From patchwork Thu Jan 26 22:11:53 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 48937
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp521325wrn;
        Thu, 26 Jan 2023 14:35:14 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvS1p/p8bQJ1ItOOo99B9KtM/wKdawEai4Q+BrA/Vl6lN9NYr9wGNgOINhWCu7ve3qnaBgg
X-Received: by 2002:a17:90b:4b92:b0:229:f4e1:d4b1 with SMTP id
 lr18-20020a17090b4b9200b00229f4e1d4b1mr28718748pjb.22.1674772513799;
        Thu, 26 Jan 2023 14:35:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674772513; cv=none;
        d=google.com; s=arc-20160816;
        b=jrXtojEHgAQJbeTm7JDhQmI/ycIlZxS/EYWtTT7r3uqA37C4cr+fzQpZic+mqm423I
         dS/GiEZtnqnHkJFCKKLjR0JnfBwgWhptt9K3WnwBTxv+7fDTQa98w6hhpX8eS7eeoSPy
         cewQOi6LMlFj4BWcFAb7tcwrE/bKiLuWL2P9z+cJqJq0iuEJToRKbFtb0sD4y5uUrrbB
         EsGfqH8u+SkgZPMtPHVe2lnMVURYsHz2Zrjs41oUbXL9mLhiKztMdWS8294iHFzY8xio
         JL1Bjc/In0vtFBGeM0b8YWYKO37vlqIaLf6YFKjAffPoiA9/HYoB9VoTgNTOM9FrR3TJ
         ceqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=ByRWNsCv2c4A5S16N1DOtk2baxa6ut0w2IZNupeNMoc=;
        b=iDZiNV31uioo05feAsGjLJGgRzbQcxov+2aQveWb7zshyHhRm4XxM9EOmTUS6oqlO4
         lUWheHrEJiUUoDagk70cCwkFTg4i8GLsXEJosvqiGDT3lzp0CZNEpT4xWVqI+YzSsCuU
         8GfzWre0AvPW9AwzdvbwbwthxTBDbvNnRpqHzxnUb4xZTQ0FtuQ7Ghb+DPQc62LOZjJT
         BPeLlqnQDpb6VcEsHyV3sqdXG/kVnJxPUE5IPNWWhbFJQJl4+GP7Eq42MS2AgEINLLjK
         dHwrzj5v32p2Qk0FO4ianae7QiU4YFg2HL8LNzy0mCPc9LxlIoa/K2vyYHanqeOVtgCT
         q5lw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Aa3FF7gA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 a9-20020a17090abe0900b002296b422fb9si2895329pjs.2.2023.01.26.14.34.52;
        Thu, 26 Jan 2023 14:35:13 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Aa3FF7gA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233053AbjAZWdK (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Thu, 26 Jan 2023 17:33:10 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33878 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233210AbjAZWck (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jan 2023 17:32:40 -0500
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69A806DFF6
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Jan 2023 14:32:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674772341; x=1706308341;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=oJ60TuZ/WAThDiZfd1xgtqkLBDwCMemAxdyGLVSzJlk=;
  b=Aa3FF7gA9+RqijlcJJtV8cvQQBK4Ha7eqjcjWKnm8GJWnVwF3cwimOS8
   hLoZ829q40U2WFYXel2GbQzu+b0f0dzfSsAlZzMgPczx68rij0N1BzDfC
   dm9q506osoe/4iOJZ+hA8A20Do9QzUuvA2kxFys5mn3zYCvW1cXiyiZYX
   5BeJZevGA8Op0Z/NjYCpLB3PzPGxQm/hwudsXL4tWcRFq0pS/jU+X5HoT
   1JIjbzELSrx4uByHcRg9tpT/naM9dTDZFfD24VIVbdsKgx8un9iyb2Lqx
   RB+UXaxRLYK8QmUfJVBWOOCmxt2PRbj9OZXQwQ2DQ/yzWr3fxZhowb0Se
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="391516403"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="391516403"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:08 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="908411169"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="908411169"
Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.251.210.179])
  by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:05 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 4945410DB5C; Fri, 27 Jan 2023 01:12:03 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2,
 RESEND 1/7] x86/tdx: Fix typo in comment in __tdx_hypercall()
Date: Fri, 27 Jan 2023 01:11:53 +0300
Message-Id: <20230126221159.8635-2-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756126263226928760?=
X-GMAIL-MSGID: =?utf-8?q?1756126263226928760?=

Comment in __tdx_hypercall() points that RAX==0 indicates TDVMCALL
failure which is opposite of the truth: RAX==0 is success.

Fix the comment. No functional changes.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdcall.S | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S
index f9eb1134f22d..74b108e94a0d 100644
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@ -155,7 +155,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	tdcall
 
 	/*
-	 * RAX==0 indicates a failure of the TDVMCALL mechanism itself and that
+	 * RAX!=0 indicates a failure of the TDVMCALL mechanism itself and that
 	 * something has gone horribly wrong with the TDX module.
 	 *
 	 * The return status of the hypercall operation is in a separate

