From patchwork Thu Jan 12 10:14:01 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 42353
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3802277wrt;
        Thu, 12 Jan 2023 02:18:27 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvkQtsvPg9hKzciZszyNncchZy/dYjqa06UfI/g2XmXSQ51InbFnE7iWm0Z92M+nxNOSbZk
X-Received: by 2002:a17:906:1dcd:b0:84c:c121:dc53 with SMTP id
 v13-20020a1709061dcd00b0084cc121dc53mr32616156ejh.34.1673518707100;
        Thu, 12 Jan 2023 02:18:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673518707; cv=none;
        d=google.com; s=arc-20160816;
        b=oE+HCHZgsz6Fo37DbBcxPbF2o/nX3SwoJKcyAPFfto2vxm7khtG2uYGVVUp85rA/Uk
         oVkqQFChLHMNgQ4JIMAa8hAdqkn6MKVx3P+4TuIsxhypFdO1QNfn0GUVRPnhnOK6aN5J
         OM8kk3cO1e7aZ0FkLuexPtRE4jYIZnGnO16uNo5nsUJmv3T8vTgF7voFq0mL3grJspd/
         kmmK4OpV0weLWsezsF6hoe2slN91myJoVqnf/fmmglu13LSDMaVxy9FYVNREGlzYqrFl
         ByH6UlJRJiDj1JNbI/2dsiXuk1rHq3FhcIW2bY9+HGFXXqpCbeUBVjc05Oa+Eg/h5qK8
         KisQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=K1EFqW7HeP+7knanKylKz0eGOiJYO9LEBkPWFxlpUvc=;
        b=abmNM32M60iUpz6MVnxbThQQDHznfHLsnW4sdMCtqCoG5JbV4rlY9HwTON+MphLrlF
         U6Q1q+JIUVd/niwpila4kWXNuR+H1JEH27x4XACZslmPGTBgA3HNcd6Ot2U+1tGifoZ2
         q/02AbXjDpga6cqemC8VGVjWf8hcUbAsWUWPJ9RlkdRngwBUE9lwBbrryD0JS6QYhQXd
         NrY3L5m2miemrP4+tVq8YqnJQmvMko41NiOVOteaXc6FOFDrlEEan/HiYVMff4kEv5XF
         YXxWJtzQ6hJA98LRFNG730Fnr/XvSE56ijVSenGQOIxl2j/LG1YBmJyWAsDd5HMuy7Kr
         gBIA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=UezXzceV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 o15-20020aa7d3cf000000b0048461eff750si14519620edr.563.2023.01.12.02.18.03;
        Thu, 12 Jan 2023 02:18:27 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=UezXzceV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230238AbjALKQs (ORCPT <rfc822;zhuangel570@gmail.com>
        + 99 others); Thu, 12 Jan 2023 05:16:48 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46436 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231814AbjALKO6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 05:14:58 -0500
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 30C502640
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Jan 2023 02:14:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673518459; x=1705054459;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=7DqRv8Yg6e6tLhs+ztrt2ocPkjLI6upwYnCAtIxC5R0=;
  b=UezXzceVkzK0H9uIP7Y+sdMryiFv7xGFoZktq1stbnNYGm1bPMcqVp7B
   dX/pclL6S64XOEVXSaVd2A4GWLcmfM/1kb/d5MHUJE6JITtwGEu4RNaxS
   FlD1/mPk71/rlORQw66iWkBDq7Jtfhx9AcaUsNCgRqXnlNqg8P+IOFT+J
   LXfQenv8fUWqiODC5X4Bq7E+iA0HqW7OzRcTXTeXrVjJPtFlibYKdS251
   cyz5PU4Kn/fEAVv5EDIpOGWhCD7A0xiRp6yqGGSk/si7dcjYYoNoMSTiV
   CygjV9zj2TvKyRi4amKcFvi9HD7LYrUpeu1opTGfA0o1bTLKDOvw4Yfcx
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="350892143"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="350892143"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:18 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="659722887"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="659722887"
Received: from glieseu-mobl.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.252.52.1])
  by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:16 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 7CD2F109AF1; Thu, 12 Jan 2023 13:14:13 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2 1/7] x86/tdx: Fix typo in comment in __tdx_hypercall()
Date: Thu, 12 Jan 2023 13:14:01 +0300
Message-Id: <20230112101407.24327-2-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.38.2
In-Reply-To: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
References: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754811551627813014?=
X-GMAIL-MSGID: =?utf-8?q?1754811551627813014?=

Comment in __tdx_hypercall() points that RAX==0 indicates TDVMCALL
failure which is opposite of the truth: RAX==0 is success.

Fix the comment. No functional changes.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdcall.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S
index f9eb1134f22d..74b108e94a0d 100644
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@ -155,7 +155,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	tdcall
 
 	/*
-	 * RAX==0 indicates a failure of the TDVMCALL mechanism itself and that
+	 * RAX!=0 indicates a failure of the TDVMCALL mechanism itself and that
 	 * something has gone horribly wrong with the TDX module.
 	 *
 	 * The return status of the hypercall operation is in a separate

