From patchwork Thu Jan 26 22:11:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 48937 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp521325wrn; Thu, 26 Jan 2023 14:35:14 -0800 (PST) X-Google-Smtp-Source: AMrXdXvS1p/p8bQJ1ItOOo99B9KtM/wKdawEai4Q+BrA/Vl6lN9NYr9wGNgOINhWCu7ve3qnaBgg X-Received: by 2002:a17:90b:4b92:b0:229:f4e1:d4b1 with SMTP id lr18-20020a17090b4b9200b00229f4e1d4b1mr28718748pjb.22.1674772513799; Thu, 26 Jan 2023 14:35:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674772513; cv=none; d=google.com; s=arc-20160816; b=jrXtojEHgAQJbeTm7JDhQmI/ycIlZxS/EYWtTT7r3uqA37C4cr+fzQpZic+mqm423I dS/GiEZtnqnHkJFCKKLjR0JnfBwgWhptt9K3WnwBTxv+7fDTQa98w6hhpX8eS7eeoSPy cewQOi6LMlFj4BWcFAb7tcwrE/bKiLuWL2P9z+cJqJq0iuEJToRKbFtb0sD4y5uUrrbB EsGfqH8u+SkgZPMtPHVe2lnMVURYsHz2Zrjs41oUbXL9mLhiKztMdWS8294iHFzY8xio JL1Bjc/In0vtFBGeM0b8YWYKO37vlqIaLf6YFKjAffPoiA9/HYoB9VoTgNTOM9FrR3TJ ceqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ByRWNsCv2c4A5S16N1DOtk2baxa6ut0w2IZNupeNMoc=; b=iDZiNV31uioo05feAsGjLJGgRzbQcxov+2aQveWb7zshyHhRm4XxM9EOmTUS6oqlO4 lUWheHrEJiUUoDagk70cCwkFTg4i8GLsXEJosvqiGDT3lzp0CZNEpT4xWVqI+YzSsCuU 8GfzWre0AvPW9AwzdvbwbwthxTBDbvNnRpqHzxnUb4xZTQ0FtuQ7Ghb+DPQc62LOZjJT BPeLlqnQDpb6VcEsHyV3sqdXG/kVnJxPUE5IPNWWhbFJQJl4+GP7Eq42MS2AgEINLLjK dHwrzj5v32p2Qk0FO4ianae7QiU4YFg2HL8LNzy0mCPc9LxlIoa/K2vyYHanqeOVtgCT q5lw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Aa3FF7gA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a9-20020a17090abe0900b002296b422fb9si2895329pjs.2.2023.01.26.14.34.52; Thu, 26 Jan 2023 14:35:13 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Aa3FF7gA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233053AbjAZWdK (ORCPT + 99 others); Thu, 26 Jan 2023 17:33:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233210AbjAZWck (ORCPT ); Thu, 26 Jan 2023 17:32:40 -0500 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69A806DFF6 for ; Thu, 26 Jan 2023 14:32:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674772341; x=1706308341; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=oJ60TuZ/WAThDiZfd1xgtqkLBDwCMemAxdyGLVSzJlk=; b=Aa3FF7gA9+RqijlcJJtV8cvQQBK4Ha7eqjcjWKnm8GJWnVwF3cwimOS8 hLoZ829q40U2WFYXel2GbQzu+b0f0dzfSsAlZzMgPczx68rij0N1BzDfC dm9q506osoe/4iOJZ+hA8A20Do9QzUuvA2kxFys5mn3zYCvW1cXiyiZYX 5BeJZevGA8Op0Z/NjYCpLB3PzPGxQm/hwudsXL4tWcRFq0pS/jU+X5HoT 1JIjbzELSrx4uByHcRg9tpT/naM9dTDZFfD24VIVbdsKgx8un9iyb2Lqx RB+UXaxRLYK8QmUfJVBWOOCmxt2PRbj9OZXQwQ2DQ/yzWr3fxZhowb0Se Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="391516403" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="391516403" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:08 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="908411169" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="908411169" Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.210.179]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:05 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 4945410DB5C; Fri, 27 Jan 2023 01:12:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Borislav Petkov , Andy Lutomirski Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2, RESEND 1/7] x86/tdx: Fix typo in comment in __tdx_hypercall() Date: Fri, 27 Jan 2023 01:11:53 +0300 Message-Id: <20230126221159.8635-2-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756126263226928760?= X-GMAIL-MSGID: =?utf-8?q?1756126263226928760?= Comment in __tdx_hypercall() points that RAX==0 indicates TDVMCALL failure which is opposite of the truth: RAX==0 is success. Fix the comment. No functional changes. Signed-off-by: Kirill A. Shutemov --- arch/x86/coco/tdx/tdcall.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S index f9eb1134f22d..74b108e94a0d 100644 --- a/arch/x86/coco/tdx/tdcall.S +++ b/arch/x86/coco/tdx/tdcall.S @@ -155,7 +155,7 @@ SYM_FUNC_START(__tdx_hypercall) tdcall /* - * RAX==0 indicates a failure of the TDVMCALL mechanism itself and that + * RAX!=0 indicates a failure of the TDVMCALL mechanism itself and that * something has gone horribly wrong with the TDX module. * * The return status of the hypercall operation is in a separate From patchwork Thu Jan 26 22:11:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 48934 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp521166wrn; Thu, 26 Jan 2023 14:34:44 -0800 (PST) X-Google-Smtp-Source: AMrXdXv+fbD+N3/XUN5z5eCpRBCoZwX2k1Yl1yzurcrxG05VsmsJx1dOMXENRob2rAUnAMdojq+r X-Received: by 2002:a17:902:9349:b0:194:d272:5567 with SMTP id g9-20020a170902934900b00194d2725567mr23422183plp.69.1674772483868; Thu, 26 Jan 2023 14:34:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674772483; cv=none; d=google.com; s=arc-20160816; b=AaRlldTrl9JvOS6RU0kS8JeqhftjsM0ooKsWOuz+we029p2Layv9+DjvgCN3ZNk6RB 4pwIan0hsebauXV+tWPIBBNOMis0RZkm8KOl0Mv6XjjX1jqaAQ3GKPu0wsNa9ExS7aha 98HjBYny5PSE55kFCtgRxc2OryAEOGe3P0nXJlvaqDzeoTEJl2BVOwzGPMc8buy+WbQN jnPwKavbnbbTN7FTKDMF/sqLO7HDhgsdUMtN48rqczHebEKu6G+ysELUbbQDazm+GPKg o57ntyz/3q3x4/PYsXc0mpTVC2hdmP3DOSNLn48uB2roPevpQxd4aTjGGW4kg/+gCULY 