From patchwork Thu Jan 26 22:11:54 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 48934
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp521166wrn;
        Thu, 26 Jan 2023 14:34:44 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXv+fbD+N3/XUN5z5eCpRBCoZwX2k1Yl1yzurcrxG05VsmsJx1dOMXENRob2rAUnAMdojq+r
X-Received: by 2002:a17:902:9349:b0:194:d272:5567 with SMTP id
 g9-20020a170902934900b00194d2725567mr23422183plp.69.1674772483868;
        Thu, 26 Jan 2023 14:34:43 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674772483; cv=none;
        d=google.com; s=arc-20160816;
        b=AaRlldTrl9JvOS6RU0kS8JeqhftjsM0ooKsWOuz+we029p2Layv9+DjvgCN3ZNk6RB
         4pwIan0hsebauXV+tWPIBBNOMis0RZkm8KOl0Mv6XjjX1jqaAQ3GKPu0wsNa9ExS7aha
         98HjBYny5PSE55kFCtgRxc2OryAEOGe3P0nXJlvaqDzeoTEJl2BVOwzGPMc8buy+WbQN
         jnPwKavbnbbTN7FTKDMF/sqLO7HDhgsdUMtN48rqczHebEKu6G+ysELUbbQDazm+GPKg
         o57ntyz/3q3x4/PYsXc0mpTVC2hdmP3DOSNLn48uB2roPevpQxd4aTjGGW4kg/+gCULY
         5U1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=s7DiUsNQIFHZZY1tBfFfFNYxbxZFDQzBY5XOyNVlubw=;
        b=hdOZcCOE/2SmrYOPazZa9VssDREtL9lKKFk2OzqsdPKQuL40veqxiwRCuBpAKdkQ1s
         pND230vtYhWmSJqCBydv1GlWBx8Ey1XTLzN5IG/HIXaym8WTOvakpzdiSyssys48dKLU
         6h4jLwI4vClByT45jd5RQ7FygI7jn4B9skaEVXnYVlH/TWo9r2SubFMZmdi5zrEhfKjO
         LMmTMIRVFdiNiUzsOONALdffPE3CGU0b4waEbRxyE1E60DOPN2wR2s7FETvLpDeoQgnW
         NS9cHeuT3MX1wmejUAP3Io3DL0JNPIwdBnuUcsbutVP2J5IqjchuprU79VLRon9dQ+12
         2eMA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=GllqQlYC;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 q2-20020a170902dac200b0019103c51486si3057450plx.331.2023.01.26.14.34.31;
        Thu, 26 Jan 2023 14:34:43 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=GllqQlYC;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233174AbjAZWdO (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Thu, 26 Jan 2023 17:33:14 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33770 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233213AbjAZWck (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jan 2023 17:32:40 -0500
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 69B856E413
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Jan 2023 14:32:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674772341; x=1706308341;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=Lh5mHGy5KSUz8htxVu1g6Z5VsceNbf4gO76efsRQF7M=;
  b=GllqQlYCxcAj/7uAbFqIel3ulnzSOBL7rbXo2ZPsFab7pfWeOctSIgY9
   ctwCwyBUq7yDo9k5fWjFGEo3AJzl8Keb4ww+MJQFvzKAa0mMuO2HLJIQs
   CH90FXaiAvLMrECRXEInam9BBFw6IeLbIamlHDrz9BJm3/66cx1KMZi1K
   C+Zq0UN3XXgFC4Dz5VrPPwnli/vhNkqtOCtifzcnfYeTUcwzoucSesd/K
   weYlrUOKMsQ7VzyzM5Y5/KYXdyuJwOtZ0iLBL/F/CLPl2tc13URo9CJfP
   G/29Fy6ZKTR+QOcLDX/Pr+7wbFu10LJQgOtJPJZoOj0vDqFH64OLfqKfg
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="391516409"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="391516409"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:08 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="908411171"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="908411171"
Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.251.210.179])
  by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:05 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 533E110DBDE; Fri, 27 Jan 2023 01:12:03 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2,
 RESEND 2/7] x86/tdx: Add more registers to struct tdx_hypercall_args
Date: Fri, 27 Jan 2023 01:11:54 +0300
Message-Id: <20230126221159.8635-3-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756126232029144556?=
X-GMAIL-MSGID: =?utf-8?q?1756126232029144556?=

struct tdx_hypercall_args is used to pass down hypercall arguments to
__tdx_hypercall() assembly routine.

Currently __tdx_hypercall() handles up to 6 arguments. In preparation to
changes in __tdx_hypercall(), expand the structure to 6 more registers
and generate asm offsets for them.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/include/asm/shared/tdx.h | 6 ++++++
 arch/x86/kernel/asm-offsets.c     | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/arch/x86/include/asm/shared/tdx.h b/arch/x86/include/asm/shared/tdx.h
index e53f26228fbb..8068faa52de1 100644
--- a/arch/x86/include/asm/shared/tdx.h
+++ b/arch/x86/include/asm/shared/tdx.h
@@ -22,12 +22,18 @@
  * This is a software only structure and not part of the TDX module/VMM ABI.
  */
 struct tdx_hypercall_args {
+	u64 r8;
+	u64 r9;
 	u64 r10;
 	u64 r11;
 	u64 r12;
 	u64 r13;
 	u64 r14;
 	u64 r15;
+	u64 rdi;
+	u64 rsi;
+	u64 rbx;
+	u64 rdx;
 };
 
 /* Used to request services from the VMM */
diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c
index 82c783da16a8..8650f29387e0 100644
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
@@ -75,12 +75,18 @@ static void __used common(void)
 	OFFSET(TDX_MODULE_r11, tdx_module_output, r11);
 
 	BLANK();
+	OFFSET(TDX_HYPERCALL_r8,  tdx_hypercall_args, r8);
+	OFFSET(TDX_HYPERCALL_r9,  tdx_hypercall_args, r9);
 	OFFSET(TDX_HYPERCALL_r10, tdx_hypercall_args, r10);
 	OFFSET(TDX_HYPERCALL_r11, tdx_hypercall_args, r11);
 	OFFSET(TDX_HYPERCALL_r12, tdx_hypercall_args, r12);
 	OFFSET(TDX_HYPERCALL_r13, tdx_hypercall_args, r13);
 	OFFSET(TDX_HYPERCALL_r14, tdx_hypercall_args, r14);
 	OFFSET(TDX_HYPERCALL_r15, tdx_hypercall_args, r15);
+	OFFSET(TDX_HYPERCALL_rdi, tdx_hypercall_args, rdi);
+	OFFSET(TDX_HYPERCALL_rsi, tdx_hypercall_args, rsi);
+	OFFSET(TDX_HYPERCALL_rbx, tdx_hypercall_args, rbx);
+	OFFSET(TDX_HYPERCALL_rdx, tdx_hypercall_args, rdx);
 
 	BLANK();
 	OFFSET(BP_scratch, boot_params, scratch);