From patchwork Thu Jan 12 10:14:02 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 42352
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3801980wrt;
        Thu, 12 Jan 2023 02:17:40 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXv5i/96zqVEL930X1BmbVAirfyX84prNfxQUK4vblUoZ34oQmNMqlT/Cv1Gzuy7v5S9fk0N
X-Received: by 2002:a17:907:c70c:b0:7c0:a247:2f3c with SMTP id
 ty12-20020a170907c70c00b007c0a2472f3cmr69564924ejc.1.1673518659786;
        Thu, 12 Jan 2023 02:17:39 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673518659; cv=none;
        d=google.com; s=arc-20160816;
        b=ceEtcXKsecMht6oDI/2ZPA3Veif2SQNtmEk7QxgHC+lCQw1HN+u2bdcykLUJYWfDZJ
         f7Vuatvq69H8Cnv0Ij0pxxkG0RpNVj1qWNySPSLCHngV+Q5ybgf7aRapwnEZmsr7G/N9
         N5eN5vRPaRDGFzyXpRTlsWP/a5bAFh5EvI641iWNSFHAyS14E8ThnMy9l1O8LxYkY8ro
         Eo6+TrQE1VsBIWkiOnhevDFvQuK3wD0UQiCzwAXaFPO81O6LMoQSglkoDUowkMRdVQcy
         6+fPN8qLAWJOILrFFCxKIUxJQXY3iNvqWZqZUngSHPrJ0NS6KfFCdWlfhahYDSGSQdju
         eHgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=71dCtI9KBCESFvd2lzJTsifDJJHw4Pa2rNsYT/j6I8s=;
        b=CADWytbiSsQ2q+RH/VzP1HDgQLPZYklu6MvJSjAye5pkjrKW7aM9HkUHoVWI0M5cvL
         wtpUFmkbvuYyyoSEWh4oLJguIKVLen0/aH/IqFP0XyyhRx8wUZ2pYy6zPS9NRVruZWVc
         c9O8E2AcpmmFf2DaRWfI91Fg0PO08aJXKsRMk/6y/e4lVq/jIymf9tIzMhtyKZMuRXgQ
         66xx7KX0a9Tj8hSsaWO6GQNl5BRv9zx2Ayb9fO7kuW6alkU4eR8EaEwQIYeh7Sj+ySjG
         74CgGhliMO14NeFHh90NljUcZI1p+581zCOCajYdODfdSVlgTGJ73Dplfx4TRSpzLo2O
         MhvQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=aay5pgjK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 xj4-20020a170906db0400b007c170f6b32esi15477396ejb.527.2023.01.12.02.17.15;
        Thu, 12 Jan 2023 02:17:39 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=aay5pgjK;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229666AbjALKQ0 (ORCPT <rfc822;zhuangel570@gmail.com>
        + 99 others); Thu, 12 Jan 2023 05:16:26 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46450 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239863AbjALKO7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 05:14:59 -0500
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A2795FE9
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Jan 2023 02:14:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673518461; x=1705054461;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=W8YJlqpgpyrIFdBluBlo3KeuiQWVU3Fxn6IGrBsufUk=;
  b=aay5pgjK9JHyw1h1AD4mCJ8pbGnJw8qCB6CaBsRv6hlPipFZvWTeyfwQ
   LfH7EjrzXMAGb5SaVxmkpJtuouxWiIq/qb1vd498FhYNNIxDDayoSSkIe
   sp+FrU54JI/TxNoCEZ5yI+xhtG4W2Vn10bZsoreN9HO5+wxAk0aQs92nA
   igrR3c1TNuZusKoSjBCQh3oWb5VW21TxTELdkfUia9hoSW6RQmgaveLxl
   qInfRWethwYyIMaqJ8TYpg157TR2E3cMFxTYvoQf4rcP3xzG6aUuRluRv
   dyycAbmFrbWZHPj+ATYoQC5cZ/yBFhmFORvdQJWXb1XlfNVoqYXILdbwQ
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="350892153"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="350892153"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:18 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="659722888"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="659722888"
Received: from glieseu-mobl.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.252.52.1])
  by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:16 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 872FE109AF2; Thu, 12 Jan 2023 13:14:13 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2 2/7] x86/tdx: Add more registers to struct
 tdx_hypercall_args
Date: Thu, 12 Jan 2023 13:14:02 +0300
Message-Id: <20230112101407.24327-3-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.38.2
In-Reply-To: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
References: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754811502407339428?=
X-GMAIL-MSGID: =?utf-8?q?1754811502407339428?=

struct tdx_hypercall_args is used to pass down hypercall arguments to
__tdx_hypercall() assembly routine.

Currently __tdx_hypercall() handles up to 6 arguments. In preparation to
changes in __tdx_hypercall(), expand the structure to 6 more registers
and generate asm offsets for them.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/include/asm/shared/tdx.h | 6 ++++++
 arch/x86/kernel/asm-offsets.c     | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h
index e53f26228fbb..8068faa52de1 100644
--- a/arch/x86/include/asm/shared/tdx.h
+++ b/arch/x86/include/asm/shared/tdx.h
@@ -22,12 +22,18 @@
  * This is a software only structure and not part of the TDX module/VMM ABI.
  */
 struct tdx_hypercall_args {
+	u64 r8;
+	u64 r9;
 	u64 r10;
 	u64 r11;
 	u64 r12;
 	u64 r13;
 	u64 r14;
 	u64 r15;
+	u64 rdi;
+	u64 rsi;
+	u64 rbx;
+	u64 rdx;
 };
 
 /* Used to request services from the VMM */
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
index 82c783da16a8..8650f29387e0 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -75,12 +75,18 @@ static void __used common(void)
 	OFFSET(TDX_MODULE_r11, tdx_module_output, r11);
 
 	BLANK();
+	OFFSET(TDX_HYPERCALL_r8,  tdx_hypercall_args, r8);
+	OFFSET(TDX_HYPERCALL_r9,  tdx_hypercall_args, r9);
 	OFFSET(TDX_HYPERCALL_r10, tdx_hypercall_args, r10);
 	OFFSET(TDX_HYPERCALL_r11, tdx_hypercall_args, r11);
 	OFFSET(TDX_HYPERCALL_r12, tdx_hypercall_args, r12);
 	OFFSET(TDX_HYPERCALL_r13, tdx_hypercall_args, r13);
 	OFFSET(TDX_HYPERCALL_r14, tdx_hypercall_args, r14);
 	OFFSET(TDX_HYPERCALL_r15, tdx_hypercall_args, r15);
+	OFFSET(TDX_HYPERCALL_rdi, tdx_hypercall_args, rdi);
+	OFFSET(TDX_HYPERCALL_rsi, tdx_hypercall_args, rsi);
+	OFFSET(TDX_HYPERCALL_rbx, tdx_hypercall_args, rbx);
+	OFFSET(TDX_HYPERCALL_rdx, tdx_hypercall_args, rdx);
 
 	BLANK();
 	OFFSET(BP_scratch, boot_params, scratch);

