewewv2O0tgR7d0xAasigZhpheHzaFyBFw yMbA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=P71sd8MVu3mg8zR1YnR6x6q/tLTodkRuHc0j6g0gKtE=; fh=ayBhqGQLGluWkxaTKJLwsbYj/aSyn1CBB3d2PcPvpmc=; b=daxGk4gTCpk/aJIMS0gxArO6Oxr85PepoQEA6/22JSq0YBRyWEoXRl7z4/SK7tLEgf MA/sSKWdiwHZNV5jeAuPveSnYvN4yRqMZDNIYMC1kQr9UUmZGBfx9F56W61cw2Y9b8z/ wPF/znxedlF8tFBHCk5AOFazTS3SJm7PxZ/SyZFXsFFTsKJ9RTRx1pKBwRWxbH5/LaO1 fyO41POSaB7Z7gX+E637vYPx66iphXNZm6+4RNhMyJWMujm2KpCIyXsrvBJcShFCHgpz DyC2PVCMlT6CVN3ieMQZVdYkB3US1DNLguU7yiEuJE0wMKFF7FVK8Xp3YQMGyQejRdYT kQfQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lhYBnZf7; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80867-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80867-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id go31-20020a1709070d9f00b00a3f5b2c86f9si1883734ejc.820.2024.02.26.01.04.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 01:04:15 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-80867-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lhYBnZf7; arc=pass (i=1 spf=pass spfdomain=intel.com dkim=pass dkdomain=intel.com dmarc=pass fromdomain=intel.com); spf=pass (google.com: domain of linux-kernel+bounces-80867-ouuuleilei=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-80867-ouuuleilei=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id A6A641F24E94 for ; Mon, 26 Feb 2024 09:04:14 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5CA6612A17C; Mon, 26 Feb 2024 08:29:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="lhYBnZf7" Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C101B86621; Mon, 26 Feb 2024 08:29:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.19 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936144; cv=none; b=hMiGqg/kPUs5F/mJxY44pol+5o1zD1R9TW/eG6uwufyboMb03yBcSstia9qmIYVqOmhMTNC4tWUryuGNDYWOSj+fX+ZA9aCx0BONdczyOPGFDzoVtx/yQxahpZISFvibyCuM92hbxCuZQDNTBCNvH2iB2iDo3sj63RRO8v9qBOQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708936144; c=relaxed/simple; bh=1PDQelSePPzX2B7lYc0kxBcavk4BVnF4BPwDcuzpxVE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=b9BQrlnnnUugA3cvt5DMt0DZjZW1UkmBipnrRXqM3HH6Ak7Jq7WINX8c+TKyQzNz5FwXVELW3UgFzFCiKx0oUTMHFaR02aeWhBvNMzG9CXjjIkqkR2hlfVlQuBsvnuBlRFdBy4fTRikmafu1l8mWDY7nM/csnjdLi7BFaS/9SQw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=lhYBnZf7; arc=none smtp.client-ip=198.175.65.19 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1708936143; x=1740472143; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=1PDQelSePPzX2B7lYc0kxBcavk4BVnF4BPwDcuzpxVE=; b=lhYBnZf7XmEy3uB7la/hwWMOh+JMNfwgqwdu1v+NvjTeTiC8sjh8koE9 3lDVsa172aCyqdvWQ2LfsKpUsOtQIZKb+LBdwNSbuKTZ462DoIFXv3OWc GAJf+KX+Hr/cDr8UqjxxywFjQHYnleNpEHJnwTtY3m7ZM9EDh66lSfCrW q7m26SmPxjEaqrpoAcoVpgUXtRTjMjP1+y1L2mG06kEuHIcYfM3w/DttX OHW7qBNbj7kPr7CmodX3bySzJu8OqZH4+tOT2QLy6T7qbgaB6zYKDuzYl JF+1XY+5ZuqYY8SqRKme9012bAeMfiGoPoannjcKGbGpm65WUvvEKy2VB w==; X-IronPort-AV: E=McAfee;i="6600,9927,10995"; a="3069615" X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="3069615" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by orvoesa111.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:29:03 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.06,185,1705392000"; d="scan'208";a="11272704" Received: from ls.sc.intel.com (HELO localhost) ([172.25.112.31]) by orviesa004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Feb 2024 00:29:02 -0800 From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini , erdemaktas@google.com, Sean Christopherson , Sagi Shahar , Kai Huang , chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com, Xiaoyao Li , Sean Christopherson Subject: [PATCH v19 104/130] KVM: TDX: Add a place holder for handler of TDX hypercalls (TDG.VP.VMCALL) Date: Mon, 26 Feb 2024 00:26:46 -0800 Message-Id: <1c66bfde36f08eacbe2f5c50f88adf80e3d87ea7.1708933498.git.isaku.yamahata@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791951639535830202 X-GMAIL-MSGID: 1791951639535830202 From: Isaku Yamahata The TDX module specification defines TDG.VP.VMCALL API (TDVMCALL for short) for the guest TD to call hypercall to VMM. When the guest TD issues TDG.VP.VMCALL, the guest TD exits to VMM with a new exit reason of TDVMCALL. The