5U1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=s7DiUsNQIFHZZY1tBfFfFNYxbxZFDQzBY5XOyNVlubw=; b=hdOZcCOE/2SmrYOPazZa9VssDREtL9lKKFk2OzqsdPKQuL40veqxiwRCuBpAKdkQ1s pND230vtYhWmSJqCBydv1GlWBx8Ey1XTLzN5IG/HIXaym8WTOvakpzdiSyssys48dKLU 6h4jLwI4vClByT45jd5RQ7FygI7jn4B9skaEVXnYVlH/TWo9r2SubFMZmdi5zrEhfKjO LMmTMIRVFdiNiUzsOONALdffPE3CGU0b4waEbRxyE1E60DOPN2wR2s7FETvLpDeoQgnW NS9cHeuT3MX1wmejUAP3Io3DL0JNPIwdBnuUcsbutVP2J5IqjchuprU79VLRon9dQ+12 2eMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GllqQlYC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q2-20020a170902dac200b0019103c51486si3057450plx.331.2023.01.26.14.34.31; Thu, 26 Jan 2023 14:34:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=GllqQlYC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233174AbjAZWdO (ORCPT + 99 others); Thu, 26 Jan 2023 17:33:14 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33770 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233213AbjAZWck (ORCPT ); Thu, 26 Jan 2023 17:32:40 -0500 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69B856E413 for ; Thu, 26 Jan 2023 14:32:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674772341; x=1706308341; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Lh5mHGy5KSUz8htxVu1g6Z5VsceNbf4gO76efsRQF7M=; b=GllqQlYCxcAj/7uAbFqIel3ulnzSOBL7rbXo2ZPsFab7pfWeOctSIgY9 ctwCwyBUq7yDo9k5fWjFGEo3AJzl8Keb4ww+MJQFvzKAa0mMuO2HLJIQs CH90FXaiAvLMrECRXEInam9BBFw6IeLbIamlHDrz9BJm3/66cx1KMZi1K C+Zq0UN3XXgFC4Dz5VrPPwnli/vhNkqtOCtifzcnfYeTUcwzoucSesd/K weYlrUOKMsQ7VzyzM5Y5/KYXdyuJwOtZ0iLBL/F/CLPl2tc13URo9CJfP G/29Fy6ZKTR+QOcLDX/Pr+7wbFu10LJQgOtJPJZoOj0vDqFH64OLfqKfg w==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="391516409" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="391516409" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:08 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="908411171" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="908411171" Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.210.179]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:05 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 533E110DBDE; Fri, 27 Jan 2023 01:12:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Borislav Petkov , Andy Lutomirski Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2, RESEND 2/7] x86/tdx: Add more registers to struct tdx_hypercall_args Date: Fri, 27 Jan 2023 01:11:54 +0300 Message-Id: <20230126221159.8635-3-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756126232029144556?= X-GMAIL-MSGID: =?utf-8?q?1756126232029144556?= struct tdx_hypercall_args is used to pass down hypercall arguments to __tdx_hypercall() assembly routine. Currently __tdx_hypercall() handles up to 6 arguments. In preparation to changes in __tdx_hypercall(), expand the structure to 6 more registers and generate asm offsets for them. Signed-off-by: Kirill A. Shutemov --- arch/x86/include/asm/shared/tdx.h | 6 ++++++ arch/x86/kernel/asm-offsets.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h index e53f26228fbb..8068faa52de1 100644 --- a/arch/x86/include/asm/shared/tdx.h +++ b/arch/x86/include/asm/shared/tdx.h @@ -22,12 +22,18 @@ * This is a software only structure and not part of the TDX module/VMM ABI. */ struct tdx_hypercall_args { + u64 r8; + u64 r9; u64 r10; u64 r11; u64 r12; u64 r13; u64 r14; u64 r15; + u64 rdi; + u64 rsi; + u64 rbx; + u64 rdx; }; /* Used to request services from the VMM */ diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c index 82c783da16a8..8650f29387e0 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -75,12 +75,18 @@ static void __used common(void) OFFSET(TDX_MODULE_r11, tdx_module_output, r11); BLANK(); + OFFSET(TDX_HYPERCALL_r8, tdx_hypercall_args, r8); + OFFSET(TDX_HYPERCALL_r9, tdx_hypercall_args, r9); OFFSET(TDX_HYPERCALL_r10, tdx_hypercall_args, r10); OFFSET(TDX_HYPERCALL_r11, tdx_hypercall_args, r11); OFFSET(TDX_HYPERCALL_r12, tdx_hypercall_args, r12); OFFSET(TDX_HYPERCALL_r13, tdx_hypercall_args, r13); OFFSET(TDX_HYPERCALL_r14, tdx_hypercall_args, r14); OFFSET(TDX_HYPERCALL_r15, tdx_hypercall_args, r15); + OFFSET(TDX_HYPERCALL_rdi, tdx_hypercall_args, rdi); + OFFSET(TDX_HYPERCALL_rsi, tdx_hypercall_args, rsi); + OFFSET(TDX_HYPERCALL_rbx, tdx_hypercall_args, rbx); + OFFSET(TDX_HYPERCALL_rdx, tdx_hypercall_args, rdx); BLANK(); OFFSET(BP_scratch, boot_params, scratch); From patchwork Thu Jan 26 22:11:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 48936 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp521196wrn; Thu, 26 Jan 2023 14:34:48 -0800 (PST) X-Google-Smtp-Source: AK7set+nGaHX73lzNGq0E+7gh5/uOjOc4CSCvHWy67oohmuRllkdp9Z9oGshFIzK/CrrwSnTgbOV X-Received: by 2002:a17:903:41cd:b0:194:997d:7735 with SMTP id u13-20020a17090341cd00b00194997d7735mr3874449ple.48.1674772488527; Thu, 26 Jan 2023 14:34:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674772488; cv=none; d=google.com; s=arc-20160816; b=CLatw4Cev2o3omtcE+GIDNOwj8w9VSEpAhPtZh8oh772edIQESR45YNfp2AljFYny8 