From patchwork Thu Jan 26 22:11:55 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 48936
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp521196wrn;
        Thu, 26 Jan 2023 14:34:48 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set+nGaHX73lzNGq0E+7gh5/uOjOc4CSCvHWy67oohmuRllkdp9Z9oGshFIzK/CrrwSnTgbOV
X-Received: by 2002:a17:903:41cd:b0:194:997d:7735 with SMTP id
 u13-20020a17090341cd00b00194997d7735mr3874449ple.48.1674772488527;
        Thu, 26 Jan 2023 14:34:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674772488; cv=none;
        d=google.com; s=arc-20160816;
        b=CLatw4Cev2o3omtcE+GIDNOwj8w9VSEpAhPtZh8oh772edIQESR45YNfp2AljFYny8
         4do/2acPS6ujJcDi1uKwtDf0YBPNmrdE0c5/6FbhdgexaWVZIHlPRUmV3z962hTQR5a5
         qJ9aHsEOgLPcXIfbAkV3HMV4qi98MhV6l8SyJ2zj1SnKeG3WwiLU4tNLRohjzHpBug/C
         9UlvrUiD0qrQu5RLaHgNfC2sMmSy/dF+cAl8SA8XOimYA38ddcdPydL9aCucwieQzv4t
         b1GOnPf59id5fnmJAgY6fB4sbvhHqNbBv0HAyxnPqGNBnYeCQoYCao+NOCH1kZcUYwxc
         wBww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=eT1oCqj2Dr9RF7WnjiykfqMU1bauCLCjyipnN7L5wX0=;
        b=RgiQEmPmms8aGxnMg0F8vjyqG5tTa115iAzcT5MvCzspwolQ+tSx28MOydOqK0yPAP
         A9wVBtpzKZDDwyqrUyyV/EyBzIra1PnVaLWzXw7hNr0YvQH0FGDIdQoGbcdnywL90yJd
         pQyehM/1cXwt0/TKlfpXuX5b6HmALNh+7dmPdhHvYok7/KyU2lkWtSgtW2bkyEKzgKPR
         Sb+P8YQxpKIxXFRUad8IlzUEJ9nu2GloQQx80+H/FPgYmhUp2p1qwxBSPkTLiqN6MouY
         KwPRnYPHJWYnDsofgPE2IAbSOaXHSHetNekCbBgYmzuWII61gij0Fj8wgAKDw6Ha62Y3
         R6bw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Lltb7r98;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 c19-20020a621c13000000b00572ee9a0c46si2239542pfc.346.2023.01.26.14.34.36;
        Thu, 26 Jan 2023 14:34:48 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=Lltb7r98;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233245AbjAZWdR (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Thu, 26 Jan 2023 17:33:17 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34100 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231587AbjAZWct (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jan 2023 17:32:49 -0500
Received: from mga07.intel.com (mga07.intel.com [134.134.136.100])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F30A70D4B
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Jan 2023 14:32:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674772342; x=1706308342;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=66VIdz3muarY0vcrRz9QFa3oQoVQgiIWs1OHx/vAl/Q=;
  b=Lltb7r98nIKjkHWZwTuFs+zZernVlv+d+VMiDP/BAhRnSHKRL6xnCy6F
   9OEQ5KoGE9KDXMncoC6zeDxx5z2xUdKbI7dQQ9oot1zZ/ooHQNG95txIH
   wh/fvIX0isyqh3s7YV3Tcknft+vnb91+ATG/Exdmlyu8fQNxJVTReArX5
   2YpKkd5WqiocP79syEQVZi7bAyfMZGE2JsjbBMh5HZzjmKJFy6/wu4Pcc
   tFGRUN7HbKk6fJcYGpt3fDuz89KES2hTAqA6jh+QNY0X5JEuFYFjb+8H4
   LNJRfx88Yx/XZLIKJMQVYE8NRxcGU2xz2RDoxGoMKxbniqZCKpjgUZK31
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="391516413"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="391516413"
Received: from fmsmga006.fm.intel.com ([10.253.24.20])
  by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:08 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="908411176"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="908411176"
Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.251.210.179])
  by fmsmga006-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:06 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 5D04010DBE2; Fri, 27 Jan 2023 01:12:03 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2,
 RESEND 3/7] x86/tdx: Refactor __tdx_hypercall() to allow pass down more
 arguments
Date: Fri, 27 Jan 2023 01:11:55 +0300
Message-Id: <20230126221159.8635-4-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756126236956999587?=
X-GMAIL-MSGID: =?utf-8?q?1756126236956999587?=

RDI is the first argument to __tdx_hypercall() that used to pass pointer
to struct tdx_hypercall_args. RSI is the second argument that contains
flags, such as TDX_HCALL_HAS_OUTPUT and TDX_HCALL_ISSUE_STI.

RDI and RSI can also be used as arguments to TDVMCALL leafs. Move RDI to
RAX and RSI to RBP to free up them for the hypercall arguments.

RAX saved on stack during TDCALL as it returns status code in the
register.

RBP value has to be restored before returning from __tdx_hypercall() as
it is callee-saved register.

This is preparatory patch. No functional change.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdcall.S | 46 +++++++++++++++++++++++---------------
 1 file changed, 28 insertions(+), 18 deletions(-)

diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S
index 74b108e94a0d..a9bb4cbb8197 100644
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@ -124,19 +124,26 @@ SYM_FUNC_START(__tdx_hypercall)
 	push %r14
 	push %r13
 	push %r12
+	push %rbp
+
+	/* Free RDI and RSI to be used as TDVMCALL arguments */
+	movq %rdi, %rax
+	movq %rsi, %rbp
+
+	/* Copy hypercall registers from arg struct: */
+	movq TDX_HYPERCALL_r10(%rax), %r10
+	movq TDX_HYPERCALL_r11(%rax), %r11
+	movq TDX_HYPERCALL_r12(%rax), %r12
+	movq TDX_HYPERCALL_r13(%rax), %r13
+	movq TDX_HYPERCALL_r14(%rax), %r14
+	movq TDX_HYPERCALL_r15(%rax), %r15
+
+	push %rax
 
 	/* Mangle function call ABI into TDCALL ABI: */
 	/* Set TDCALL leaf ID (TDVMCALL (0)) in RAX */
 	xor %eax, %eax
 
-	/* Copy hypercall registers from arg struct: */
-	movq TDX_HYPERCALL_r10(%rdi), %r10
-	movq TDX_HYPERCALL_r11(%rdi), %r11
-	movq TDX_HYPERCALL_r12(%rdi), %r12
-	movq TDX_HYPERCALL_r13(%rdi), %r13
-	movq TDX_HYPERCALL_r14(%rdi), %r14
-	movq TDX_HYPERCALL_r15(%rdi), %r15
-
 	movl $TDVMCALL_EXPOSE_REGS_MASK, %ecx
 
 	/*
@@ -148,7 +155,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	 * HLT operation indefinitely. Since this is the not the desired
 	 * result, conditionally call STI before TDCALL.
 	 */
-	testq $TDX_HCALL_ISSUE_STI, %rsi
+	testq $TDX_HCALL_ISSUE_STI, %rbp
 	jz .Lskip_sti
 	sti
 .Lskip_sti:
@@ -165,20 +172,22 @@ SYM_FUNC_START(__tdx_hypercall)
 	testq %rax, %rax
 	jne .Lpanic
 
-	/* TDVMCALL leaf return code is in R10 */
-	movq %r10, %rax
+	pop %rax
 
 	/* Copy hypercall result registers to arg struct if needed */
-	testq $TDX_HCALL_HAS_OUTPUT, %rsi
+	testq $TDX_HCALL_HAS_OUTPUT, %rbp
 	jz .Lout
 
