[v14,06/23] x86/virt/tdx: Add SEAMCALL error printing for module initialization

Message ID	58c44258cb5b1009f0ddfe6b07ac986b9614b8b3.1697532085.git.kai.huang@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@vger.kernel.org> From: Kai Huang <kai.huang@intel.com> To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: x86@kernel.org, dave.hansen@intel.com, kirill.shutemov@linux.intel.com, peterz@infradead.org, tony.luck@intel.com, tglx@linutronix.de, bp@alien8.de, mingo@redhat.com, hpa@zytor.com, seanjc@google.com, pbonzini@redhat.com, rafael@kernel.org, david@redhat.com, dan.j.williams@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, ying.huang@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, nik.borisov@suse.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v14 06/23] x86/virt/tdx: Add SEAMCALL error printing for module initialization Date: Tue, 17 Oct 2023 23:14:30 +1300 Message-ID: <58c44258cb5b1009f0ddfe6b07ac986b9614b8b3.1697532085.git.kai.huang@intel.com> In-Reply-To: <cover.1697532085.git.kai.huang@intel.com> References: <cover.1697532085.git.kai.huang@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	TDX host kernel support \| expand [v14,00/23] TDX host kernel support [v14,01/23] x86/virt/tdx: Detect TDX during kernel boot [v14,02/23] x86/tdx: Define TDX supported page sizes as macros [v14,03/23] x86/virt/tdx: Make INTEL_TDX_HOST depend on X86_X2APIC [v14,04/23] x86/cpu: Detect TDX partial write machine check erratum [v14,05/23] x86/virt/tdx: Handle SEAMCALL no entropy error in common code [v14,06/23] x86/virt/tdx: Add SEAMCALL error printing for module initialization [v14,07/23] x86/virt/tdx: Add skeleton to enable TDX on demand [v14,08/23] x86/virt/tdx: Get information about TDX module and TDX-capable memory [v14,09/23] x86/virt/tdx: Use all system memory when initializing TDX module as TDX memory [v14,10/23] x86/virt/tdx: Add placeholder to construct TDMRs to cover all TDX memory regions [v14,11/23] x86/virt/tdx: Fill out TDMRs to cover all TDX memory regions [v14,12/23] x86/virt/tdx: Allocate and set up PAMTs for TDMRs [v14,13/23] x86/virt/tdx: Designate reserved areas for all TDMRs [v14,14/23] x86/virt/tdx: Configure TDX module with the TDMRs and global KeyID [v14,15/23] x86/virt/tdx: Configure global KeyID on all packages [v14,16/23] x86/virt/tdx: Initialize all TDMRs [v14,17/23] x86/kexec: Flush cache of TDX private memory [v14,18/23] x86/virt/tdx: Keep TDMRs when module initialization is successful [v14,19/23] x86/virt/tdx: Improve readability of module initialization error handling [v14,20/23] x86/kexec(): Reset TDX private memory on platforms with TDX erratum [v14,21/23] x86/virt/tdx: Handle TDX interaction with ACPI S3 and deeper states [v14,22/23] x86/mce: Improve error log of kernel space TDX #MC due to erratum [v14,23/23] Documentation/x86: Add documentation for TDX host support

Huang, Kai Oct. 17, 2023, 10:14 a.m. UTC

The SEAMCALLs involved during the TDX module initialization are not
expected to fail.  In fact, they are not expected to return any non-zero
code (except the "running out of entropy error", which can be handled
internally already).

Add yet another set of SEAMCALL wrappers, which treats all non-zero
return code as error, to support printing SEAMCALL error upon failure
for module initialization.  Note the TDX module initialization doesn't
use the _saved_ret() variant thus no wrapper is added for it.

SEAMCALL assembly can also return kernel-defined error codes for three
special cases: 1) TDX isn't enabled by the BIOS; 2) TDX module isn't
loaded; 3) CPU isn't in VMX operation.  Whether they can legally happen
depends on the caller, so leave to the caller to print error message
when desired.

Also convert the SEAMCALL error codes to the kernel error codes in the
new wrappers so that each SEAMCALL caller doesn't have to repeat the
conversion.

Signed-off-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
---

v13 -> v14:
 - Use real functions to replace macros. (Dave)
 - Moved printing error message for special error code to the caller
   (internal)
 - Added Kirill's tag

v12 -> v13:
 - New implementation due to TDCALL assembly series.