4do/2acPS6ujJcDi1uKwtDf0YBPNmrdE0c5/6FbhdgexaWVZIHlPRUmV3z962hTQR5a5 qJ9aHsEOgLPcXIfbAkV3HMV4qi98MhV6l8SyJ2zj1SnKeG3WwiLU4tNLRohjzHpBug/C 9UlvrUiD0qrQu5RLaHgNfC2sMmSy/dF+cAl8SA8XOimYA38ddcdPydL9aCucwieQzv4t b1GOnPf59id5fnmJAgY6fB4sbvhHqNbBv0HAyxnPqGNBnYeCQoYCao+NOCH1kZcUYwxc wBww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eT1oCqj2Dr9RF7WnjiykfqMU1bauCLCjyipnN7L5wX0=; b=RgiQEmPmms8aGxnMg0F8vjyqG5tTa115iAzcT5MvCzspwolQ+tSx28MOydOqK0yPAP A9wVBtpzKZDDwyqrUyyV/EyBzIra1PnVaLWzXw7hNr0YvQH0FGDIdQoGbcdnywL90yJd pQyehM/1cXwt0/TKlfpXuX5b6HmALNh+7dmPdhHvYok7/KyU2lkWtSgtW2bkyEKzgKPR Sb+P8YQxpKIxXFRUad8IlzUEJ9nu2GloQQx80+H/FPgYmhUp2p1qwxBSPkTLiqN6MouY KwPRnYPHJWYnDsofgPE2IAbSOaXHSHetNekCbBgYmzuWII61gij0Fj8wgAKDw6Ha62Y3 R6bw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Lltb7r98; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c19-20020a621c13000000b00572ee9a0c46si2239542pfc.346.2023.01.26.14.34.36; Thu, 26 Jan 2023 14:34:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Lltb7r98; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233245AbjAZWdR (ORCPT + 99 others); Thu, 26 Jan 2023 17:33:17 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34100 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231587AbjAZWct (ORCPT ); Thu, 26 Jan 2023 17:32:49 -0500 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F30A70D4B for ; Thu, 26 Jan 2023 14:32:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674772342; x=1706308342; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=66VIdz3muarY0vcrRz9QFa3oQoVQgiIWs1OHx/vAl/Q=; b=Lltb7r98nIKjkHWZwTuFs+zZernVlv+d+VMiDP/BAhRnSHKRL6xnCy6F 9OEQ5KoGE9KDXMncoC6zeDxx5z2xUdKbI7dQQ9oot1zZ/ooHQNG95txIH wh/fvIX0isyqh3s7YV3Tcknft+vnb91+ATG/Exdmlyu8fQNxJVTReArX5 2YpKkd5WqiocP79syEQVZi7bAyfMZGE2JsjbBMh5HZzjmKJFy6/wu4Pcc tFGRUN7HbKk6fJcYGpt3fDuz89KES2hTAqA6jh+QNY0X5JEuFYFjb+8H4 LNJRfx88Yx/XZLIKJMQVYE8NRxcGU2xz2RDoxGoMKxbniqZCKpjgUZK31 w==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="391516413" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="391516413" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:08 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="908411176" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="908411176" Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.210.179]) by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:06 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 5D04010DBE2; Fri, 27 Jan 2023 01:12:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Borislav Petkov , Andy Lutomirski Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2, RESEND 3/7] x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments Date: Fri, 27 Jan 2023 01:11:55 +0300 Message-Id: <20230126221159.8635-4-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756126236956999587?= X-GMAIL-MSGID: =?utf-8?q?1756126236956999587?= RDI is the first argument to __tdx_hypercall() that used to pass pointer to struct tdx_hypercall_args. RSI is the second argument that contains flags, such as TDX_HCALL_HAS_OUTPUT and TDX_HCALL_ISSUE_STI. RDI and RSI can also be used as arguments to TDVMCALL leafs. Move RDI to RAX and RSI to RBP to free up them for the hypercall arguments. RAX saved on stack during TDCALL as it returns status code in the register. RBP value has to be restored before returning from __tdx_hypercall() as it is callee-saved register. This is preparatory patch. No functional change. Signed-off-by: Kirill A. Shutemov --- arch/x86/coco/tdx/tdcall.S | 46 +++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S index 74b108e94a0d..a9bb4cbb8197 100644 --- a/arch/x86/coco/tdx/tdcall.S +++ b/arch/x86/coco/tdx/tdcall.S @@ -124,19 +124,26 @@ SYM_FUNC_START(__tdx_hypercall) push %r14 push %r13 push %r12 + push %rbp + + /* Free RDI and RSI to be used as TDVMCALL arguments */ + movq %rdi, %rax + movq %rsi, %rbp + + /* Copy hypercall registers from arg struct: */ + movq TDX_HYPERCALL_r10(%rax), %r10 + movq TDX_HYPERCALL_r11(%rax), %r11 + movq TDX_HYPERCALL_r12(%rax), %r12 + movq TDX_HYPERCALL_r13(%rax), %r13 + movq TDX_HYPERCALL_r14(%rax), %r14 + movq TDX_HYPERCALL_r15(%rax), %r15 + + push %rax /* Mangle function call ABI into TDCALL ABI: */ /* Set TDCALL leaf ID (TDVMCALL (0)) in RAX */ xor %eax, %eax - /* Copy hypercall registers from arg struct: */ - movq TDX_HYPERCALL_r10(%rdi), %r10 - movq TDX_HYPERCALL_r11(%rdi), %r11 - movq TDX_HYPERCALL_r12(%rdi), %r12 - movq TDX_HYPERCALL_r13(%rdi), %r13 - movq TDX_HYPERCALL_r14(%rdi), %r14 - movq TDX_HYPERCALL_r15(%rdi), %r15 - movl $TDVMCALL_EXPOSE_REGS_MASK, %ecx /* @@ -148,7 +155,7 @@ SYM_FUNC_START(__tdx_hypercall) * HLT operation indefinitely. Since this is the not the desired * result, conditionally call STI before TDCALL. */ - testq $TDX_HCALL_ISSUE_STI, %rsi + testq $TDX_HCALL_ISSUE_STI, %rbp jz .Lskip_sti sti .Lskip_sti: @@ -165,20 +172,22 @@ SYM_FUNC_START(__tdx_hypercall) testq %rax, %rax jne .Lpanic - /* TDVMCALL leaf return code is in R10 */ - movq %r10, %rax + pop %rax /* Copy hypercall result