arguments from the guest TD and returned values from the VMM are passed in the guest registers. The guest RCX registers indicates which registers are used. Define helper functions to access those registers as ABI. Define the TDVMCALL exit reason, which is carved out from the VMX exit reason namespace as the TDVMCALL exit from TDX guest to TDX-SEAM is really just a VM-Exit. Add a place holder to handle TDVMCALL exit. Co-developed-by: Xiaoyao Li Signed-off-by: Xiaoyao Li Signed-off-by: Sean Christopherson Signed-off-by: Isaku Yamahata --- arch/x86/include/uapi/asm/vmx.h | 4 ++- arch/x86/kvm/vmx/tdx.c | 53 +++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/tdx.h | 13 ++++++++ 3 files changed, 69 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/uapi/asm/vmx.h b/arch/x86/include/uapi/asm/vmx.h index b3a30ef3efdd..f0f4a4cf84a7 100644 --- a/arch/x86/include/uapi/asm/vmx.h +++ b/arch/x86/include/uapi/asm/vmx.h @@ -93,6 +93,7 @@ #define EXIT_REASON_TPAUSE 68 #define EXIT_REASON_BUS_LOCK 74 #define EXIT_REASON_NOTIFY 75 +#define EXIT_REASON_TDCALL 77 #define VMX_EXIT_REASONS \ { EXIT_REASON_EXCEPTION_NMI, "EXCEPTION_NMI" }, \ @@ -156,7 +157,8 @@ { EXIT_REASON_UMWAIT, "UMWAIT" }, \ { EXIT_REASON_TPAUSE, "TPAUSE" }, \ { EXIT_REASON_BUS_LOCK, "BUS_LOCK" }, \ - { EXIT_REASON_NOTIFY, "NOTIFY" } + { EXIT_REASON_NOTIFY, "NOTIFY" }, \ + { EXIT_REASON_TDCALL, "TDCALL" } #define VMX_EXIT_REASON_FLAGS \ { VMX_EXIT_REASONS_FAILED_VMENTRY, "FAILED_VMENTRY" } diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 117c2315f087..0be58cd428b3 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -140,6 +140,41 @@ static __always_inline unsigned long tdexit_intr_info(struct kvm_vcpu *vcpu) return kvm_r9_read(vcpu); } +#define BUILD_TDVMCALL_ACCESSORS(param, gpr) \ +static __always_inline \ +unsigned long tdvmcall_##param##_read(struct kvm_vcpu *vcpu) \ +{ \ + return kvm_##gpr##_read(vcpu); \ +} \ +static __always_inline void tdvmcall_##param##_write(struct kvm_vcpu *vcpu, \ + unsigned long val) \ +{ \ + kvm_##gpr##_write(vcpu, val); \ +} +BUILD_TDVMCALL_ACCESSORS(a0, r12); +BUILD_TDVMCALL_ACCESSORS(a1, r13); +BUILD_TDVMCALL_ACCESSORS(a2, r14); +BUILD_TDVMCALL_ACCESSORS(a3, r15); + +static __always_inline unsigned long tdvmcall_exit_type(struct kvm_vcpu *vcpu) +{ + return kvm_r10_read(vcpu); +} +static __always_inline unsigned long tdvmcall_leaf(struct kvm_vcpu *vcpu) +{ + return kvm_r11_read(vcpu); +} +static __always_inline void tdvmcall_set_return_code(struct kvm_vcpu *vcpu, + long val) +{ + kvm_r10_write(vcpu, val); +} +static __always_inline void tdvmcall_set_return_val(struct kvm_vcpu *vcpu, + unsigned long val) +{ + kvm_r11_write(vcpu, val); +} + static inline bool is_td_vcpu_created(struct vcpu_tdx *tdx) { return tdx->td_vcpu_created; @@ -897,6 +932,11 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu) tdx_complete_interrupts(vcpu); + if (tdx->exit_reason.basic == EXIT_REASON_TDCALL) + tdx->tdvmcall.rcx = vcpu->arch.regs[VCPU_REGS_RCX]; + else + tdx->tdvmcall.rcx = 0; + return EXIT_FASTPATH_NONE; } @@ -968,6 +1008,17 @@ static int tdx_handle_triple_fault(struct kvm_vcpu *vcpu) return 0; } +static int handle_tdvmcall(struct kvm_vcpu *vcpu) +{ + switch (tdvmcall_leaf(vcpu)) { + default: + break; + } + + tdvmcall_set_return_code(vcpu, TDVMCALL_INVALID_OPERAND); + return 1; +} + void tdx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, int pgd_level) { WARN_ON_ONCE(root_hpa & ~PAGE_MASK); @@ -1442,6 +1493,8 @@ int tdx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t fastpath) return tdx_handle_exception(vcpu); case EXIT_REASON_EXTERNAL_INTERRUPT: return tdx_handle_external_interrupt(vcpu); + case EXIT_REASON_TDCALL: + return handle_tdvmcall(vcpu); case EXIT_REASON_EPT_VIOLATION: return tdx_handle_ept_violation(vcpu); case EXIT_REASON_EPT_MISCONFIG: diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index eaffa7384725..4399d474764f 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -83,6 +83,19 @@ struct vcpu_tdx { struct list_head cpu_list; + union { + struct { + union { + struct { + u16 gpr_mask; + u16 xmm_mask; + }; + u32 regs_mask; + }; + u32 reserved; + }; + u64 rcx; + } tdvmcall; union tdx_exit_reason exit_reason; bool initialized;