---
 arch/x86/include/asm/tdx.h  |  1 +
 arch/x86/virt/vmx/tdx/tdx.c | 52 +++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)

Kuppuswamy Sathyanarayanan Oct. 17, 2023, 1:37 p.m. UTC | #1

On 10/17/2023 3:14 AM, Kai Huang wrote:
> The SEAMCALLs involved during the TDX module initialization are not
> expected to fail.  In fact, they are not expected to return any non-zero
> code (except the "running out of entropy error", which can be handled
> internally already).
> 
> Add yet another set of SEAMCALL wrappers, which treats all non-zero
> return code as error, to support printing SEAMCALL error upon failure
> for module initialization.  Note the TDX module initialization doesn't
> use the _saved_ret() variant thus no wrapper is added for it.
> 
> SEAMCALL assembly can also return kernel-defined error codes for three
> special cases: 1) TDX isn't enabled by the BIOS; 2) TDX module isn't
> loaded; 3) CPU isn't in VMX operation.  Whether they can legally happen
> depends on the caller, so leave to the caller to print error message
> when desired.
> 
> Also convert the SEAMCALL error codes to the kernel error codes in the
> new wrappers so that each SEAMCALL caller doesn't have to repeat the
> conversion.
> 
> Signed-off-by: Kai Huang <kai.huang@intel.com>
> Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> ---
> 
> v13 -> v14:
>  - Use real functions to replace macros. (Dave)
>  - Moved printing error message for special error code to the caller
>    (internal)
>  - Added Kirill's tag
> 
> v12 -> v13:
>  - New implementation due to TDCALL assembly series.
> 
> ---
>  arch/x86/include/asm/tdx.h  |  1 +
>  arch/x86/virt/vmx/tdx/tdx.c | 52 +++++++++++++++++++++++++++++++++++++
>  2 files changed, 53 insertions(+)
> 
> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index d624aa25aab0..984efd3114ed 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -27,6 +27,7 @@
>  /*
>   * TDX module SEAMCALL leaf function error codes
>   */
> +#define TDX_SUCCESS		0ULL
>  #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
>  
>  #ifndef __ASSEMBLY__
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index 13d22ea2e2d9..52fb14e0195f 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -20,6 +20,58 @@ static u32 tdx_global_keyid __ro_after_init;
>  static u32 tdx_guest_keyid_start __ro_after_init;
>  static u32 tdx_nr_guest_keyids __ro_after_init;
>  
> +typedef void (*sc_err_func_t)(u64 fn, u64 err, struct tdx_module_args *args);
> +
> +static inline void seamcall_err(u64 fn, u64 err, struct tdx_module_args *args)
> +{
> +	pr_err("SEAMCALL (0x%llx) failed: 0x%llx\n", fn, err);
> +}
> +

Why pass args here?

> +static inline void seamcall_err_ret(u64 fn, u64 err,
> +				    struct tdx_module_args *args)
> +{
> +	seamcall_err(fn, err, args);
> +	pr_err("RCX 0x%llx RDX 0x%llx R8 0x%llx R9 0x%llx R10 0x%llx R11 0x%llx\n",
> +			args->rcx, args->rdx, args->r8, args->r9,
> +			args->r10, args->r11);
> +}
> +
> +static inline void seamcall_err_saved_ret(u64 fn, u64 err,
> +					  struct tdx_module_args *args)
> +{
> +	seamcall_err_ret(fn, err, args);
> +	pr_err("RBX 0x%llx RDI 0x%llx RSI 0x%llx R12 0x%llx R13 0x%llx R14 0x%llx R15 0x%llx\n",
> +			args->rbx, args->rdi, args->rsi, args->r12,
> +			args->r13, args->r14, args->r15);
> +}
> +
> +static inline int sc_retry_prerr(sc_func_t func, sc_err_func_t err_func,
> +				 u64 fn, struct tdx_module_args *args)
> +{
> +	u64 sret = sc_retry(func, fn, args);
> +
> +	if (sret == TDX_SUCCESS)
> +		return 0;
> +
> +	if (sret == TDX_SEAMCALL_VMFAILINVALID)
> +		return -ENODEV;
> +
> +	if (sret == TDX_SEAMCALL_GP)
> +		return -EOPNOTSUPP;
> +
> +	if (sret == TDX_SEAMCALL_UD)
> +		return -EACCES;
> +
> +	err_func(fn, sret, args);
> +	return -EIO;
> +}
> +
> +#define seamcall_prerr(__fn, __args)						\
> +	sc_retry_prerr(__seamcall, seamcall_err, (__fn), (__args))
> +
> +#define seamcall_prerr_ret(__fn, __args)					\
> +	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
> +
>  static int __init record_keyid_partitioning(u32 *tdx_keyid_start,
>  					    u32 *nr_tdx_keyids)
>  {