From patchwork Thu Jan 12 10:14:03 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 42347
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3801478wrt;
        Thu, 12 Jan 2023 02:16:18 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXsoIT6UFoENVlPCG1AqwBnU+3TrTG05QbPxjgZOHRvxYDQ1Wd4+rH70UbgnQGwuybOmAJYe
X-Received: by 2002:a17:906:c7d7:b0:855:2c8e:ad52 with SMTP id
 dc23-20020a170906c7d700b008552c8ead52mr9100236ejb.29.1673518578074;
        Thu, 12 Jan 2023 02:16:18 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673518578; cv=none;
        d=google.com; s=arc-20160816;
        b=Tw5cpIHKz7TjAGkTyhO56C1kC8a232krdV373nFHJCnHVcOR9zsScn1z54YGQLNvTK
         PMxK7Q0ycQufOGV89NgWv1RBZQMB3k6vzncx0Et7d4nnKu/7EWorHxLz+P4XHU8ZJuyS
         dKS4Dl4Jt5Wnbv9xrPCfYfrimDw448u2NizrgXxFBjM+FD1i5BBl8n9gTVotdPZBfVhg
         upJhL08jq0gIcQ8wEkknd2tzIxDLgihEsQz1b0uYM1x9lPYLI7ourYW/syPltZ5X6KP2
         II0b8g1aegc9jgP3XaOhtXHjolhO4+eqZ5BY5fUsc3+Og0yfgSgKKTln/Eiyx7ZSb/M2
         INMQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=T1m+PePJOk26P/eTreSSPWZH88iRYNWl/SdYRdcowd8=;
        b=Pyk6mM7REDT830rciuGu/zSjzuU1wJB4DW7LuziwVJ1kLuoUmvMP1d4D9vrpPHNamI
         zsDDkEWVPOIRnVxxn5LCwLul78HI0RcM4Lzcmie4GnswkOHRYie1oWOwEcfqypmRTm1I
         Y1e29B9tdytIKE5v76WUSF+9k85fyY5US2OXCehRf2/LtqaiHe1jTJMqBlyteJo2qOVw
         cTea10PiKfWojQu8RMZ0J5XKtNb8IloJ2BX9mjayz4Kz8lpj4JCH2MW4pOnVEpxRdpfq
         bnru97XNc6NibiuZhyfFAeCG+h34DTV9d+1+UDGE+OUvt8YGnq8SjCNhHx00fVBPjDZ5
         +SzQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=czBG3Twk;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 hg3-20020a1709072cc300b007ae9abf1994si17885671ejc.837.2023.01.12.02.15.53;
        Thu, 12 Jan 2023 02:16:18 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=czBG3Twk;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232070AbjALKPd (ORCPT <rfc822;zhuangel570@gmail.com>
        + 99 others); Thu, 12 Jan 2023 05:15:33 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46458 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239856AbjALKO6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 05:14:58 -0500
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C9C82AFF
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Jan 2023 02:14:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673518460; x=1705054460;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=uEzt+A3j9HcgIhKrHTIUtM43bVQXT7Fp7K0io/erJyk=;
  b=czBG3TwkJX61TZ9Orgb6OgD/a4vmKG0zSVi1/bCxHE9BaLDgY8/hXq04
   hk8r6jb3/WiDEJfdVE2rUJydPizRSKOVyQATx/pCMno4KSlLj48GE1P0d
   U7fgd/3H+LJMchD0W2J6tBt6I0GfC2JT5nk6wsWHi5UH7T6NzayGw76s2
   XTp92KykZXWLeirRTPJmJdLn628td0+sZ8uXCMdMirB1mYpTRMy+bKV/W
   fW8BiBUK1k0bCSKRxpCs7N7wp9L4npGGyoq171Ee1tBf/D0OV2zD9krOQ
   CT96nkDiYRfFzEl2xVnOxW+PXz2aN+iQCq11UYTuWfGef99HtVeWbMb3P
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="350892164"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="350892164"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:18 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="659722889"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="659722889"
Received: from glieseu-mobl.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.252.52.1])
  by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:16 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 918C7109AF3; Thu, 12 Jan 2023 13:14:13 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2 3/7] x86/tdx: Refactor __tdx_hypercall() to allow pass down
 more arguments
Date: Thu, 12 Jan 2023 13:14:03 +0300
Message-Id: <20230112101407.24327-4-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.38.2
In-Reply-To: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
References: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754811416566064377?=
X-GMAIL-MSGID: =?utf-8?q?1754811416566064377?=

RDI is the first argument to __tdx_hypercall() that used to pass pointer
to struct tdx_hypercall_args. RSI is the second argument that contains
flags, such as TDX_HCALL_HAS_OUTPUT and TDX_HCALL_ISSUE_STI.

RDI and RSI can also be used as arguments to TDVMCALL leafs. Move RDI to
RAX and RSI to RBP to free up them for the hypercall arguments.

RAX saved on stack during TDCALL as it returns status code in the
register.

RBP value has to be restored before returning from __tdx_hypercall() as
it is callee-saved register.

This is preparatory patch. No functional change.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdcall.S | 46 +++++++++++++++++++++++---------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S
index 74b108e94a0d..a9bb4cbb8197 100644
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@ -124,19 +124,26 @@ SYM_FUNC_START(__tdx_hypercall)
 	push %r14
 	push %r13
 	push %r12
+	push %rbp
+
+	/* Free RDI and RSI to be used as TDVMCALL arguments */
+	movq %rdi, %rax
+	movq %rsi, %rbp
+
+	/* Copy hypercall registers from arg struct: */
+	movq TDX_HYPERCALL_r10(%rax), %r10
+	movq TDX_HYPERCALL_r11(%rax), %r11
+	movq TDX_HYPERCALL_r12(%rax), %r12
+	movq TDX_HYPERCALL_r13(%rax), %r13
+	movq TDX_HYPERCALL_r14(%rax), %r14
+	movq TDX_HYPERCALL_r15(%rax), %r15
+
+	push %rax
 
 	/* Mangle function call ABI into TDCALL ABI: */
 	/* Set TDCALL leaf ID (TDVMCALL (0)) in RAX */
 	xor %eax, %eax
 
-	/* Copy hypercall registers from arg struct: */
-	movq TDX_HYPERCALL_r10(%rdi), %r10
-	movq TDX_HYPERCALL_r11(%rdi), %r11
-	movq TDX_HYPERCALL_r12(%rdi), %r12
-	movq TDX_HYPERCALL_r13(%rdi), %r13
-	movq TDX_HYPERCALL_r14(%rdi), %r14
-	movq TDX_HYPERCALL_r15(%rdi), %r15
-
 	movl $TDVMCALL_EXPOSE_REGS_MASK, %ecx
 
 	/*
@@ -148,7 +155,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	 * HLT operation indefinitely. Since this is the not the desired
 	 * result, conditionally call STI before TDCALL.
 	 */
-	testq $TDX_HCALL_ISSUE_STI, %rsi
+	testq $TDX_HCALL_ISSUE_STI, %rbp
 	jz .Lskip_sti
 	sti
 .Lskip_sti:
@@ -165,20 +172,22 @@ SYM_FUNC_START(__tdx_hypercall)
 	testq %rax, %rax
 	jne .Lpanic
 
-	/* TDVMCALL leaf return code is in R10 */
-	movq %r10, %rax
+	pop %rax
 
 	/* Copy hypercall result registers to arg struct if needed */
-	testq $TDX_HCALL_HAS_OUTPUT, %rsi
+	testq $TDX_HCALL_HAS_OUTPUT, %rbp
 	jz .Lout
 