-	movq %r10, TDX_HYPERCALL_r10(%rdi)
-	movq %r11, TDX_HYPERCALL_r11(%rdi)
-	movq %r12, TDX_HYPERCALL_r12(%rdi)
-	movq %r13, TDX_HYPERCALL_r13(%rdi)
-	movq %r14, TDX_HYPERCALL_r14(%rdi)
-	movq %r15, TDX_HYPERCALL_r15(%rdi)
+	movq %r10, TDX_HYPERCALL_r10(%rax)
+	movq %r11, TDX_HYPERCALL_r11(%rax)
+	movq %r12, TDX_HYPERCALL_r12(%rax)
+	movq %r13, TDX_HYPERCALL_r13(%rax)
+	movq %r14, TDX_HYPERCALL_r14(%rax)
+	movq %r15, TDX_HYPERCALL_r15(%rax)
 .Lout:
+	/* TDVMCALL leaf return code is in R10 */
+	movq %r10, %rax
+
 	/*
 	 * Zero out registers exposed to the VMM to avoid speculative execution
 	 * with VMM-controlled values. This needs to include all registers
@@ -189,6 +198,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	xor %r11d, %r11d
 
 	/* Restore callee-saved GPRs as mandated by the x86_64 ABI */
+	pop %rbp
 	pop %r12
 	pop %r13
 	pop %r14

From patchwork Thu Jan 26 22:11:56 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 48930
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520873wrn;
        Thu, 26 Jan 2023 14:33:45 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set+rkqRhllLgICrTmdeAXAhwNtmDExZY3nOLksjTXPg5nwFNqZxetwQX2qFmdK0G21CJkDsO
X-Received: by 2002:a17:90b:4b05:b0:22b:e0f7:5aaf with SMTP id
 lx5-20020a17090b4b0500b0022be0f75aafmr14284558pjb.34.1674772425265;
        Thu, 26 Jan 2023 14:33:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674772425; cv=none;
        d=google.com; s=arc-20160816;
        b=h0IVxcn6fXUPfNApuT2oWFXQQqtyL7IFx56fW7kdYzvhTWxxc4UwXwNTBgrlkSoP8U
         emh/k7h/7xtRbU/ORpAZ8zSIR0juY9VZrcbIQixYleAapL4rqYjGSt8BTcO66LfRKh/g
         CkwEiIz7cbTttNwp+3gnFuPVkxlREQ11wUrl4m0Xv5sHqAQsaydqxgkDKYzIKDaPEbOB
         qGnqkF04vep4TgQf6qXPBKmw3kHG0IMjKtdkcPV2rZtK8J8VcFrKJTCpF8M89JW2zTud
         Yr+kQlBtQ3CFml3gsfxkL7Wll8H3MwvYWuDYiUCuQP3F+PrsO0DA0+/RBCpV1ob+LLph
         ozuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=Lvd994+xetZjZG4wcl5T8rSSgtbqC5UONOWcktmNEfQ=;
        b=r849g0BLT/v81g+V0+wXr/MHPrR5yoDFPbu+1+l+l+RTwUlZkcOz0cytiQO6g3iLVw
         4HeBo8IQF9oxMAZxPj243UE0jEgLhe2zY+nEDr+nbYDBzOIZ2uDyLegbVPw0zRNLEdYq
         SEb9g+n3CM5rAu4bp2wm2fb63x91ijk19qWYGitSRH+x7wiaWvCQSaPy0vp9sArKTRJK
         rEA7ZJ2OVEj/BDIGpFj4X/Wrpl5vPIB1NvbujSCh2DR/ulfQpemcF8sndcWfFhQdwB2g
         qpjocmP2inog1AW+uiwwWJ0rT1HXhucC2Zfrelcc9ni8vlw3pWKgC72oyeX5tOT5KcSt
         LSSQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=lfiejbzP;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 ob17-20020a17090b391100b0022be3211c69si7860643pjb.10.2023.01.26.14.33.33;
        Thu, 26 Jan 2023 14:33:45 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=lfiejbzP;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232954AbjAZWab (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Thu, 26 Jan 2023 17:30:31 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59158 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232757AbjAZWaZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jan 2023 17:30:25 -0500
Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ECBD623658
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Jan 2023 14:30:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674772220; x=1706308220;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=GDrhDu1mCk6e1IvJoEEnUJ7ltIQXGeo/1vtq21igVLk=;
  b=lfiejbzPEHvVv9C8CrtpImChwZa2FJDRI1NOVgkvGLG2aZBnGwORfvTN
   pyQYxHxwJOmkUmRjSv2XmDBvbEXe4jUly5tYZBmqSBuVcX+nmTd7kpI80
   okIl9F7/k7wSaCaiFRAgqhPaI7843FVO6GdYt1do/d6logJfOaTvUpDxO
   TsiEzZztTf8n54BKSpEWvxBzzTKGQWQdtumrc1GVNTa7v541TwI4ALIju
   NUFQnef45P683H0ZuC/1MEX9vqp/AfNndMBlg7hZWuDOzb33yPQsnUkL0
   Y/kDQlowauZxjy0B5BANdRuSsGhwht/CCbdpBBzypWR4x8HNHBB31TNki
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342075"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="389342075"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:08 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770913"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="751770913"
Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.251.210.179])
  by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:05 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 6675310DBE8; Fri, 27 Jan 2023 01:12:03 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2,
 RESEND 4/7] x86/tdx: Expand __tdx_hypercall() to handle more arguments
Date: Fri, 27 Jan 2023 01:11:56 +0300
Message-Id: <20230126221159.8635-5-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756126170852969692?=
X-GMAIL-MSGID: =?utf-8?q?1756126170852969692?=

So far __tdx_hypercall() only handles six arguments for VMCALL.
Expanding it to six more register would allow to cover more use-cases
like ReportFatalError() and Hyper-V hypercalls.

With all preparations in place, the expansion is pretty straight
forward.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdcall.S | 35 ++++++++++++++++++++++++++++++-----
 1 file changed, 30 insertions(+), 5 deletions(-)

diff --git a/arch/x86/coco/tdx/tdcall.S b/arch/x86/coco/tdx/tdcall.S
index a9bb4cbb8197..5da06d1a9ba3 100644
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@ -13,6 +13,12 @@
 /*
  * Bitmasks of exposed registers (with VMM).
  */
+#define TDX_RDX		BIT(2)
+#define TDX_RBX		BIT(3)
+#define TDX_RSI		BIT(6)
+#define TDX_RDI		BIT(7)
+#define TDX_R8		BIT(8)
+#define TDX_R9		BIT(9)
 #define TDX_R10		BIT(10)
 #define TDX_R11		BIT(11)
 #define TDX_R12		BIT(12)
@@ -27,9 +33,9 @@
  * details can be found in TDX GHCI specification, section
  * titled "TDCALL [TDG.VP.VMCALL] leaf".
  */
-#define TDVMCALL_EXPOSE_REGS_MASK	( TDX_R10 | TDX_R11 | \
-					  TDX_R12 | TDX_R13 | \
-					  TDX_R14 | TDX_R15 )
+#define TDVMCALL_EXPOSE_REGS_MASK	\
+	( TDX_RDX | TDX_RBX | TDX_RSI | TDX_RDI | TDX_R8  | TDX_R9  | \
+	  TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15 )
 