registers to arg struct if needed */ - testq $TDX_HCALL_HAS_OUTPUT, %rsi + testq $TDX_HCALL_HAS_OUTPUT, %rbp jz .Lout - movq %r10, TDX_HYPERCALL_r10(%rdi) - movq %r11, TDX_HYPERCALL_r11(%rdi) - movq %r12, TDX_HYPERCALL_r12(%rdi) - movq %r13, TDX_HYPERCALL_r13(%rdi) - movq %r14, TDX_HYPERCALL_r14(%rdi) - movq %r15, TDX_HYPERCALL_r15(%rdi) + movq %r10, TDX_HYPERCALL_r10(%rax) + movq %r11, TDX_HYPERCALL_r11(%rax) + movq %r12, TDX_HYPERCALL_r12(%rax) + movq %r13, TDX_HYPERCALL_r13(%rax) + movq %r14, TDX_HYPERCALL_r14(%rax) + movq %r15, TDX_HYPERCALL_r15(%rax) .Lout: + /* TDVMCALL leaf return code is in R10 */ + movq %r10, %rax + /* * Zero out registers exposed to the VMM to avoid speculative execution * with VMM-controlled values. This needs to include all registers @@ -189,6 +198,7 @@ SYM_FUNC_START(__tdx_hypercall) xor %r11d, %r11d /* Restore callee-saved GPRs as mandated by the x86_64 ABI */ + pop %rbp pop %r12 pop %r13 pop %r14 From patchwork Thu Jan 26 22:11:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 48930 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520873wrn; Thu, 26 Jan 2023 14:33:45 -0800 (PST) X-Google-Smtp-Source: AK7set+rkqRhllLgICrTmdeAXAhwNtmDExZY3nOLksjTXPg5nwFNqZxetwQX2qFmdK0G21CJkDsO X-Received: by 2002:a17:90b:4b05:b0:22b:e0f7:5aaf with SMTP id lx5-20020a17090b4b0500b0022be0f75aafmr14284558pjb.34.1674772425265; Thu, 26 Jan 2023 14:33:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674772425; cv=none; d=google.com; s=arc-20160816; b=h0IVxcn6fXUPfNApuT2oWFXQQqtyL7IFx56fW7kdYzvhTWxxc4UwXwNTBgrlkSoP8U emh/k7h/7xtRbU/ORpAZ8zSIR0juY9VZrcbIQixYleAapL4rqYjGSt8BTcO66LfRKh/g CkwEiIz7cbTttNwp+3gnFuPVkxlREQ11wUrl4m0Xv5sHqAQsaydqxgkDKYzIKDaPEbOB qGnqkF04vep4TgQf6qXPBKmw3kHG0IMjKtdkcPV2rZtK8J8VcFrKJTCpF8M89JW2zTud Yr+kQlBtQ3CFml3gsfxkL7Wll8H3MwvYWuDYiUCuQP3F+PrsO0DA0+/RBCpV1ob+LLph ozuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Lvd994+xetZjZG4wcl5T8rSSgtbqC5UONOWcktmNEfQ=; b=r849g0BLT/v81g+V0+wXr/MHPrR5yoDFPbu+1+l+l+RTwUlZkcOz0cytiQO6g3iLVw 4HeBo8IQF9oxMAZxPj243UE0jEgLhe2zY+nEDr+nbYDBzOIZ2uDyLegbVPw0zRNLEdYq SEb9g+n3CM5rAu4bp2wm2fb63x91ijk19qWYGitSRH+x7wiaWvCQSaPy0vp9sArKTRJK rEA7ZJ2OVEj/BDIGpFj4X/Wrpl5vPIB1NvbujSCh2DR/ulfQpemcF8sndcWfFhQdwB2g qpjocmP2inog1AW+uiwwWJ0rT1HXhucC2Zfrelcc9ni8vlw3pWKgC72oyeX5tOT5KcSt LSSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lfiejbzP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ob17-20020a17090b391100b0022be3211c69si7860643pjb.10.2023.01.26.14.33.33; Thu, 26 Jan 2023 14:33:45 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=lfiejbzP; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232954AbjAZWab (ORCPT + 99 others); Thu, 26 Jan 2023 17:30:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59158 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232757AbjAZWaZ (ORCPT ); Thu, 26 Jan 2023 17:30:25 -0500 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ECBD623658 for ; Thu, 26 Jan 2023 14:30:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674772220; x=1706308220; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=GDrhDu1mCk6e1IvJoEEnUJ7ltIQXGeo/1vtq21igVLk=; b=lfiejbzPEHvVv9C8CrtpImChwZa2FJDRI1NOVgkvGLG2aZBnGwORfvTN pyQYxHxwJOmkUmRjSv2XmDBvbEXe4jUly5tYZBmqSBuVcX+nmTd7kpI80 okIl9F7/k7wSaCaiFRAgqhPaI7843FVO6GdYt1do/d6logJfOaTvUpDxO TsiEzZztTf8n54BKSpEWvxBzzTKGQWQdtumrc1GVNTa7v541TwI4ALIju NUFQnef45P683H0ZuC/1MEX9vqp/AfNndMBlg7hZWuDOzb33yPQsnUkL0 Y/kDQlowauZxjy0B5BANdRuSsGhwht/CCbdpBBzypWR4x8HNHBB31TNki Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342075" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="389342075" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:08 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770913" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="751770913" Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.210.179]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:05 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 6675310DBE8; Fri, 27 Jan 2023 01:12:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Borislav Petkov , Andy Lutomirski Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2, RESEND 4/7] x86/tdx: Expand __tdx_hypercall() to handle more arguments Date: Fri, 27 Jan 2023 01:11:56 +0300 Message-Id: <20230126221159.8635-5-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756126170852969692?= X-GMAIL-MSGID: =?utf-8?q?1756126170852969692?