-	movq %r10, TDX_HYPERCALL_r10(%rdi)
-	movq %r11, TDX_HYPERCALL_r11(%rdi)
-	movq %r12, TDX_HYPERCALL_r12(%rdi)
-	movq %r13, TDX_HYPERCALL_r13(%rdi)
-	movq %r14, TDX_HYPERCALL_r14(%rdi)
-	movq %r15, TDX_HYPERCALL_r15(%rdi)
+	movq %r10, TDX_HYPERCALL_r10(%rax)
+	movq %r11, TDX_HYPERCALL_r11(%rax)
+	movq %r12, TDX_HYPERCALL_r12(%rax)
+	movq %r13, TDX_HYPERCALL_r13(%rax)
+	movq %r14, TDX_HYPERCALL_r14(%rax)
+	movq %r15, TDX_HYPERCALL_r15(%rax)
 .Lout:
+	/* TDVMCALL leaf return code is in R10 */
+	movq %r10, %rax
+
 	/*
 	 * Zero out registers exposed to the VMM to avoid speculative execution
 	 * with VMM-controlled values. This needs to include all registers
@@ -189,6 +198,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	xor %r11d, %r11d
 
 	/* Restore callee-saved GPRs as mandated by the x86_64 ABI */
+	pop %rbp
 	pop %r12
 	pop %r13
 	pop %r14

From patchwork Thu Jan 12 10:14:04 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 42348
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3801518wrt;
        Thu, 12 Jan 2023 02:16:25 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXv8zY6AvLElf0reRmB2/lTx7/CQ40CGTw66lWdufA2YX9Mu1IfiBvNZ6I8zefPzRwzAb61Q
X-Received: by 2002:a05:6402:3886:b0:491:f4ae:1805 with SMTP id
 fd6-20020a056402388600b00491f4ae1805mr25198782edb.6.1673518584832;
        Thu, 12 Jan 2023 02:16:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673518584; cv=none;
        d=google.com; s=arc-20160816;
        b=NNbv4IXpwYIrXtRj0Mwcz2/nwZ0XcPyZJfzao8052+lWPwWKUaVEJmh8gj+zurANLw
         A/qE1sTTyAXW3gq4K6HSxjAiP0CL+jlm6zYByKVCM+oY4rCvL4xa7v0ofgntU9ma5hB2
         RoEJrXiSzlER08ue2SMtNmf3XzD3uKg4VBl04Y6dnibsnZGrMtkIB4hz0m8NpnoAdgJC
         M++X7J9pNaMdSogIvF4N/GSEi2+JPqsu0+npMaKclRwvHL27GT6YmOa6ZXSOgaut0wOs
         1EoaxjNaIxAPt/COuJNuiT6Qz4d8ek9xCdOFEre7vPrJq0JJcoR+N7Vc0SxqHOT1T3Ty
         WsuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=V1RKezW1xbMzPzso0umKZ/sDR6h4NUzCtWKJFIYtr58=;
        b=vrVEA58vNCzbqjl5dJynEgUokizYNtuZhqB/OoTbRRi+xs1fu5nuz1o4+bGgsXXDyn
         kvqZLpcweKsX+c41E+11PU1auLW4eIGLvNJrPLkVGOuDs430KfOMQL9Ntp1iFLRGd/8Z
         ouoL8NTKAiA4TGNG6YKvKE9yd0wnAD2NVzfovjDXOVES/AOkPjPIjCggwd8gsT+e1Olg
         4h6citz1gDJIjuy/pQpqlOTpGmN3nEmv4QS3MEvDbZW4zURxbAROPrk/tVVpPz1jHggi
         ATAorvm+2jtXgpnji45Sj9mF3zHlqcykjVGFdV21rsFLle3f5XKLSKNZeZKxAbpE/GvP
         kRlA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=FWQmKBvN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 v30-20020a50d59e000000b0048eaa959ebfsi18205950edi.161.2023.01.12.02.16.01;
        Thu, 12 Jan 2023 02:16:24 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=FWQmKBvN;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239783AbjALKPp (ORCPT <rfc822;zhuangel570@gmail.com>
        + 99 others); Thu, 12 Jan 2023 05:15:45 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46444 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239859AbjALKO6 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 05:14:58 -0500
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 503562BC1
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Jan 2023 02:14:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673518460; x=1705054460;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=u1+Us1v7vAIWg661NR3lzpiichhOwsbWY0acStIamJs=;
  b=FWQmKBvNSLZnyUAVl9tWid+tP9CLFfS/BtEpnTkrKcMMQa6iiodpNxLl
   flrOYTFq877izKMkXnoga2Tdrp0CV7f2yOje5YN6Wn3wrtiKsp6qA6keq
   KbysaM9Me/3msOYcONSla+ezajNZhpazBJ/djMXWFjfaOqXAXjlAzt6Jz
   bf1ajXe6th6Dh2eG2JYxM0BzJau+RGY+ltTkn7qqfvQOZIXDVu7dwhuof
   gj4OEGgPj6IakCfWBHMUeSdKti+ncF1CAtbg6ONdg74/2iqC5jBuD7tdT
   pEJgg6+hC4ks7+fxP8m/EPMDL89NAdhRL4ELVuRQV7SSiH81bIA2f+Xap
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="350892159"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="350892159"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:18 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="659722890"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="659722890"
Received: from glieseu-mobl.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.252.52.1])
  by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:16 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 9B74E109AF4; Thu, 12 Jan 2023 13:14:13 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2 4/7] x86/tdx: Expand __tdx_hypercall() to handle more
 arguments
Date: Thu, 12 Jan 2023 13:14:04 +0300
Message-Id: <20230112101407.24327-5-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.38.2
In-Reply-To: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
References: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754811423313136519?=
X-GMAIL-MSGID: =?utf-8?q?1754811423313136519?=

So far __tdx_hypercall() only handles six arguments for VMCALL.
Expanding it to six more register would allow to cover more use-cases
like ReportFatalError() and Hyper-V hypercalls.