 /*
  * __tdx_module_call()  - Used by TDX guests to request services from
@@ -124,6 +130,7 @@ SYM_FUNC_START(__tdx_hypercall)
 	push %r14
 	push %r13
 	push %r12
+	push %rbx
 	push %rbp
 
 	/* Free RDI and RSI to be used as TDVMCALL arguments */
@@ -131,12 +138,18 @@ SYM_FUNC_START(__tdx_hypercall)
 	movq %rsi, %rbp
 
 	/* Copy hypercall registers from arg struct: */
+	movq TDX_HYPERCALL_r8(%rax),  %r8
+	movq TDX_HYPERCALL_r9(%rax),  %r9
 	movq TDX_HYPERCALL_r10(%rax), %r10
 	movq TDX_HYPERCALL_r11(%rax), %r11
 	movq TDX_HYPERCALL_r12(%rax), %r12
 	movq TDX_HYPERCALL_r13(%rax), %r13
 	movq TDX_HYPERCALL_r14(%rax), %r14
 	movq TDX_HYPERCALL_r15(%rax), %r15
+	movq TDX_HYPERCALL_rdi(%rax), %rdi
+	movq TDX_HYPERCALL_rsi(%rax), %rsi
+	movq TDX_HYPERCALL_rbx(%rax), %rbx
+	movq TDX_HYPERCALL_rdx(%rax), %rdx
 
 	push %rax
 
@@ -178,12 +191,18 @@ SYM_FUNC_START(__tdx_hypercall)
 	testq $TDX_HCALL_HAS_OUTPUT, %rbp
 	jz .Lout
 
+	movq %r8,  TDX_HYPERCALL_r8(%rax)
+	movq %r9,  TDX_HYPERCALL_r9(%rax)
 	movq %r10, TDX_HYPERCALL_r10(%rax)
 	movq %r11, TDX_HYPERCALL_r11(%rax)
 	movq %r12, TDX_HYPERCALL_r12(%rax)
 	movq %r13, TDX_HYPERCALL_r13(%rax)
 	movq %r14, TDX_HYPERCALL_r14(%rax)
 	movq %r15, TDX_HYPERCALL_r15(%rax)
+	movq %rdi, TDX_HYPERCALL_rdi(%rax)
+	movq %rsi, TDX_HYPERCALL_rsi(%rax)
+	movq %rbx, TDX_HYPERCALL_rbx(%rax)
+	movq %rdx, TDX_HYPERCALL_rdx(%rax)
 .Lout:
 	/* TDVMCALL leaf return code is in R10 */
 	movq %r10, %rax
@@ -191,14 +210,20 @@ SYM_FUNC_START(__tdx_hypercall)
 	/*
 	 * Zero out registers exposed to the VMM to avoid speculative execution
 	 * with VMM-controlled values. This needs to include all registers
-	 * present in TDVMCALL_EXPOSE_REGS_MASK (except R12-R15). R12-R15
-	 * context will be restored.
+	 * present in TDVMCALL_EXPOSE_REGS_MASK, except RBX, and R12-R15 which
+	 * will be restored.
 	 */
+	xor %r8d,  %r8d
+	xor %r9d,  %r9d
 	xor %r10d, %r10d
 	xor %r11d, %r11d
+	xor %rdi,  %rdi
+	xor %rsi,  %rsi
+	xor %rdx,  %rdx
 
 	/* Restore callee-saved GPRs as mandated by the x86_64 ABI */
 	pop %rbp
+	pop %rbx
 	pop %r12
 	pop %r13
 	pop %r14

From patchwork Thu Jan 26 22:11:57 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 48932
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520894wrn;
        Thu, 26 Jan 2023 14:33:49 -0800 (PST)
X-Google-Smtp-Source: 
 AMrXdXvj6+P0Q5PSBf3HhkE0zpjvjiOqHiA9GNVMA8ebgzsMyKbCcxw1jVNWG6usnkPvhd1EHWUj
X-Received: by 2002:a17:90a:7182:b0:229:19f7:a60d with SMTP id
 i2-20020a17090a718200b0022919f7a60dmr40717094pjk.0.1674772429420;
        Thu, 26 Jan 2023 14:33:49 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674772429; cv=none;
        d=google.com; s=arc-20160816;
        b=kiDxlGebNuj0shhKMcEXMFKgwjPGtSUqwNf3/TNtkBEYUdUPNabSzJe+2mcECQxuXO
         zpc5frEnYjvWSxyzYV0o37LulwKYAr/TNmnZICHOw8vvlRXoaWQKglT/iajub1gOaPbc
         oh9cIo+2Z9DXTZKXmXYexk6RTxkSiCxQUAWwjbVypX790mz3Ar9NcjKbPI3074C9cmW2
         BRNWNSpjAufug3PxSwZgKQgn4It1O6DKT4ElE73bxJvY+caNin8f3iwfGO9wUcUXr17s
         3qC7nklqrdE/k4iG7TkfPs/ob8iymo/pz+gB6LbUsI7WmJjYqngT25e6EXpGW2iKRgq6
         KyhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=j3CCUQr0NXRyoeU7P5EaGtdWz4ZoU3xGLGz0mBhPzAc=;
        b=EVy/2z9yqvx8N2uUS3QHDsliLEUMyAQ7iP2DNTTVKGTW7KQDzEdHyRiyWWZxn6kVf4
         AWkGT8IT8rOTilbb0DdJhRDGGhqtNJo15AqO1oXuF601nMLDMjB/TtlEbclT/G5yOoju
         eJIBGU4UL5Mk3oLANXoE08DjWSRVb4O8T9Pb5tR5dy4B6lDaz7pUM5keJgnbkiuTKdrs
         ZvIZndIMRrF8CNmHdGg71fo1t2rCRfw4VtyYgYQbh8LFnqUHMCGkoWsy1XRQ4vhvBlfJ
         Ht671Nk9LAjZC584voWC3e3OmZBJyH294behjDa+KdkuKQX3EE/sAWQAM/HkzqGh1OcH
         dbvQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=avoJ0qGf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 30-20020a17090a199e00b0022c3e9115e3si1182490pji.172.2023.01.26.14.33.37;
        Thu, 26 Jan 2023 14:33:49 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=avoJ0qGf;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232543AbjAZWai (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Thu, 26 Jan 2023 17:30:38 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59160 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232362AbjAZWaZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jan 2023 17:30:25 -0500
Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B61EAF759
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Jan 2023 14:30:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674772224; x=1706308224;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=4RnpvG851CQ2J01HFmizOyd6RFXJQ68QAxBEP3YWKQ4=;
  b=avoJ0qGfZyKcQ9tHDtyTxLr7SCaaqlf1YAlyhEkjwFWZNW+EP0yD7zpi
   fJhn+9TYW+Y5w1/kDlvNKuLp6loRKMJ2Hit92MwETgEDuEpIyTRcEtUu6
   qL+jtdrlnlzIO+6k4PwJ1p/Doju93J7ri5qG022JC15Vk6vQpddWsdIjT
   qdI6GP5rgVsTtEucUZCTJ7OHxmrBZNvKjkIk2Eh2t4I/FkD3pfGXk+x9e
   RzHZ7IMEFb3Ex3OFhzOK9hQGC6P4FFeFU70nspG5GH28MICNfGDFiMguC
   4v2zuAr1CW1VgvnZ4aJJftPxww6u903Bbls+HJClMaAUAHy8+vikKAXc6
   Q==;
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342099"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="389342099"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:13 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770953"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="751770953"
Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.251.210.179])
  by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:10 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 7019310DBF3; Fri, 27 Jan 2023 01:12:03 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2,
 RESEND 5/7] x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE
Date: Fri, 27 Jan 2023 01:11:57 +0300
Message-Id: <20230126221159.8635-6-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756126175100221928?=
X-GMAIL-MSGID: =?utf-8?q?1756126175100221928?=