= So far __tdx_hypercall() only handles six arguments for VMCALL. Expanding it to six more register would allow to cover more use-cases like ReportFatalError() and Hyper-V hypercalls. With all preparations in place, the expansion is pretty straight forward. Signed-off-by: Kirill A. Shutemov --- arch/x86/coco/tdx/tdcall.S | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S index a9bb4cbb8197..5da06d1a9ba3 100644 --- a/arch/x86/coco/tdx/tdcall.S +++ b/arch/x86/coco/tdx/tdcall.S @@ -13,6 +13,12 @@ /* * Bitmasks of exposed registers (with VMM). */ +#define TDX_RDX BIT(2) +#define TDX_RBX BIT(3) +#define TDX_RSI BIT(6) +#define TDX_RDI BIT(7) +#define TDX_R8 BIT(8) +#define TDX_R9 BIT(9) #define TDX_R10 BIT(10) #define TDX_R11 BIT(11) #define TDX_R12 BIT(12) @@ -27,9 +33,9 @@ * details can be found in TDX GHCI specification, section * titled "TDCALL [TDG.VP.VMCALL] leaf". */ -#define TDVMCALL_EXPOSE_REGS_MASK ( TDX_R10 | TDX_R11 | \ - TDX_R12 | TDX_R13 | \ - TDX_R14 | TDX_R15 ) +#define TDVMCALL_EXPOSE_REGS_MASK \ + ( TDX_RDX | TDX_RBX | TDX_RSI | TDX_RDI | TDX_R8 | TDX_R9 | \ + TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15 ) /* * __tdx_module_call() - Used by TDX guests to request services from @@ -124,6 +130,7 @@ SYM_FUNC_START(__tdx_hypercall) push %r14 push %r13 push %r12 + push %rbx push %rbp /* Free RDI and RSI to be used as TDVMCALL arguments */ @@ -131,12 +138,18 @@ SYM_FUNC_START(__tdx_hypercall) movq %rsi, %rbp /* Copy hypercall registers from arg struct: */ + movq TDX_HYPERCALL_r8(%rax), %r8 + movq TDX_HYPERCALL_r9(%rax), %r9 movq TDX_HYPERCALL_r10(%rax), %r10 movq TDX_HYPERCALL_r11(%rax), %r11 movq TDX_HYPERCALL_r12(%rax), %r12 movq TDX_HYPERCALL_r13(%rax), %r13 movq TDX_HYPERCALL_r14(%rax), %r14 movq TDX_HYPERCALL_r15(%rax), %r15 + movq TDX_HYPERCALL_rdi(%rax), %rdi + movq TDX_HYPERCALL_rsi(%rax), %rsi + movq TDX_HYPERCALL_rbx(%rax), %rbx + movq TDX_HYPERCALL_rdx(%rax), %rdx push %rax @@ -178,12 +191,18 @@ SYM_FUNC_START(__tdx_hypercall) testq $TDX_HCALL_HAS_OUTPUT, %rbp jz .Lout + movq %r8, TDX_HYPERCALL_r8(%rax) + movq %r9, TDX_HYPERCALL_r9(%rax) movq %r10, TDX_HYPERCALL_r10(%rax) movq %r11, TDX_HYPERCALL_r11(%rax) movq %r12, TDX_HYPERCALL_r12(%rax) movq %r13, TDX_HYPERCALL_r13(%rax) movq %r14, TDX_HYPERCALL_r14(%rax) movq %r15, TDX_HYPERCALL_r15(%rax) + movq %rdi, TDX_HYPERCALL_rdi(%rax) + movq %rsi, TDX_HYPERCALL_rsi(%rax) + movq %rbx, TDX_HYPERCALL_rbx(%rax) + movq %rdx, TDX_HYPERCALL_rdx(%rax) .Lout: /* TDVMCALL leaf return code is in R10 */ movq %r10, %rax @@ -191,14 +210,20 @@ SYM_FUNC_START(__tdx_hypercall) /* * Zero out registers exposed to the VMM to avoid speculative execution * with VMM-controlled values. This needs to include all registers - * present in TDVMCALL_EXPOSE_REGS_MASK (except R12-R15). R12-R15 - * context will be restored. + * present in TDVMCALL_EXPOSE_REGS_MASK, except RBX, and R12-R15 which + * will be restored. */ + xor %r8d, %r8d + xor %r9d, %r9d xor %r10d, %r10d xor %r11d, %r11d + xor %rdi, %rdi + xor %rsi, %rsi + xor %rdx, %rdx /* Restore callee-saved GPRs as mandated by the x86_64 ABI */ pop %rbp + pop %rbx pop %r12 pop %r13 pop %r14 From patchwork Thu Jan 26 22:11:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 48932 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520894wrn; Thu, 26 Jan 2023 14:33:49 -0800 (PST) X-Google-Smtp-Source: AMrXdXvj6+P0Q5PSBf3HhkE0zpjvjiOqHiA9GNVMA8ebgzsMyKbCcxw1jVNWG6usnkPvhd1EHWUj X-Received: by 2002:a17:90a:7182:b0:229:19f7:a60d with SMTP id i2-20020a17090a718200b0022919f7a60dmr40717094pjk.0.1674772429420; Thu, 26 Jan 2023 14:33:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674772429; cv=none; d=google.com; s=arc-20160816; b=kiDxlGebNuj0shhKMcEXMFKgwjPGtSUqwNf3/TNtkBEYUdUPNabSzJe+2mcECQxuXO zpc5frEnYjvWSxyzYV0o37LulwKYAr/TNmnZICHOw8vvlRXoaWQKglT/iajub1gOaPbc oh9cIo+2Z9DXTZKXmXYexk6RTxkSiCxQUAWwjbVypX790mz3Ar9NcjKbPI3074C9cmW2 BRNWNSpjAufug3PxSwZgKQgn4It1O6DKT4ElE73bxJvY+caNin8f3iwfGO9wUcUXr17s 3qC7nklqrdE/k4iG7TkfPs/ob8iymo/pz+gB6LbUsI7WmJjYqngT25e6EXpGW2iKRgq6 KyhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=j3CCUQr0NXRyoeU7P5EaGtdWz4ZoU3xGLGz0mBhPzAc=; b=EVy/2z9yqvx8N2uUS3QHDsliLEUMyAQ7iP2DNTTVKGTW7KQDzEdHyRiyWWZxn6kVf4 AWkGT8IT8rOTilbb0DdJhRDGGhqtNJo15AqO1oXuF601nMLDMjB/TtlEbclT/G5yOoju eJIBGU4UL5Mk3oLANXoE08DjWSRVb4O8T9Pb5tR5dy4B6lDaz7pUM5keJgnbkiuTKdrs ZvIZndIMRrF8CNmHdGg71fo1t2rCRfw4VtyYgYQbh8LFnqUHMCGkoWsy1XRQ4vhvBlfJ Ht671Nk9LAjZC584voWC3e3OmZBJyH294behjDa+KdkuKQX3EE/sAWQAM/HkzqGh1OcH dbvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=avoJ0qGf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 30-20020a17090a199e00b0022c3e9115e3si1182490pji.172.2023.01.26.14.33.37; Thu, 26 Jan 2023 14:33:49 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=avoJ0qGf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232543AbjAZWai (ORCPT + 99 others); Thu, 26 Jan 2023 17:30:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59160 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232362AbjAZWaZ (ORCPT ); Thu, 26 Jan 2023 17:30:25 -0500 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B61EAF759 for ; Thu, 26 Jan 2023 14:30:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674772224; x=1706308224; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=4RnpvG851CQ2J01HFmizOyd6RFXJQ68QAxBEP3YWKQ4=; b=avoJ0qGfZyKcQ9tHDtyTxLr7SCaaqlf1YAlyhEkjwFWZNW+EP0yD7zpi fJhn+9TYW+Y5w1/kDlvNKuLp6loRKMJ2Hit92MwETgEDuEpIyTRcEtUu6 qL+jtdrlnlzIO+6k4PwJ1p/Doju93J7ri5qG022JC15Vk6vQpddWsdIjT qdI6GP5rgVsTtEucUZCTJ7OHxmrBZNvKjkIk2Eh2t4I/FkD3pfGXk+x9e RzHZ7IMEFb3Ex3OFhzOK9hQGC6P4FFeFU70nspG5GH28MICNfGDFiMguC 