With all preparations in place, the expansion is pretty straight
forward.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdcall.S | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S
index a9bb4cbb8197..5da06d1a9ba3 100644
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@ -13,6 +13,12 @@
 /*
  * Bitmasks of exposed registers (with VMM).
  */
+#define TDX_RDX		BIT(2)
+#define TDX_RBX		BIT(3)
+#define TDX_RSI		BIT(6)
+#define TDX_RDI		BIT(7)
+#define TDX_R8		BIT(8)
+#define TDX_R9		BIT(9)
 #define TDX_R10		BIT(10)
 #define TDX_R11		BIT(11)
 #define TDX_R12		BIT(12)
@@ -27,9 +33,9 @@
  * details can be found in TDX GHCI specification, section
  * titled "TDCALL [TDG.VP.VMCALL] leaf".
  */
-#define TDVMCALL_EXPOSE_REGS_MASK	( TDX_R10 | TDX_R11 | \
-					  TDX_R12 | TDX_R13 | \
-					  TDX_R14 | TDX_R15 )
+#define TDVMCALL_EXPOSE_REGS_MASK	\
+	( TDX_RDX | TDX_RBX | TDX_RSI | TDX_RDI | TDX_R8  | TDX_R9  | \
+	  TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15 )
 
 /*
  * __tdx_module_call()  - Used by TDX guests to request services from
@@ -124,6 +130,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	push %r14
 	push %r13
 	push %r12
+	push %rbx
 	push %rbp
 
 	/* Free RDI and RSI to be used as TDVMCALL arguments */
@@ -131,12 +138,18 @@ SYM_FUNC_START(__tdx_hypercall)
 	movq %rsi, %rbp
 
 	/* Copy hypercall registers from arg struct: */
+	movq TDX_HYPERCALL_r8(%rax),  %r8
+	movq TDX_HYPERCALL_r9(%rax),  %r9
 	movq TDX_HYPERCALL_r10(%rax), %r10
 	movq TDX_HYPERCALL_r11(%rax), %r11
 	movq TDX_HYPERCALL_r12(%rax), %r12
 	movq TDX_HYPERCALL_r13(%rax), %r13
 	movq TDX_HYPERCALL_r14(%rax), %r14
 	movq TDX_HYPERCALL_r15(%rax), %r15
+	movq TDX_HYPERCALL_rdi(%rax), %rdi
+	movq TDX_HYPERCALL_rsi(%rax), %rsi
+	movq TDX_HYPERCALL_rbx(%rax), %rbx
+	movq TDX_HYPERCALL_rdx(%rax), %rdx
 
 	push %rax
 
@@ -178,12 +191,18 @@ SYM_FUNC_START(__tdx_hypercall)
 	testq $TDX_HCALL_HAS_OUTPUT, %rbp
 	jz .Lout
 
+	movq %r8,  TDX_HYPERCALL_r8(%rax)
+	movq %r9,  TDX_HYPERCALL_r9(%rax)
 	movq %r10, TDX_HYPERCALL_r10(%rax)
 	movq %r11, TDX_HYPERCALL_r11(%rax)
 	movq %r12, TDX_HYPERCALL_r12(%rax)
 	movq %r13, TDX_HYPERCALL_r13(%rax)
 	movq %r14, TDX_HYPERCALL_r14(%rax)
 	movq %r15, TDX_HYPERCALL_r15(%rax)
+	movq %rdi, TDX_HYPERCALL_rdi(%rax)
+	movq %rsi, TDX_HYPERCALL_rsi(%rax)
+	movq %rbx, TDX_HYPERCALL_rbx(%rax)
+	movq %rdx, TDX_HYPERCALL_rdx(%rax)
 .Lout:
 	/* TDVMCALL leaf return code is in R10 */
 	movq %r10, %rax
@@ -191,14 +210,20 @@ SYM_FUNC_START(__tdx_hypercall)
 	/*
 	 * Zero out registers exposed to the VMM to avoid speculative execution
 	 * with VMM-controlled values. This needs to include all registers
-	 * present in TDVMCALL_EXPOSE_REGS_MASK (except R12-R15). R12-R15
-	 * context will be restored.
+	 * present in TDVMCALL_EXPOSE_REGS_MASK, except RBX, and R12-R15 which
+	 * will be restored.
 	 */
+	xor %r8d,  %r8d
+	xor %r9d,  %r9d
 	xor %r10d, %r10d
 	xor %r11d, %r11d
+	xor %rdi,  %rdi
+	xor %rsi,  %rsi
+	xor %rdx,  %rdx
 
 	/* Restore callee-saved GPRs as mandated by the x86_64 ABI */
 	pop %rbp
+	pop %rbx
 	pop %r12
 	pop %r13
 	pop %r14

From patchwork Thu Jan 12 10:14:05 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 42350
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3801665wrt;
        Thu, 12 Jan 2023 02:16:51 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXtW+81daO4x+yvJLbVJX68DCk97o31Xn0w250syIme7h1q4UeoVgWPeqT7HX8LCIgC0cKCN
X-Received: by 2002:a17:906:48d5:b0:84d:489b:ed8e with SMTP id
 d21-20020a17090648d500b0084d489bed8emr11452418ejt.5.1673518611478;
        Thu, 12 Jan 2023 02:16:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673518611; cv=none;
        d=google.com; s=arc-20160816;
        b=Ixultz7Gs6634laTV9eGmHiVb3VgE0FozIUl2pR+ciAH/5NXePB2bUR6z3/a+LRaMT
         vAtVnLuVczMfZejv971thaosbcv0KgOeAqHMM7s31xj8Z7D6GfWewo74DPLTE26nAM1f
         gPIBofGj2GO88vIg6ptdVv8tP1l2Px2Yt8hbltllIx6FoQvU0Evu3PKGhdsYmEyOsOF/
         Qn39zukj3V9mg5ep0Cr+/kjvoh+nEWBW5hoGOr63uw7O8BV0PJ/ArAsVNJn6jZwH25WD
         /HTCc7fn8fCqtiW1SQseH3N7H+MfvQWRioTMjscsoJ9Azg8ClJv37N8whNEzeCbXeV8g
         kPwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=IHxNNdb3DA1SGvH8jBEKX/e1Qr3pQHvGrYRnJwJPIJY=;
        b=hti04D1/+fZaozKrYBNX/2rWCgWz/h6E8uPok+sg0M1gKK18HizkUindj5cTksMMBz
         FrD9djD9hfBJ9Uzw7c1OKUNQbl9764hcoxOkPbux0+vYJfz17mfWnlXtLDnbdvuwgs8Y
         Uqf3tDjw6vY5Fw4hBurtplQCTj4GS4amoB9VqYZaK/f5vhG8gebIW8/mktEvwB+Udjh9
         s3V5YnYBuYlaDdwmUnhJHzNGLTFeDcVH3UtSm5DD+q8TPaIk22jYmdtWyZ+tFCH/nzQE
         d9f+FOShJ7wTzgSqa55HKZmGs5XeYJee7mvuRJCR2BXuR11r1tMJKEmkOeIfckpy9N40
         X3oQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=AdultxN9;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 gs6-20020a1709072d0600b007c170f6b32bsi18394780ejc.266.2023.01.12.02.16.26;
        Thu, 12 Jan 2023 02:16:51 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=AdultxN9;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239981AbjALKQD (ORCPT <rfc822;zhuangel570@gmail.com>
        + 99 others); Thu, 12 Jan 2023 05:16:03 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46438 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239871AbjALKPB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 05:15:01 -0500
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C7E0362EC
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Jan 2023 02:14:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673518465; x=1705054465;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=7okiIaj1mXjjqjJ5IKQzDQSQ9jvp5ruk3bnJVX6pMgw=;
  b=AdultxN9Xm61l6JCLZ94HprPLAjpGPsuG3cbxLcv1iKqS9+WILhp1/jN
   G1Pf5v7f+ACDaBknHCTplWRzE1LWMMNk9Gy2fgVV3hcjOUcL7qQKpUnD7
   KMDemoVK01LNSX7LjzeOM0wTlZnvV5beeACdTuIFOV96LEUP2YnyiQRom
   XjSIbtJOBJQLdT0yFYoZ8CkkfGm6YyLa4ar7NN4l7iSPE8yvzogf5hV6W
   64jMPJaIoJp5vnZf3tBNm04uIxjgZlBS+gbRwP4+CBkG9XX1y2UzcxYfo
   3EnFxIhYEeAWKnuC8Bg0kR0EWjqFg8IISYc5yqOiEX1Bz+m8I5NJZJm0Y
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="324899419"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="324899419"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:24 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="903128291"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="903128291"
Received: from glieseu-mobl.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.252.52.1])
  by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:21 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id A551D109AF5; Thu, 12 Jan 2023 13:14:13 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2 5/7] x86/tdx: Use ReportFatalError to report missing
 SEPT_VE_DISABLE
Date: Thu, 12 Jan 2023 13:14:05 +0300
Message-Id: <20230112101407.24327-6-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.38.2
In-Reply-To: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
References: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754811451982767964?=
X-GMAIL-MSGID: =?utf-8?q?1754811451982767964?=