Linux TDX guests require that the SEPT_VE_DISABLE "attribute" be set.
If it is not set, the kernel is theoretically required to handle
exceptions anywhere that kernel memory is accessed, including places
like NMI handlers and in the syscall entry gap.

Rather than even try to handle these exceptions, the kernel refuses to
run if SEPT_VE_DISABLE is unset.

However, the SEPT_VE_DISABLE detection and refusal code happens very
early in boot, even before earlyprintk runs.  Calling panic() will
effectively just hang the system.

Instead, call a TDX-specific panic() function.  This makes a very simple
TDVMCALL which gets a short error string out to the hypervisor without
any console infrastructure.

Use TDG.VP.VMCALL<ReportFatalError> to report the error. The hypercall
can encode message up to 64 bytes in eight registers.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdx.c | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 669d9e4f2901..56accf653709 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -22,6 +22,7 @@
 
 /* TDX hypercall Leaf IDs */
 #define TDVMCALL_MAP_GPA		0x10001
+#define TDVMCALL_REPORT_FATAL_ERROR	0x10003
 
 /* MMIO direction */
 #define EPT_READ	0
@@ -140,6 +141,41 @@ int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport)
 }
 EXPORT_SYMBOL_GPL(tdx_mcall_get_report0);
 
+static void __noreturn tdx_panic(const char *msg)
+{
+	struct tdx_hypercall_args args = {
+		.r10 = TDX_HYPERCALL_STANDARD,
+		.r11 = TDVMCALL_REPORT_FATAL_ERROR,
+		.r12 = 0, /* Error code: 0 is Panic */
+	};
+	union {
+		/* Define register order according to the GHCI */
+		struct { u64 r14, r15, rbx, rdi, rsi, r8, r9, rdx; };
+
+		char str[64];
+	} message;
+
+	/* VMM assumes '\0' in byte 65, if the message took all 64 bytes */
+	strncpy(message.str, msg, 64);
+
+	args.r8  = message.r8;
+	args.r9  = message.r9;
+	args.r14 = message.r14;
+	args.r15 = message.r15;
+	args.rdi = message.rdi;
+	args.rsi = message.rsi;
+	args.rbx = message.rbx;
+	args.rdx = message.rdx;
+
+	/*
+	 * Keep calling the hypercall in case VMM did not terminated
+	 * the TD as it must.
+	 */
+	while (1) {
+		__tdx_hypercall(&args, 0);
+	}
+}
+
 static void tdx_parse_tdinfo(u64 *cc_mask)
 {
 	struct tdx_module_output out;
@@ -172,7 +208,7 @@ static void tdx_parse_tdinfo(u64 *cc_mask)
 	 */
 	td_attr = out.rdx;
 	if (!(td_attr & ATTR_SEPT_VE_DISABLE))
-		panic("TD misconfiguration: SEPT_VE_DISABLE attibute must be set.\n");
+		tdx_panic("TD misconfiguration: SEPT_VE_DISABLE attribute must be set.");
 }
 
 /*

From patchwork Thu Jan 26 22:11:58 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 48931
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520889wrn;
        Thu, 26 Jan 2023 14:33:48 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set8tpo8GAoKww4GILBBeHmgZWIKMprTB9ZuuPgl3TkO+VbYizGpRGXWffuPq1acowyh5OtHj
X-Received: by 2002:a17:902:ec88:b0:196:1d60:b1b8 with SMTP id
 x8-20020a170902ec8800b001961d60b1b8mr11579519plg.34.1674772428672;
        Thu, 26 Jan 2023 14:33:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674772428; cv=none;
        d=google.com; s=arc-20160816;
        b=EL643CuEgTrunjF6o/LrN9Vuqv5xr+wdmwTAl8540fwNa1VkbxlBm6waH5k82Q8PU9
         OViyEIVJmqXtugZF4jBWf5IIfCBHAWJXAifYkvX86Zj6LqK70iWky1EvWMR/NK73mNtS
         OyozzyMeL9xEeVYvhVNUUS+bDUBX3RTISs1f8fD9ku/q/GZ9YmW1hPLgXLkpH0UjcE/2
         5DhgoEq/WGRjRjjwvqbDEXJiXlaztQFdFGVcJHJ2Yd3T6mhKFbmYfFhdzVyDdAzPHxxl
         xsz5ZsWoZ3YhyiDlyqCeMd1Z64inZovsAsZdAWQCostITQ2rrw50t00SjUJyUCmxG7Zo
         bYYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=2/2RT6w24OSEpb9Zg2Wgs6ykrrHIReJ95I556F9dTwg=;
        b=t0QAAtjL0LAggjqVexD582AmIXT1/j98RXFECUUuHPIpHzOujqg419OfPHZj//mysv
         w8/YrAluj8+Ypt/AcORGkzF/yFjZdjSWhABhb3lvhl1AXx0RSAPKaUCOWKyqiEhAHzbA
         yCy/Na25bz1vLdUMx2RvmOYUJlq7QZuadxni6avOPEnSjpLQ0XYnfcRQTdLNW0XaJcls
         cnH5ktLiSIWr3HhiR+NdnyQ979jTjWx/DNN5TpJyTvWyNjVvBrZfcTDD0vwxFsDkcTk7
         kFnf9u8eKnxysocl/rLr7k9if4rnFueW7n8Om41Mfj1T5Ql/Ber3VKXvNa7TdBscyCg6
         HCAw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=QsVeZz4r;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 s3-20020a170902b18300b001944785f248si2601743plr.84.2023.01.26.14.33.36;
        Thu, 26 Jan 2023 14:33:48 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=QsVeZz4r;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233034AbjAZWag (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Thu, 26 Jan 2023 17:30:36 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59162 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232615AbjAZWa0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jan 2023 17:30:26 -0500
Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3E0A337563
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Jan 2023 14:30:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674772225; x=1706308225;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=2AzGLZYLQWFgYy7oKSA95MapwehtT7MvaycJ/ZjTtEU=;
  b=QsVeZz4rv1JoO157TBpM0ZYQKv4k7Jo4i6JuMlyW/7ScW+3uB2iWlf8I
   wVBVlyAz+7p4PPy7FTdBhiNAeXO4OPtIty4DeER9N6ZVBSR/6xvFAjNlr
   eQaKszdfKxPwalw1/UTj5oTs0eYB2Gpa+nr15H6vnT2RAqJ3Vtt/C3npm
   SwVCa0h0+wISkeJ3V6o91eXFFQpPvCXQ8vvAz5RSKJeHUO6umR+qsmh6o
   yGwwaqWrZlNtrdd2oMnJoUN37xwxPLzbuRJmDFCqg50tKoU3WAbPxsP7b
   CsDGS+Ho6Cw+E2qlyJ0pY/FdMa7wA0ZVbgHUQK7ag1tswwgPDNgXWOts8
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342102"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="389342102"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:13 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770955"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="751770955"
Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.251.210.179])
  by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:11 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 7A10710DCB5; Fri, 27 Jan 2023 01:12:03 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2,
 RESEND 6/7] x86/tdx: Relax SEPT_VE_DISABLE check for debug TD
Date: Fri, 27 Jan 2023 01:11:58 +0300
Message-Id: <20230126221159.8635-7-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756126173809562435?=
X-GMAIL-MSGID: =?utf-8?q?1756126173809562435?=