4v2zuAr1CW1VgvnZ4aJJftPxww6u903Bbls+HJClMaAUAHy8+vikKAXc6 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342099" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="389342099" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:13 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770953" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="751770953" Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.210.179]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:10 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 7019310DBF3; Fri, 27 Jan 2023 01:12:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Borislav Petkov , Andy Lutomirski Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2, RESEND 5/7] x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE Date: Fri, 27 Jan 2023 01:11:57 +0300 Message-Id: <20230126221159.8635-6-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756126175100221928?= X-GMAIL-MSGID: =?utf-8?q?1756126175100221928?= Linux TDX guests require that the SEPT_VE_DISABLE "attribute" be set. If it is not set, the kernel is theoretically required to handle exceptions anywhere that kernel memory is accessed, including places like NMI handlers and in the syscall entry gap. Rather than even try to handle these exceptions, the kernel refuses to run if SEPT_VE_DISABLE is unset. However, the SEPT_VE_DISABLE detection and refusal code happens very early in boot, even before earlyprintk runs. Calling panic() will effectively just hang the system. Instead, call a TDX-specific panic() function. This makes a very simple TDVMCALL which gets a short error string out to the hypervisor without any console infrastructure. Use TDG.VP.VMCALL to report the error. The hypercall can encode message up to 64 bytes in eight registers. Signed-off-by: Kirill A. Shutemov --- arch/x86/coco/tdx/tdx.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 669d9e4f2901..56accf653709 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -22,6 +22,7 @@ /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 +#define TDVMCALL_REPORT_FATAL_ERROR 0x10003 /* MMIO direction */ #define EPT_READ 0 @@ -140,6 +141,41 @@ int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport) } EXPORT_SYMBOL_GPL(tdx_mcall_get_report0); +static void __noreturn tdx_panic(const char *msg) +{ + struct tdx_hypercall_args args = { + .r10 = TDX_HYPERCALL_STANDARD, + .r11 = TDVMCALL_REPORT_FATAL_ERROR, + .r12 = 0, /* Error code: 0 is Panic */ + }; + union { + /* Define register order according to the GHCI */ + struct { u64 r14, r15, rbx, rdi, rsi, r8, r9, rdx; }; + + char str[64]; + } message; + + /* VMM assumes '\0' in byte 65, if the message took all 64 bytes */ + strncpy(message.str, msg, 64); + + args.r8 = message.r8; + args.r9 = message.r9; + args.r14 = message.r14; + args.r15 = message.r15; + args.rdi = message.rdi; + args.rsi = message.rsi; + args.rbx = message.rbx; + args.rdx = message.rdx; + + /* + * Keep calling the hypercall in case VMM did not terminated + * the TD as it must. + */ + while (1) { + __tdx_hypercall(&args, 0); + } +} + static void tdx_parse_tdinfo(u64 *cc_mask) { struct tdx_module_output out; @@ -172,7 +208,7 @@ static void tdx_parse_tdinfo(u64 *cc_mask) */ td_attr = out.rdx; if (!(td_attr & ATTR_SEPT_VE_DISABLE)) - panic("TD misconfiguration: SEPT_VE_DISABLE attibute must be set.\n"); + tdx_panic("TD misconfiguration: SEPT_VE_DISABLE attribute must be set."); } /* From patchwork Thu Jan 26 22:11:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 48931 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520889wrn; Thu, 26 Jan 2023 14:33:48 -0800 (PST) X-Google-Smtp-Source: AK7set8tpo8GAoKww4GILBBeHmgZWIKMprTB9ZuuPgl3TkO+VbYizGpRGXWffuPq1acowyh5OtHj X-Received: by 2002:a17:902:ec88:b0:196:1d60:b1b8 with SMTP id x8-20020a170902ec8800b001961d60b1b8mr11579519plg.34.1674772428672; Thu, 26 Jan 2023 14:33:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674772428; cv=none; d=google.com; s=arc-20160816; b=EL643CuEgTrunjF6o/LrN9Vuqv5xr+wdmwTAl8540fwNa1VkbxlBm6waH5k82Q8PU9 OViyEIVJmqXtugZF4jBWf5IIfCBHAWJXAifYkvX86Zj6LqK70iWky1EvWMR/NK73mNtS OyozzyMeL9xEeVYvhVNUUS+bDUBX3RTISs1f8fD9ku/q/GZ9YmW1hPLgXLkpH0UjcE/2 5DhgoEq/WGRjRjjwvqbDEXJiXlaztQFdFGVcJHJ2Yd3T6mhKFbmYfFhdzVyDdAzPHxxl xsz5ZsWoZ3YhyiDlyqCeMd1Z64inZovsAsZdAWQCostITQ2rrw50t00SjUJyUCmxG7Zo bYYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=2/2RT6w24OSEpb9Zg2Wgs6ykrrHIReJ95I556F9dTwg=; b=t0QAAtjL0LAggjqVexD582AmIXT1/j98RXFECUUuHPIpHzOujqg419OfPHZj//mysv w8/YrAluj8+Ypt/AcORGkzF/yFjZdjSWhABhb3lvhl1AXx0RSAPKaUCOWKyqiEhAHzbA yCy/Na25bz1vLdUMx2RvmOYUJlq7QZuadxni6avOPEnSjpLQ0XYnfcRQTdLNW0XaJcls cnH5ktLiSIWr3HhiR+NdnyQ979jTjWx/DNN5TpJyTvWyNjVvBrZfcTDD0vwxFsDkcTk7 kFnf9u8eKnxysocl/rLr7k9if4rnFueW7n8Om41Mfj1T5Ql/Ber3VKXvNa7TdBscyCg6 HCAw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QsVeZz4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s3-20020a170902b18300b001944785f248si2601743plr.84.2023.01.26.14.33.36; Thu, 26 Jan 2023 