Huang, Kai Oct. 18, 2023, 6:27 a.m. UTC | #2

> >  
> > +typedef void (*sc_err_func_t)(u64 fn, u64 err, struct tdx_module_args *args);
> > +
> > +static inline void seamcall_err(u64 fn, u64 err, struct tdx_module_args *args)
> > +{
> > +	pr_err("SEAMCALL (0x%llx) failed: 0x%llx\n", fn, err);
> > +}
> > +
> 
> Why pass args here?

It needs to be sc_err_func_t so that it can be used by the common code
sc_retry_prerr() below.

> 
> > +static inline void seamcall_err_ret(u64 fn, u64 err,
> > +				    struct tdx_module_args *args)
> > +{
> > +	seamcall_err(fn, err, args);
> > +	pr_err("RCX 0x%llx RDX 0x%llx R8 0x%llx R9 0x%llx R10 0x%llx R11 0x%llx\n",
> > +			args->rcx, args->rdx, args->r8, args->r9,
> > +			args->r10, args->r11);
> > +}
> > +
> > +static inline void seamcall_err_saved_ret(u64 fn, u64 err,
> > +					  struct tdx_module_args *args)
> > +{
> > +	seamcall_err_ret(fn, err, args);
> > +	pr_err("RBX 0x%llx RDI 0x%llx RSI 0x%llx R12 0x%llx R13 0x%llx R14 0x%llx R15 0x%llx\n",
> > +			args->rbx, args->rdi, args->rsi, args->r12,
> > +			args->r13, args->r14, args->r15);
> > +}
> > +
> > +static inline int sc_retry_prerr(sc_func_t func, sc_err_func_t err_func,
> > +				 u64 fn, struct tdx_module_args *args)
> > +{
> > +	u64 sret = sc_retry(func, fn, args);
> > +
> > +	if (sret == TDX_SUCCESS)
> > +		return 0;
> > +
> > +	if (sret == TDX_SEAMCALL_VMFAILINVALID)
> > +		return -ENODEV;
> > +
> > +	if (sret == TDX_SEAMCALL_GP)
> > +		return -EOPNOTSUPP;
> > +
> > +	if (sret == TDX_SEAMCALL_UD)
> > +		return -EACCES;
> > +
> > +	err_func(fn, sret, args);
> > +	return -EIO;
> > +}
> > +
> > +#define seamcall_prerr(__fn, __args)						\
> > +	sc_retry_prerr(__seamcall, seamcall_err, (__fn), (__args))
> > +
> > +#define seamcall_prerr_ret(__fn, __args)					\
> > +	sc_retry_prerr(__seamcall_ret, seamcall_err_ret, (__fn), (__args))
> > +
> >  static int __init record_keyid_partitioning(u32 *tdx_keyid_start,
> >  					    u32 *nr_tdx_keyids)
> >  {
>