A "SEPT #VE" occurs when a TDX guest touches memory that is not properly
mapped into the "secure EPT".  This can be the result of hypervisor
attacks or bugs, *OR* guest bugs.  Most notably, buggy guests might
touch unaccepted memory for lots of different memory safety bugs like
buffer overflows.

TDX guests do not want to continue in the face of hypervisor attacks or
hypervisor bugs.  They want to terminate as fast and safely as possible.
SEPT_VE_DISABLE ensures that TDX guests *can't* continue in the face of
these kinds of issues.

But, that causes a problem.  TDX guests that can't continue can't spit
out oopses or other debugging info.  In essence SEPT_VE_DISABLE=1 guests
are not debuggable.

Relax the SEPT_VE_DISABLE check to warning on debug TD and panic() in
the #VE handler on EPT-violation on private memory. It will produce
useful backtrace.

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---
 arch/x86/coco/tdx/tdx.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 56accf653709..2f4fbb7cd990 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -38,6 +38,7 @@
 #define VE_GET_PORT_NUM(e)	((e) >> 16)
 #define VE_IS_IO_STRING(e)	((e) & BIT(4))
 
+#define ATTR_DEBUG		BIT(0)
 #define ATTR_SEPT_VE_DISABLE	BIT(28)
 
 /* TDX Module call error codes */
@@ -207,8 +208,15 @@ static void tdx_parse_tdinfo(u64 *cc_mask)
 	 * TD-private memory.  Only VMM-shared memory (MMIO) will #VE.
 	 */
 	td_attr = out.rdx;
-	if (!(td_attr & ATTR_SEPT_VE_DISABLE))
-		tdx_panic("TD misconfiguration: SEPT_VE_DISABLE attribute must be set.");
+	if (!(td_attr & ATTR_SEPT_VE_DISABLE)) {
+		const char *msg = "TD misconfiguration: SEPT_VE_DISABLE attribute must be set.";
+
+		/* Relax SEPT_VE_DISABLE check for debug TD. */
+		if (td_attr & ATTR_DEBUG)
+			pr_warn("%s\n", msg);
+		else
+			tdx_panic(msg);
+	}
 }
 
 /*
@@ -664,6 +672,11 @@ static int virt_exception_user(struct pt_regs *regs, struct ve_info *ve)
 	}
 }
 
+static inline bool is_private_gpa(u64 gpa)
+{
+	return gpa == cc_mkenc(gpa);
+}
+
 /*
  * Handle the kernel #VE.
  *
@@ -682,6 +695,8 @@ static int virt_exception_kernel(struct pt_regs *regs, struct ve_info *ve)
 	case EXIT_REASON_CPUID:
 		return handle_cpuid(regs, ve);
 	case EXIT_REASON_EPT_VIOLATION:
+		if (is_private_gpa(ve->gpa))
+			panic("Unexpected EPT-violation on private memory.");
 		return handle_mmio(regs, ve);
 	case EXIT_REASON_IO_INSTRUCTION:
 		return handle_io(regs, ve);

