From patchwork Thu Nov 21 20:14:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Hunter X-Patchwork-Id: 13882329 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 225221D86C0; Thu, 21 Nov 2024 20:15:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220116; cv=none; b=BjjLkiUbOuSnwC6tToMaUhlqncB6Ylwfpt7OC2NRiOAkQsaStVimNunIioLZ43LzbmcYhHrGg1OF7RPmXdMziWnaazPCfgTiqWvXpK50YNZhQ37xK0pYTcfIBunI5g/IoIMK9FZ8LIFcIlkLXsXW+GHPAxe5AwJlPfBCZhBt8fI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220116; c=relaxed/simple; bh=yVO/Q8HE9TkANyC1SW60CkbycsVMbxMuXRRZMb4m8EI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=diGyU++2/LmIWYwT2zIPEGTk009bMMWu62r4oKd+IGZq7ooMN8WJtg3APW7Trn19Opzd6ydiNuMYu/0PCq3hSdnWwTux55FpjyUEZ5I5tyYiLzK2LieUmttmxmsfzCNdaxymeHjCpHoS/PsdWq3WDVYh+LzMmx60yvAz7Gr1ljk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=jPdGFKPI; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="jPdGFKPI" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732220115; x=1763756115; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yVO/Q8HE9TkANyC1SW60CkbycsVMbxMuXRRZMb4m8EI=; b=jPdGFKPIpsBeKteUMfCclAofpdjVgIBA/i7Qk4RRKWjmcSQBCWh3zNnY t+eYmok9ewTmXt9e/W+iVJLk639Vh5Kg/5txQYmvx0ppgg64RSiYVv8Sy jKhYPF+x4cwKnEq4IR+5+ctAXLiCB7XbFKeNK4feCiQsuGxyGHQxj12Uh EIpNvHW3ETgsOA9OwsmaJrfiY564NYp65Tb6IsejblGJ6vWlNjEGEllQa CvPwoj9aL2oggg9fKKGYZXWThne5GUfKjZrIrV2anaZFY7kueJQX8Pl/r cY0ydNhuCyU2RSGJWGt+paR9MA6k71Ka6//r5Y7sfKwXxcGwHYqV8rWLT g==; X-CSE-ConnectionGUID: D3HCVfPkQG+ZBFqxbONvdA== X-CSE-MsgGUID: qVavSsY9QiixPVi/VKvI0w== X-IronPort-AV: E=McAfee;i="6700,10204,11263"; a="31715841" X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="31715841" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:15 -0800 X-CSE-ConnectionGUID: YBAt5CoIToC2VREsAa1AkA== X-CSE-MsgGUID: F2bUpwlHQ2GOGAklmiOurQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="90161079" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.ger.corp.intel.com) ([10.246.16.81]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:09 -0800 From: Adrian Hunter To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, dave.hansen@linux.intel.com Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com, dmatlack@google.com, isaku.yamahata@intel.com, nik.borisov@suse.com, linux-kernel@vger.kernel.org, x86@kernel.org, yan.y.zhao@intel.com, chao.gao@intel.com, weijiang.yang@intel.com Subject: [PATCH RFC 1/7] x86/virt/tdx: Add SEAMCALL wrapper to enter/exit TDX guest Date: Thu, 21 Nov 2024 22:14:40 +0200 Message-ID: <20241121201448.36170-2-adrian.hunter@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241121201448.36170-1-adrian.hunter@intel.com> References: <20241121201448.36170-1-adrian.hunter@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki From: Kai Huang Intel TDX protects guest VM's from malicious host and certain physical attacks. TDX introduces a new operation mode, Secure Arbitration Mode (SEAM) to isolate and protect guest VM's. A TDX guest VM runs in SEAM and, unlike VMX, direct control and interaction with the guest by the host VMM is not possible. Instead, Intel TDX Module, which also runs in SEAM, provides a SEAMCALL API. The SEAMCALL that provides the ability to enter a guest is TDH.VP.ENTER. The TDX Module processes TDH.VP.ENTER, and enters the guest via VMX VMLAUNCH/VMRESUME instructions. When a guest VM-exit requires host VMM interaction, the TDH.VP.ENTER SEAMCALL returns to the host VMM (KVM). Add tdh_vp_enter() to wrap the SEAMCALL invocation of TDH.VP.ENTER. TDH.VP.ENTER is different from other SEAMCALLS in several ways: - it may take some time to return as the guest executes - it uses more arguments - after it returns some host state may need to be restored TDH.VP.ENTER arguments are passed through General Purpose Registers (GPRs). For the special case of the TD guest invoking TDG.VP.VMCALL, nearly any GPR can be used, as well as XMM0 to XMM15. Notably, RBP is not used, and Linux mandates the TDX Module feature NO_RBP_MOD, which is enforced elsewhere. Additionally, XMM registers are not required for the existing Guest Hypervisor Communication Interface and are handled by existing KVM code should they be modified by the guest. There are 2 input formats and 5 output formats for