14:33:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=QsVeZz4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233034AbjAZWag (ORCPT + 99 others); Thu, 26 Jan 2023 17:30:36 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59162 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232615AbjAZWa0 (ORCPT ); Thu, 26 Jan 2023 17:30:26 -0500 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E0A337563 for ; Thu, 26 Jan 2023 14:30:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674772225; x=1706308225; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=2AzGLZYLQWFgYy7oKSA95MapwehtT7MvaycJ/ZjTtEU=; b=QsVeZz4rv1JoO157TBpM0ZYQKv4k7Jo4i6JuMlyW/7ScW+3uB2iWlf8I wVBVlyAz+7p4PPy7FTdBhiNAeXO4OPtIty4DeER9N6ZVBSR/6xvFAjNlr eQaKszdfKxPwalw1/UTj5oTs0eYB2Gpa+nr15H6vnT2RAqJ3Vtt/C3npm SwVCa0h0+wISkeJ3V6o91eXFFQpPvCXQ8vvAz5RSKJeHUO6umR+qsmh6o yGwwaqWrZlNtrdd2oMnJoUN37xwxPLzbuRJmDFCqg50tKoU3WAbPxsP7b CsDGS+Ho6Cw+E2qlyJ0pY/FdMa7wA0ZVbgHUQK7ag1tswwgPDNgXWOts8 w==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342102" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="389342102" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:13 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770955" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="751770955" Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.210.179]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:11 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 7A10710DCB5; Fri, 27 Jan 2023 01:12:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Borislav Petkov , Andy Lutomirski Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2, RESEND 6/7] x86/tdx: Relax SEPT_VE_DISABLE check for debug TD Date: Fri, 27 Jan 2023 01:11:58 +0300 Message-Id: <20230126221159.8635-7-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756126173809562435?= X-GMAIL-MSGID: =?utf-8?q?1756126173809562435?= A "SEPT #VE" occurs when a TDX guest touches memory that is not properly mapped into the "secure EPT". This can be the result of hypervisor attacks or bugs, *OR* guest bugs. Most notably, buggy guests might touch unaccepted memory for lots of different memory safety bugs like buffer overflows. TDX guests do not want to continue in the face of hypervisor attacks or hypervisor bugs. They want to terminate as fast and safely as possible. SEPT_VE_DISABLE ensures that TDX guests *can't* continue in the face of these kinds of issues. But, that causes a problem. TDX guests that can't continue can't spit out oopses or other debugging info. In essence SEPT_VE_DISABLE=1 guests are not debuggable. Relax the SEPT_VE_DISABLE check to warning on debug TD and panic() in the #VE handler on EPT-violation on private memory. It will produce useful backtrace. Signed-off-by: Kirill A. Shutemov --- arch/x86/coco/tdx/tdx.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 56accf653709..2f4fbb7cd990 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -38,6 +38,7 @@ #define VE_GET_PORT_NUM(e) ((e) >> 16) #define VE_IS_IO_STRING(e) ((e) & BIT(4)) +#define ATTR_DEBUG BIT(0) #define ATTR_SEPT_VE_DISABLE BIT(28) /* TDX Module call error codes */ @@ -207,8 +208,15 @@ static void tdx_parse_tdinfo(u64 *cc_mask) * TD-private memory. Only VMM-shared memory (MMIO) will #VE. */ td_attr = out.rdx; - if (!(td_attr & ATTR_SEPT_VE_DISABLE)) - tdx_panic("TD misconfiguration: SEPT_VE_DISABLE attribute must be set."); + if (!(td_attr & ATTR_SEPT_VE_DISABLE)) { + const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set."; + + /* Relax SEPT_VE_DISABLE check for debug TD. */ + if (td_attr & ATTR_DEBUG) + pr_warn("%s\n", msg); + else + tdx_panic(msg); + } } /* @@ -664,6 +672,11 @@ static int virt_exception_user(struct pt_regs *regs, struct ve_info *ve) } } +static inline bool is_private_gpa(u64 gpa) +{ + return gpa == cc_mkenc(gpa); +} + /* * Handle the kernel #VE. * @@ -682,6 +695,8 @@ static int virt_exception_kernel(struct pt_regs *regs, struct ve_info *ve) case EXIT_REASON_CPUID: return handle_cpuid(regs, ve); case EXIT_REASON_EPT_VIOLATION: + if (is_private_gpa(ve->gpa)) + panic("Unexpected EPT-violation on private memory."); return handle_mmio(regs, ve); case EXIT_REASON_IO_INSTRUCTION: return handle_io(regs, ve); From patchwork Thu Jan 26 22:11:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 48933 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520909wrn; Thu, 26 Jan 2023 14:33:52 -0800 (PST) X-Google-Smtp-Source: AK7set/ZnnN7gZI7uEWboC0ris5nhQsVp52pD7JRSuevqF306Jo1IwCAmWNuMJlwBmVtaWztPtVl X-Received: by 2002:a17:90a:1984:b0:22c:38:5a66 with SMTP id 4-20020a17090a198400b0022c00385a66mr9441234pji.47.1674772432243; Thu, 26 Jan 2023 14:33:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674772432; cv=none; d=google.com; s=arc-20160816; b=ZMGUXKHMdBiNn7JGhoPC6lGfCB9RSrZPtWh8xoWRPoMAbs75Iz8OgLSOIXW7OLEfcV f07z2gEk/ywYaS6Eif6r5dTXpawkB6trmf6HaeSqugr9tbtHzQKK6wum5ndEA2NmTz2t qph/9zdPxERDs2/P3z1EJKk9lpJ4uW7IXaowmNp/5Cpyo+TIVuxPpZJ/k/f15qfMVRvJ 