Linux TDX guests require that the SEPT_VE_DISABLE "attribute" be set.
If it is not set, the kernel is theoretically required to handle
exceptions anywhere that kernel memory is accessed, including places
like NMI handlers and in the syscall entry gap.

Rather than even try to handle these exceptions, the kernel refuses to
run if SEPT_VE_DISABLE is unset.

However, the SEPT_VE_DISABLE detection and refusal code happens very
early in boot, even before earlyprintk runs.  Calling panic() will
effectively just hang the system.

Instead, call a TDX-specific panic() function.  This makes a very simple
TDVMCALL which gets a short error string out to the hypervisor without
any console infrastructure.

Use TDG.VP.VMCALL<ReportFatalError> to report the error. The hypercall
can encode message up to 64 bytes in eight registers.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdx.c | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 669d9e4f2901..56accf653709 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -22,6 +22,7 @@
 
 /* TDX hypercall Leaf IDs */
 #define TDVMCALL_MAP_GPA		0x10001
+#define TDVMCALL_REPORT_FATAL_ERROR	0x10003
 
 /* MMIO direction */
 #define EPT_READ	0
@@ -140,6 +141,41 @@ int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport)
 }
 EXPORT_SYMBOL_GPL(tdx_mcall_get_report0);
 
+static void __noreturn tdx_panic(const char *msg)
+{
+	struct tdx_hypercall_args args = {
+		.r10 = TDX_HYPERCALL_STANDARD,
+		.r11 = TDVMCALL_REPORT_FATAL_ERROR,
+		.r12 = 0, /* Error code: 0 is Panic */
+	};
+	union {
+		/* Define register order according to the GHCI */
+		struct { u64 r14, r15, rbx, rdi, rsi, r8, r9, rdx; };
+
+		char str[64];
+	} message;
+
+	/* VMM assumes '\0' in byte 65, if the message took all 64 bytes */
+	strncpy(message.str, msg, 64);
+
+	args.r8  = message.r8;
+	args.r9  = message.r9;
+	args.r14 = message.r14;
+	args.r15 = message.r15;
+	args.rdi = message.rdi;
+	args.rsi = message.rsi;
+	args.rbx = message.rbx;
+	args.rdx = message.rdx;
+
+	/*
+	 * Keep calling the hypercall in case VMM did not terminated
+	 * the TD as it must.
+	 */
+	while (1) {
+		__tdx_hypercall(&args, 0);
+	}
+}
+
 static void tdx_parse_tdinfo(u64 *cc_mask)
 {
 	struct tdx_module_output out;
@@ -172,7 +208,7 @@ static void tdx_parse_tdinfo(u64 *cc_mask)
 	 */
 	td_attr = out.rdx;
 	if (!(td_attr & ATTR_SEPT_VE_DISABLE))
-		panic("TD misconfiguration: SEPT_VE_DISABLE attibute must be set.\n");
+		tdx_panic("TD misconfiguration: SEPT_VE_DISABLE attribute must be set.");
 }
 