From patchwork Thu Jan 26 22:11:59 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
X-Patchwork-Id: 48933
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp520909wrn;
        Thu, 26 Jan 2023 14:33:52 -0800 (PST)
X-Google-Smtp-Source: 
 AK7set/ZnnN7gZI7uEWboC0ris5nhQsVp52pD7JRSuevqF306Jo1IwCAmWNuMJlwBmVtaWztPtVl
X-Received: by 2002:a17:90a:1984:b0:22c:38:5a66 with SMTP id
 4-20020a17090a198400b0022c00385a66mr9441234pji.47.1674772432243;
        Thu, 26 Jan 2023 14:33:52 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1674772432; cv=none;
        d=google.com; s=arc-20160816;
        b=ZMGUXKHMdBiNn7JGhoPC6lGfCB9RSrZPtWh8xoWRPoMAbs75Iz8OgLSOIXW7OLEfcV
         f07z2gEk/ywYaS6Eif6r5dTXpawkB6trmf6HaeSqugr9tbtHzQKK6wum5ndEA2NmTz2t
         qph/9zdPxERDs2/P3z1EJKk9lpJ4uW7IXaowmNp/5Cpyo+TIVuxPpZJ/k/f15qfMVRvJ
         2mQ67i+OUdLVSIAYHDDFkk1pIUlAZ7BpNofEfFgDaV5zZxbpHYU1uK6b7/Fwzhvkb1PP
         Bo7xAXevdMu8Bqkuqi1c3i4LoqfJ7RG7eogab0X5rBGXGEJ6a8XV3FRy3pSgF1M6qa9h
         L2xw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=4TjYY1fwkcR4uC8rXPVNVMsPNv55kHaBb4Q1g+o+lDo=;
        b=xutY7GuK41cehk+aHEf9iG8hDFr1252NuygKyzZ/HmEdkmpjHi2kKANBwXXc/tHRlU
         LsJ8rbE8JKTUIqxyfIW3eAC4h7n5FdxTychDW5RTiP9uHxLQYcGtDOpegorPrtOCj1RM
         r3ABkNzpgoaAOleP6eabIGwTEHGKPUF0FaAThZk77EYRhbxsid9xWD7JVi1sNnzh6Lda
         t9861zRtGP56d8VMhCpcFtleYC85zThJ3uNOTZi9pjeI6flCPlz0dhvsW0Bt1CMcnVRn
         sUwWkPlhNv6oaFo80UxC6GznGesQqnZ5EqRqryOhe8d5qD3VFWsvFJ4oNCDExlK0ytFR
         gRvQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=ADg7Ho1H;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id
 g7-20020a17090a4b0700b0021870b9d3c7si2784521pjh.45.2023.01.26.14.33.40;
        Thu, 26 Jan 2023 14:33:52 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@intel.com header.s=Intel header.b=ADg7Ho1H;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 2620:137:e000::1:20 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232960AbjAZWal (ORCPT <rfc822;lekhanya01809@gmail.com>
        + 99 others); Thu, 26 Jan 2023 17:30:41 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59144 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232772AbjAZWa0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Jan 2023 17:30:26 -0500
Received: from mga06.intel.com (mga06b.intel.com [134.134.136.31])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 480533BD84
        for <linux-kernel@vger.kernel.org>;
 Thu, 26 Jan 2023 14:30:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1674772225; x=1706308225;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=rmzyTS5XZ0XqYXZKrB6pH9OGLqztcBEU8YSeAM+eVWM=;
  b=ADg7Ho1HOw3/5X7+fvzneKa0yEqjrH9c6ZifMqkrTC5Mn/m05ZLtIIQ3
   /Bt+AcltWNEDVtbHUQoFZ6SUigPFmltb5JeDEEzk890sC5C0dQPMTOtz6
   Br23UPeiXXAeBl+JC4/mjVOsp77vVSqEfgkhC9by+86mebRs11PGj8NtK
   V65AWnWDKpJTB/s4LwKQZBFi0oPpP0BRr3qA1nnVVbrVhqJjCXoeO5N0U
   2TNUvMGAAwxibLgwT1sMJKN4j8sUULsEWpeAJkx55Mgau33KD3CFljdGw
   qfoBYpcCZ2ZHQkaGdCkMjWY5qV1Om6I5MqLlftp6YHR3J7z2M+eFv1nTc
   A==;
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="389342107"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="389342107"
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:13 -0800
X-IronPort-AV: E=McAfee;i="6500,9779,10602"; a="751770957"
X-IronPort-AV: E=Sophos;i="5.97,249,1669104000";
   d="scan'208";a="751770957"
Received: from smadjatx-mobl1.ger.corp.intel.com (HELO box.shutemov.name)
 ([10.251.210.179])
  by fmsmga003-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 26 Jan 2023 14:12:11 -0800
Received: by box.shutemov.name (Postfix, from userid 1000)
        id 8402A10DCB6; Fri, 27 Jan 2023 01:12:03 +0300 (+03)
From: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
To: Dave Hansen <dave.hansen@intel.com>,
        Borislav Petkov <bp@alien8.de>,
        Andy Lutomirski <luto@kernel.org>
Cc: Kuppuswamy Sathyanarayanan
        <sathyanarayanan.kuppuswamy@linux.intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Elena Reshetova <elena.reshetova@intel.com>, x86@kernel.org,
        linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: [PATCHv2, RESEND 7/7] x86/tdx: Disable NOTIFY_ENABLES
Date: Fri, 27 Jan 2023 01:11:59 +0300
Message-Id: <20230126221159.8635-8-kirill.shutemov@linux.intel.com>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
References: <20230126221159.8635-1-kirill.shutemov@linux.intel.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_NONE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1756126177774113029?=
X-GMAIL-MSGID: =?utf-8?q?1756126177774113029?=

== Background ==

There is a class of side-channel attacks against SGX enclaves called
"SGX Step"[1]. These attacks create lots of exceptions inside of
enclaves. Basically, run an in-enclave instruction, cause an exception.
Over and over.

There is a concern that a VMM could attack a TDX guest in the same way
by causing lots of #VE's. The TDX architecture includes new
countermeasures for these attacks. It basically counts the number of
exceptions and can send another *special* exception once the number of
VMM-induced #VE's hits a critical threshold[2].

== Problem ==

But, these special exceptions are independent of any action that the
guest takes. They can occur anywhere that the guest executes. This
includes sensitive areas like the entry code. The (non-paranoid) #VE
handler is incapable of handling exceptions in these areas.

== Solution ==

Fortunately, the special exceptions can be disabled by the guest via
write to NOTIFY_ENABLES TDCS field. NOTIFY_ENABLES is disabled by
default, but might be enabled by a bootloader, firmware or an earlier
kernel before the current kernel runs.

Disable NOTIFY_ENABLES feature explicitly and unconditionally. Any
NOTIFY_ENABLES-based #VE's that occur before this point will end up
in the early #VE exception handler and die due to unexpected exit
reason.

[1] https://github.com/jovanbulck/sgx-step
[2] https://intel.github.io/ccc-linux-guest-hardening-docs/security-spec.html#safety-against-ve-in-kernel-code

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reviewed-by: Dave Hansen <dave.hansen@intel.com>
---
 arch/x86/coco/tdx/tdx.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 2f4fbb7cd990..d72176a7d3a0 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -19,6 +19,10 @@
 #define TDX_GET_VEINFO			3
 #define TDX_GET_REPORT			4
 #define TDX_ACCEPT_PAGE			6
+#define TDX_WR				8
+
+/* TDCS fields. To be used by TDG.VM.WR and TDG.VM.RD module calls */
+#define TDCS_NOTIFY_ENABLES		0x9100000000000010
 
 /* TDX hypercall Leaf IDs */
 #define TDVMCALL_MAP_GPA		0x10001
@@ -863,6 +867,9 @@ void __init tdx_early_init(void)
 	tdx_parse_tdinfo(&cc_mask);
 	cc_set_mask(cc_mask);
 
+	/* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */
+	tdx_module_call(TDX_WR, 0, TDCS_NOTIFY_ENABLES, 0, -1ULL, NULL);
+
 	/*
 	 * All bits above GPA width are reserved and kernel treats shared bit
 	 * as flag, not as part of physical address.