2mQ67i+OUdLVSIAYHDDFkk1pIUlAZ7BpNofEfFgDaV5zZxbpHYU1uK6b7/Fwzhvkb1PP Bo7xAXevdMu8Bqkuqi1c3i4LoqfJ7RG7eogab0X5rBGXGEJ6a8XV3FRy3pSgF1M6qa9h L2xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4TjYY1fwkcR4uC8rXPVNVMsPNv55kHaBb4Q1g+o+lDo=; b=xutY7GuK41cehk+aHEf9iG8hDFr1252NuygKyzZ/HmEdkmpjHi2kKANBwXXc/tHRlU LsJ8rbE8JKTUIqxyfIW3eAC4h7n5FdxTychDW5RTiP9uHxLQYcGtDOpegorPrtOCj1RM r3ABkNzpgoaAOleP6eabIGwTEHGKPUF0FaAThZk77EYRhbxsid9xWD7JVi1sNnzh6Lda t9861zRtGP56d8VMhCpcFtleYC85zThJ3uNOTZi9pjeI6flCPlz0dhvsW0Bt1CMcnVRn sUwWkPlhNv6oaFo80UxC6GznGesQqnZ5EqRqryOhe8d5qD3VFWsvFJ4oNCDExlK0ytFR gRvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ADg7Ho1H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g7-20020a17090a4b0700b0021870b9d3c7si2784521pjh.45.2023.01.26.14.33.40; Thu, 26 Jan 2023 14:33:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=ADg7Ho1H; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232960AbjAZWal (ORCPT + 99 others); Thu, 26 Jan 2023 17:30:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232772AbjAZWa0 (ORCPT ); Thu, 26 Jan 2023 17:30:26 -0500 Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 480533BD84 for ; Thu, 26 Jan 2023 14:30:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674772225; x=1706308225; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=rmzyTS5XZ0XqYXZKrB6pH9OGLqztcBEU8YSeAM+eVWM=; b=ADg7Ho1HOw3/5X7+fvzneKa0yEqjrH9c6ZifMqkrTC5Mn/m05ZLtIIQ3 /Bt+AcltWNEDVtbHUQoFZ6SUigPFmltb5JeDEEzk890sC5C0dQPMTOtz6 Br23UPeiXXAeBl+JC4/mjVOsp77vVSqEfgkhC9by+86mebRs11PGj8NtK V65AWnWDKpJTB/s4LwKQZBFi0oPpP0BRr3qA1nnVVbrVhqJjCXoeO5N0U 2TNUvMGAAwxibLgwT1sMJKN4j8sUULsEWpeAJkx55Mgau33KD3CFljdGw qfoBYpcCZ2ZHQkaGdCkMjWY5qV1Om6I5MqLlftp6YHR3J7z2M+eFv1nTc A==; X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342107" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="389342107" Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:13 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770957" X-IronPort-AV: E=Sophos;i="5.97,249,1669104000"; d="scan'208";a="751770957" Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.251.210.179]) by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jan 2023 14:12:11 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id 8402A10DCB6; Fri, 27 Jan 2023 01:12:03 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Borislav Petkov , Andy Lutomirski Cc: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Elena Reshetova , x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv2, RESEND 7/7] x86/tdx: Disable NOTIFY_ENABLES Date: Fri, 27 Jan 2023 01:11:59 +0300 Message-Id: <20230126221159.8635-8-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1756126177774113029?= X-GMAIL-MSGID: =?utf-8?q?1756126177774113029?= == Background == There is a class of side-channel attacks against SGX enclaves called "SGX Step"[1]. These attacks create lots of exceptions inside of enclaves. Basically, run an in-enclave instruction, cause an exception. Over and over. There is a concern that a VMM could attack a TDX guest in the same way by causing lots of #VE's. The TDX architecture includes new countermeasures for these attacks. It basically counts the number of exceptions and can send another *special* exception once the number of VMM-induced #VE's hits a critical threshold[2]. == Problem == But, these special exceptions are independent of any action that the guest takes. They can occur anywhere that the guest executes. This includes sensitive areas like the entry code. The (non-paranoid) #VE handler is incapable of handling exceptions in these areas. == Solution == Fortunately, the special exceptions can be disabled by the guest via write to NOTIFY_ENABLES TDCS field. NOTIFY_ENABLES is disabled by default, but might be enabled by a bootloader, firmware or an earlier kernel before the current kernel runs. Disable NOTIFY_ENABLES feature explicitly and unconditionally. Any NOTIFY_ENABLES-based #VE's that occur before this point will end up in the early #VE exception handler and die due to unexpected exit reason. [1] https://github.com/jovanbulck/sgx-step [2] https://intel.github.io/ccc-linux-guest-hardening-docs/security-spec.html#safety-against-ve-in-kernel-code Signed-off-by: Kirill A. Shutemov Reviewed-by: Dave Hansen --- arch/x86/coco/tdx/tdx.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 2f4fbb7cd990..d72176a7d3a0 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -19,6 +19,10 @@ #define TDX_GET_VEINFO 3 #define TDX_GET_REPORT 4 #define TDX_ACCEPT_PAGE 6 +#define TDX_WR 8 + +/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */ +#define TDCS_NOTIFY_ENABLES 0x9100000000000010 /* TDX hypercall Leaf IDs */ #define TDVMCALL_MAP_GPA 0x10001 @@ -863,6 +867,9 @@ void __init tdx_early_init(void) tdx_parse_tdinfo(&cc_mask); cc_set_mask(cc_mask); + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ + tdx_module_call(TDX_WR, 0, TDCS_NOTIFY_ENABLES, 0, -1ULL, NULL); + /* * All bits above GPA width are reserved and kernel treats shared bit * as flag, not as part of physical address.