 /*

From patchwork Thu Jan 12 10:14:06 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 42349
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3801560wrt;
        Thu, 12 Jan 2023 02:16:33 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXuWhhHOLdBtoxE2eUCje0ztNjPVvEsXlZxJGjV+wI4rYsgQ3c18iT7GPOrV53rmiLMVGbFK
X-Received: by 2002:aa7:d78b:0:b0:48c:cb73:7be0 with SMTP id
 s11-20020aa7d78b000000b0048ccb737be0mr34192520edq.23.1673518592817;
        Thu, 12 Jan 2023 02:16:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673518592; cv=none;
        d=google.com; s=arc-20160816;
        b=x95Dju6i0ikCgjkNmAx4BpK/K1w0i7R+MM0man5uezN43oaRf98cDc61V4Gq3dscLS
         5rKPfe6+L22mYKEmng1EbWFGklgbhxWMzbloZHJEPqe2psZsq8/ngKXagZmpmSWu1SZG
         kLbMaWMCboFV9YPla47blB8bWuu3wdzdEBEspwSIK4qGixskuCadc2HGlWJ9xiLJH7sL
         t79J2dX/U5tw6OFyjPZe+7xrUJqp8DbircSUw7zbZCFovmzOkfNdMemvzqgr9GDRv00Y
         38ilzXKLTYl83oG9cG0SoAYhYK/cKYyUa9/defzDjNLU/G3+qSqwd+DhXek9D9tMTNOr
         0Q9A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=X97DKDbIB/H8cRwxpWF0ud3t4nhFByGGBS9xsv+n/c4=;
        b=ziJ6/o6ZSSsVaOwGnMn7He81icNI1NEcATIKFdtf7J0QGBGO78U7gsZOzny7ivuknV
         mQ7SWEw+QjGkJfizZ7dKLMYlUWznSv/N1U/l2+Xmg/n6oci+PcIwB08yuXnAo3HFq2fl
         QafOIP6JlQeGEN6g9IxAClkTAzvM8vDiuh+iNrEvviMO6tHAH5BdJTWJKZHWVmmy7Zxr
         huygCRCjTm3/Z39j+lKc/29wX/EsVrjVPYW8kabpduW+gqEvDsY51j2EK59rZOfJqBHZ
         iKVkRMuUFrR/yuC2YrtwUphlxJYgHBqLFqE4/J2GG1EV7+KoHHAlXK7N3i2hbvRLMYzT
         bCAg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=LRVZ29Tf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 s6-20020a056402520600b00493952a2f8esi6928541edd.269.2023.01.12.02.16.08;
        Thu, 12 Jan 2023 02:16:32 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=LRVZ29Tf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229829AbjALKPv (ORCPT <rfc822;zhuangel570@gmail.com>
        + 99 others); Thu, 12 Jan 2023 05:15:51 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46396 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S239865AbjALKPA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 05:15:00 -0500
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8929F2BC3
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Jan 2023 02:14:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673518463; x=1705054463;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=oRXi0A8UvnI9/37rkmxYQJBeXqQb51nyJuKI+eZ9+L0=;
  b=LRVZ29Tfyj3Wl0uGBie3wyX5tY98zZjbNQ9hUTpDKwcUVuc4KR2CfPNq
   CNnL6jnLilgtAyok7W0PKACK7XGHlbX1fe77My3NGvvkqw2Elj0ZG2w33
   3tmIqdrDsO8DeIw0fQlHG8e27qLs4H4wTFU1KAIOm0mpvOr8BYUBsrQBv
   TWIxVPhn/K8kpBCufnFUiPfmScKC30spDWEf8PEAMUlIOeDcXcVs5RKSH
   Cj3PdIixFOyS4E4VBkrpcpsMP+vtAdzKCm6n7Qu8FCwJXunotllPvIVKI
   u1iZb7IhzBSJzdaFPc7lXP0XEH5zFNRT/LIACRB63W3iy3WYMr5oBtjs0
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="350892187"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="350892187"
Received: from fmsmga007.fm.intel.com ([10.253.24.52])
  by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:23 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="659722914"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="659722914"
Received: from glieseu-mobl.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.252.52.1])
  by fmsmga007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:20 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id AEE8A109AF6; Thu, 12 Jan 2023 13:14:13 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2 6/7] x86/tdx: Relax SEPT_VE_DISABLE check for debug TD
Date: Thu, 12 Jan 2023 13:14:06 +0300
Message-Id: <20230112101407.24327-7-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.38.2
In-Reply-To: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
References: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754811431893540674?=
X-GMAIL-MSGID: =?utf-8?q?1754811431893540674?=

A "SEPT #VE" occurs when a TDX guest touches memory that is not properly
mapped into the "secure EPT".  This can be the result of hypervisor
attacks or bugs, *OR* guest bugs.  Most notably, buggy guests might
touch unaccepted memory for lots of different memory safety bugs like
buffer overflows.

TDX guests do not want to continue in the face of hypervisor attacks or
hypervisor bugs.  They want to terminate as fast and safely as possible.
SEPT_VE_DISABLE ensures that TDX guests *can't* continue in the face of
these kinds of issues.

But, that causes a problem.  TDX guests that can't continue can't spit
out oopses or other debugging info.  In essence SEPT_VE_DISABLE=1 guests
are not debuggable.

Relax the SEPT_VE_DISABLE check to warning on debug TD and panic() in
the #VE handler on EPT-violation on private memory. It will produce
useful backtrace.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdx.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 56accf653709..2f4fbb7cd990 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -38,6 +38,7 @@
 #define VE_GET_PORT_NUM(e)	((e) >> 16)
 #define VE_IS_IO_STRING(e)	((e) & BIT(4))
 
+#define ATTR_DEBUG		BIT(0)
 #define ATTR_SEPT_VE_DISABLE	BIT(28)
 
 /* TDX Module call error codes */
@@ -207,8 +208,15 @@ static void tdx_parse_tdinfo(u64 *cc_mask)
 	 * TD-private memory.  Only VMM-shared memory (MMIO) will #VE.
 	 */
 	td_attr = out.rdx;
-	if (!(td_attr & ATTR_SEPT_VE_DISABLE))
-		tdx_panic("TD misconfiguration: SEPT_VE_DISABLE attribute must be set.");
+	if (!(td_attr & ATTR_SEPT_VE_DISABLE)) {
+		const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set.";
+
+		/* Relax SEPT_VE_DISABLE check for debug TD. */
+		if (td_attr & ATTR_DEBUG)
+			pr_warn("%s\n", msg);
+		else
+			tdx_panic(msg);
+	}
 }
 
 /*
@@ -664,6 +672,11 @@ static int virt_exception_user(struct pt_regs *regs, struct ve_info *ve)
 	}
 }
 
+static inline bool is_private_gpa(u64 gpa)
+{
+	return gpa == cc_mkenc(gpa);
+}
+
 /*
  * Handle the kernel #VE.
  *
@@ -682,6 +695,8 @@ static int virt_exception_kernel(struct pt_regs *regs, struct ve_info *ve)
 	case EXIT_REASON_CPUID:
 		return handle_cpuid(regs, ve);
 	case EXIT_REASON_EPT_VIOLATION:
+		if (is_private_gpa(ve->gpa))
+			panic("Unexpected EPT-violation on private memory.");
 		return handle_mmio(regs, ve);
 	case EXIT_REASON_IO_INSTRUCTION:
 		return handle_io(regs, ve);