Nikolay Borisov Oct. 18, 2023, 7:40 a.m. UTC | #3

On 17.10.23 г. 13:14 ч., Kai Huang wrote:
> The SEAMCALLs involved during the TDX module initialization are not
> expected to fail.  In fact, they are not expected to return any non-zero
> code (except the "running out of entropy error", which can be handled
> internally already).
> 
> Add yet another set of SEAMCALL wrappers, which treats all non-zero
> return code as error, to support printing SEAMCALL error upon failure
> for module initialization.  Note the TDX module initialization doesn't
> use the _saved_ret() variant thus no wrapper is added for it.
> 
> SEAMCALL assembly can also return kernel-defined error codes for three
> special cases: 1) TDX isn't enabled by the BIOS; 2) TDX module isn't
> loaded; 3) CPU isn't in VMX operation.  Whether they can legally happen
> depends on the caller, so leave to the caller to print error message
> when desired.
> 
> Also convert the SEAMCALL error codes to the kernel error codes in the
> new wrappers so that each SEAMCALL caller doesn't have to repeat the
> conversion.
> 
> Signed-off-by: Kai Huang <kai.huang@intel.com>
> Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> ---
> 
> v13 -> v14:
>   - Use real functions to replace macros. (Dave)
>   - Moved printing error message for special error code to the caller
>     (internal)
>   - Added Kirill's tag
> 
> v12 -> v13:
>   - New implementation due to TDCALL assembly series.
> 
> ---
>   arch/x86/include/asm/tdx.h  |  1 +
>   arch/x86/virt/vmx/tdx/tdx.c | 52 +++++++++++++++++++++++++++++++++++++
>   2 files changed, 53 insertions(+)
> 
> diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h
> index d624aa25aab0..984efd3114ed 100644
> --- a/arch/x86/include/asm/tdx.h
> +++ b/arch/x86/include/asm/tdx.h
> @@ -27,6 +27,7 @@
>   /*
>    * TDX module SEAMCALL leaf function error codes
>    */
> +#define TDX_SUCCESS		0ULL
>   #define TDX_RND_NO_ENTROPY	0x8000020300000000ULL
>   
>   #ifndef __ASSEMBLY__
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index 13d22ea2e2d9..52fb14e0195f 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -20,6 +20,58 @@ static u32 tdx_global_keyid __ro_after_init;
>   static u32 tdx_guest_keyid_start __ro_after_init;
>   static u32 tdx_nr_guest_keyids __ro_after_init;
>   
> +typedef void (*sc_err_func_t)(u64 fn, u64 err, struct tdx_module_args *args);
> +
> +static inline void seamcall_err(u64 fn, u64 err, struct tdx_module_args *args)
> +{
> +	pr_err("SEAMCALL (0x%llx) failed: 0x%llx\n", fn, err);
> +}
> +
> +static inline void seamcall_err_ret(u64 fn, u64 err,
> +				    struct tdx_module_args *args)
> +{
> +	seamcall_err(fn, err, args);
> +	pr_err("RCX 0x%llx RDX 0x%llx R8 0x%llx R9 0x%llx R10 0x%llx R11 0x%llx\n",
> +			args->rcx, args->rdx, args->r8, args->r9,
> +			args->r10, args->r11);
> +}
> +
> +static inline void seamcall_err_saved_ret(u64 fn, u64 err,
> +					  struct tdx_module_args *args)

This function remains unused throughout the whole series, remove it and 
add it later when it's actually going to be useful.

<snip>

Huang, Kai Oct. 18, 2023, 8:26 a.m. UTC | #4

> > +
> > +static inline void seamcall_err_saved_ret(u64 fn, u64 err,
> > +					  struct tdx_module_args *args)
> 
> This function remains unused throughout the whole series, remove it and 
> add it later when it's actually going to be useful.
> 
> <snip>

OK fine to me.  Thanks.

Kuppuswamy Sathyanarayanan Oct. 18, 2023, 2:17 p.m. UTC | #5

On 10/17/2023 3:14 AM, Kai Huang wrote:
> The SEAMCALLs involved during the TDX module initialization are not
> expected to fail.  In fact, they are not expected to return any non-zero
> code (except the "running out of entropy error", which can be handled
> internally already).
> 
> Add yet another set of SEAMCALL wrappers, which treats all non-zero
> return code as error, to support printing SEAMCALL error upon failure
> for module initialization.  Note the TDX module initialization doesn't
> use the _saved_ret() variant thus no wrapper is added for it.
> 
> SEAMCALL assembly can also return kernel-defined error codes for three
> special cases: 1) TDX isn't enabled by the BIOS; 2) TDX module isn't
> loaded; 3) CPU isn't in VMX operation.  Whether they can legally happen
> depends on the caller, so leave to the caller to print error message
> when desired.
> 
> Also convert the SEAMCALL error codes to the kernel error codes in the
> new wrappers so that each SEAMCALL caller doesn't have to repeat the
> conversion.
> 
> Signed-off-by: Kai Huang <kai.huang@intel.com>
> Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
> ---
> 
> v13 -> v14:
>  - Use real functions to replace macros. (Dave)
>  - Moved printing error message for special error code to the caller
>    (internal)
>  - Added Kirill's tag
> 
> v12 -> v13:
>  - New implementation due to TDCALL assembly series.
> 
> ---

Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>

[v14,06/23] x86/virt/tdx: Add SEAMCALL error printing for module initialization

Commit Message

Comments

Patch