From patchwork Thu Jan 12 10:14:07 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 42351
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3801669wrt;
        Thu, 12 Jan 2023 02:16:52 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXu8SWO+07Bo2YdMdKRFtCkAxb/lNVHMEfGTd/Us09vgHZbLVZ+x1uSvjl48Jz9j/Tw5DRI0
X-Received: by 2002:a17:907:9712:b0:7aa:491c:6cdf with SMTP id
 jg18-20020a170907971200b007aa491c6cdfmr81663616ejc.18.1673518611897;
        Thu, 12 Jan 2023 02:16:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1673518611; cv=none;
        d=google.com; s=arc-20160816;
        b=Q1cJ6xLAvaJ2i0q3OI11z3k1GliAs/fkT1suunVYyir5QVcJg7Uu6hOyrtRpaD9PEA
         EsSDHrv3KXrppMWLWMS36uMtUvtAwPNaTWEw07Om5kkJfXfz9C7rmJlxj5o0XH9X81WS
         nkhgZxmLDxXNHCYVQunI33CPzeZcMv16tnVtBeD0CNMZNAtvj7kGBlavySQnjvBd9kXc
         jxB4YEJHt4oPRfrqitUwOV7Q1MBcVZf3fWVMEfkyve9aR76Hq+s2LRE8aTdetVvsSNiw
         5l7Ze+1NBx9K1lQXwrL5D4oZ1guAIHhqTBmodp1uLCtjR7EFWWfkjFcRsGjSVgccuz82
         WkBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=HBK2+MLM21xEEDlhalF8hPP82+Z3DJVuIKn0sPTb5Kc=;
        b=kIMmDd1EfscxvYggd7exYTccrodTekuNqcj1MfTbr3hw8+zaLOxtSV/7nahxoJ46s9
         bDLbxvm+ippZSldUHvwYMrHfbA1wajDpk9G9K4V+ZvduSDJCF1lb0srcYj7EyW8YPceW
         Ekwxh7gTM+7NkMFZhFcqEv4LdOY3lvVeP05azDAns5QkHW+7LefMVP+1qg9PYyJHNNzp
         35voWayuOG7jOxJKOQ6IJawSVtgau3dV/Tv0iZXMs7gNr+VLACBq2lfsnse2A5kNV9P/
         VVY/YM911aHWwXK8R1gdyd3PHWrr0k5O7g+FJOlagtzbat7uKmzWXN20U7aDi7GI+BaE
         J2Fg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=ZuovMUXY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 xf10-20020a17090731ca00b0084d42589be6si340256ejb.787.2023.01.12.02.16.26;
        Thu, 12 Jan 2023 02:16:51 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=ZuovMUXY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239988AbjALKQM (ORCPT <rfc822;zhuangel570@gmail.com>
        + 99 others); Thu, 12 Jan 2023 05:16:12 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46440 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237019AbjALKPA (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Jan 2023 05:15:00 -0500
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF8DB62E7
        for <linux-kernel@vger.kernel.org>;
 Thu, 12 Jan 2023 02:14:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1673518464; x=1705054464;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=LevyWGVkjbR3XtkwGaqhIDNbRXys+KmZlOUqinj8SNU=;
  b=ZuovMUXY6fnFmy0ZxxCgq8sGq4SPLSlFZSOrgn1mQYYXXlO8iflfKasJ
   oS985OVzy/VHlsAxmr4mdAySriRdm0V6XxT6uQZQDAw+gPfDGmtqW23qe
   Zf3wDgPQflyGswv/2Fmwajx8VKHHqXKyKVSwBq2L9xFedDzG7WZ95/QVy
   WM8m2SIotqTXcwFXYMSIQLHcAijvkvQdcESZVabRPRsKHjJf2SlsIWpam
   EhQBaMyaHpxZa3DyB03RErqzPvaDUkYxqUWoVk/xK+6kNjktkcEa71XDg
   Ai4Y2AoNf7NZja7xqR8zBOejgD57Of9RuQ5upMN+wldBIhmFGSkjETHxi
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="324899417"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="324899417"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:24 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="903128288"
X-IronPort-AV: E=Sophos;i="5.96,319,1665471600";
   d="scan'208";a="903128288"
Received: from glieseu-mobl.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.252.52.1])
  by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Jan 2023 02:14:21 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id B9318109AF7; Thu, 12 Jan 2023 13:14:13 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2 7/7] x86/tdx: Disable NOTIFY_ENABLES
Date: Thu, 12 Jan 2023 13:14:07 +0300
Message-Id: <20230112101407.24327-8-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.38.2
In-Reply-To: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
References: <20230112101407.24327-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,
        RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1754811451614984180?=
X-GMAIL-MSGID: =?utf-8?q?1754811451614984180?=

== Background ==

There is a class of side-channel attacks against SGX enclaves called
"SGX Step"[1]. These attacks create lots of exceptions inside of
enclaves. Basically, run an in-enclave instruction, cause an exception.
Over and over.

There is a concern that a VMM could attack a TDX guest in the same way
by causing lots of #VE's. The TDX architecture includes new
countermeasures for these attacks. It basically counts the number of
exceptions and can send another *special* exception once the number of
VMM-induced #VE's hits a critical threshold[2].

== Problem ==

But, these special exceptions are independent of any action that the
guest takes. They can occur anywhere that the guest executes. This
includes sensitive areas like the entry code. The (non-paranoid) #VE
handler is incapable of handling exceptions in these areas.

== Solution ==

Fortunately, the special exceptions can be disabled by the guest via
write to NOTIFY_ENABLES TDCS field. NOTIFY_ENABLES is disabled by
default, but might be enabled by a bootloader, firmware or an earlier
kernel before the current kernel runs.

Disable NOTIFY_ENABLES feature explicitly and unconditionally. Any
NOTIFY_ENABLES-based #VE's that occur before this point will end up
in the early #VE exception handler and die due to unexpected exit
reason.

[1] https://github.com/jovanbulck/sgx-step
[2] https://intel.github.io/ccc-linux-guest-hardening-docs/security-spec.html#safety-against-ve-in-kernel-code

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@intel.com>
---
 arch/x86/coco/tdx/tdx.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 2f4fbb7cd990..d72176a7d3a0 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -19,6 +19,10 @@
 #define TDX_GET_VEINFO			3
 #define TDX_GET_REPORT			4
 #define TDX_ACCEPT_PAGE			6
+#define TDX_WR				8
+
+/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */
+#define TDCS_NOTIFY_ENABLES		0x9100000000000010
 
 /* TDX hypercall Leaf IDs */
 #define TDVMCALL_MAP_GPA		0x10001
@@ -863,6 +867,9 @@ void __init tdx_early_init(void)
 	tdx_parse_tdinfo(&cc_mask);
 	cc_set_mask(cc_mask);
 
+	/* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */
+	tdx_module_call(TDX_WR, 0, TDCS_NOTIFY_ENABLES, 0, -1ULL, NULL);
+
 	/*
 	 * All bits above GPA width are reserved and kernel treats shared bit
 	 * as flag, not as part of physical address.