TDH.VP.ENTER arguments. Input #1 : Initial entry or following a previous async. TD Exit Input #2 : Following a previous TDCALL(TDG.VP.VMCALL) Output #1 : On Error (No TD Entry) Output #2 : Async. Exits with a VMX Architectural Exit Reason Output #3 : Async. Exits with a non-VMX TD Exit Status Output #4 : Async. Exits with Cross-TD Exit Details Output #5 : On TDCALL(TDG.VP.VMCALL) Currently, to keep things simple, the wrapper function does not attempt to support different formats, and just passes all the GPRs that could be used. The GPR values are held by KVM in the area set aside for guest GPRs. KVM code uses the guest GPR area (vcpu->arch.regs[]) to set up for or process results of tdh_vp_enter(). Therefore changing tdh_vp_enter() to use more complex argument formats would also alter the way KVM code interacts with tdh_vp_enter(). Signed-off-by: Kai Huang Signed-off-by: Adrian Hunter --- arch/x86/include/asm/tdx.h | 1 + arch/x86/virt/vmx/tdx/tdx.c | 8 ++++++++ arch/x86/virt/vmx/tdx/tdx.h | 1 + 3 files changed, 10 insertions(+) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index fdc81799171e..77477b905dca 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -123,6 +123,7 @@ int tdx_guest_keyid_alloc(void); void tdx_guest_keyid_free(unsigned int keyid); /* SEAMCALL wrappers for creating/destroying/running TDX guests */ +u64 tdh_vp_enter(u64 tdvpr, struct tdx_module_args *args); u64 tdh_mng_addcx(u64 tdr, u64 tdcs); u64 tdh_mem_page_add(u64 tdr, u64 gpa, u64 hpa, u64 source, u64 *rcx, u64 *rdx); u64 tdh_mem_sept_add(u64 tdr, u64 gpa, u64 level, u64 hpa, u64 *rcx, u64 *rdx); diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 04cb2f1d6deb..2a8997eb1ef1 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -1600,6 +1600,14 @@ static inline u64 tdx_seamcall_sept(u64 op, struct tdx_module_args *in) return ret; } +u64 tdh_vp_enter(u64 tdvpr, struct tdx_module_args *args) +{ + args->rcx = tdvpr; + + return __seamcall_saved_ret(TDH_VP_ENTER, args); +} +EXPORT_SYMBOL_GPL(tdh_vp_enter); + u64 tdh_mng_addcx(u64 tdr, u64 tdcs) { struct tdx_module_args args = { diff --git a/arch/x86/virt/vmx/tdx/tdx.h b/arch/x86/virt/vmx/tdx/tdx.h index 4919d00025c9..58d5754dcb4d 100644 --- a/arch/x86/virt/vmx/tdx/tdx.h +++ b/arch/x86/virt/vmx/tdx/tdx.h @@ -17,6 +17,7 @@ /* * TDX module SEAMCALL leaf functions */ +#define TDH_VP_ENTER 0 #define TDH_MNG_ADDCX 1 #define TDH_MEM_PAGE_ADD 2 #define TDH_MEM_SEPT_ADD 3 From patchwork Thu Nov 21 20:14:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Hunter X-Patchwork-Id: 13882330 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B1ED51D86C0; Thu, 21 Nov 2024 20:15:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220122; cv=none; b=Z4X1ECzbfYlt3j1yQG1Nf4WIRbM+AhSpAZW6AQ3KaYz8pHmFac5y3Qj7fjQ9isWGaDDGxpYOQ8BdrtpZMlrNdYlhDrB5Pqh0qEd8Oz0/pa2HsrXpJGDU08bVQzq3wYN9neUBv4Iqls9/7L+9xE0ZQRVwcp+ygDpg/KxHlG87zLg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220122; c=relaxed/simple; bh=6Z2tqqJknLmPPYg3OvT5e1jxsbO4U3HdMYacAGMDPs0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WUKrKf3n5CTJv0wZg3vAccFKKS5QtLDhP4Jp0AyZchafiACwAZJTEphm2EM+Vk0tcSVRls8n6ZtsEzg/8GPM3alQbPwNWQ0q8XAwRE14der3d2Zjei8s65Ys8D1HSbQHSQfLxCaWDt0i9Rx1wkC0XeBaX2ByRWWJxN4CheiOqWY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=Yt2ArKe6; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="Yt2ArKe6" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732220121; x=1763756121; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=6Z2tqqJknLmPPYg3OvT5e1jxsbO4U3HdMYacAGMDPs0=; b=Yt2ArKe6viuDc1mT4r8jtLUGZWqqeogt/a26TY1w6AIJNa9sXQWdURC3 /6fxu2LIPZ7OpCRXG/lnbBVIcmbXflYuYw+E3PFH+UlP4RR+AtmYD1bop AhfNodPfTrrrvHZoed56PIVHN7tnyWVXYEUbd4B2w4idywookXhEgQXqN Yw7eXr3EiN7nU+h5JyUbU9fie1klE7vZYm2VpZuxPmccBKe6cDoDhxl52 FpkWGmiU1MIBifKdWWYyMGlts3lK/xYhWllmDXcsmRUyMnLYXjhlySsyJ jGs+Z92UUBKRs+upa4KPgMe1sHQASLTWJqThSViuN8VTSwGOmSPeRausf w==; X-CSE-ConnectionGUID: zjLOa4yNQ8uGwGY1VgOzPw== X-CSE-MsgGUID: O1qCgw9cTTKU0EtpRyt4pQ== X-IronPort-AV: E=McAfee;i="6700,10204,11263"; a="31715852" X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="31715852" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:21 -0800 X-CSE-ConnectionGUID: /Fpq6F0RRC+9at4DeVHQxw== X-CSE-MsgGUID: mjDuX3d3Q/uOHAU1CLsSKg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="90161090" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.ger.corp.intel.com) ([10.246.16.81]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:15 -0800 From: Adrian Hunter To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, dave.hansen@linux.intel.com Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com, dmatlack@google.com, isaku.yamahata@intel.com, nik.borisov@suse.com, linux-kernel@vger.kernel.org, x86@kernel.org, yan.y.zhao@intel.com, chao.gao@intel.com, weijiang.yang@intel.com Subject: [PATCH 2/7] KVM: TDX: Implement TDX vcpu enter/exit path Date: Thu, 21 Nov 2024 22:14:41 +0200 Message-ID: <20241121201448.36170-3-adrian.hunter@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241121201448.36170-1-adrian.hunter@intel.com> References: <20241121201448.36170-1-adrian.hunter@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki From: Isaku Yamahata This patch implements running TDX vcpu. Once vcpu runs on the logical processor (LP), the TDX vcpu is associated with it. When the TDX vcpu moves to another LP, the TDX vcpu needs to flush its status on the LP. When destroying TDX vcpu, it needs to complete flush, and flush cpu memory cache. Track which LP the TDX vcpu run and flush it as necessary. Compared to VMX, do nothing on sched_in event as TDX doesn't support pause loop. Signed-off-by: Isaku Yamahata Signed-off-by: Adrian Hunter --- TD vcpu enter/exit v1: - Make argument of tdx_vcpu_enter_exit() struct kvm_vcpu. - Update for the wrapper functions for SEAMCALLs. (Sean) - Remove noinstr (Sean) - Add a missing comma, clarify sched_in part, and update changelog to match code by dropping the PMU related paragraph (Binbin) https://lore.kernel.org/lkml/c0029d4d-3dee-4f11-a929-d64d2651bfb3@linux.intel.com/ - Remove the union tdx_exit_reason. (Sean) https://lore.kernel.org/kvm/ZfSExlemFMKjBtZb@google.com/ - Remove the code of special handling of vcpu->kvm->vm_bugged (Rick) https://lore.kernel.org/kvm/20240318234010.GD1645738@ls.amr.corp.intel.com/ - For !tdx->initialized case, set tdx->vp_enter_ret to TDX_SW_ERROR to avoid collision with EXIT_REASON_EXCEPTION_NMI. v19: - Removed export_symbol_gpl(host_xcr0) to the patch that uses it Changes v15 -> v16: - use __seamcall_saved_ret() - As struct tdx_module_args doesn't match with vcpu.arch.regs, copy regs before/after calling __seamcall_saved_ret(). --- arch/x86/kvm/vmx/main.c | 21 ++++++++++- arch/x86/kvm/vmx/tdx.c | 76 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/tdx.h | 2 + arch/x86/kvm/vmx/x86_ops.h | 5 +++ 4 files changed, 102 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index bfed421e6fbb..44ec6005a448 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -129,6 +129,23 @@ static void vt_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmx_vcpu_load(vcpu, cpu); } +static int vt_vcpu_pre_run(struct kvm_vcpu *vcpu) +{ + if (is_td_vcpu(vcpu)) + /* Unconditionally continue to vcpu_run(). */ + return 1; + + return vmx_vcpu_pre_run(vcpu); +} + +static fastpath_t vt_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) +{ + if (is_td_vcpu(vcpu)) + return tdx_vcpu_run(vcpu, force_immediate_exit); + + return vmx_vcpu_run(vcpu, force_immediate_exit); +} + static void vt_flush_tlb_all(struct kvm_vcpu *vcpu) { if (is_td_vcpu(vcpu)) { @@ -267,8 +284,8 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .flush_tlb_gva = vt_flush_tlb_gva, .flush_tlb_guest = vt_flush_tlb_guest, - .vcpu_pre_run = vmx_vcpu_pre_run, - .vcpu_run = vmx_vcpu_run, + .vcpu_pre_run = vt_vcpu_pre_run, + .vcpu_run = vt_vcpu_run, .handle_exit = vmx_handle_exit, .skip_emulated_instruction = vmx_skip_emulated_instruction, .update_emulated_instruction = vmx_update_emulated_instruction, diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index dc6c5f40608e..5fa5b65b9588 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -10,6 +10,9 @@ #include "mmu/spte.h" #include "common.h" +#include +#include "trace.h" + #undef pr_fmt #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt @@ -662,6 +665,79 @@ void tdx_vcpu_free(struct kvm_vcpu *vcpu) } +static void tdx_vcpu_enter_exit(struct kvm_vcpu *vcpu) +{ + struct vcpu_tdx *tdx = to_tdx(vcpu); + struct tdx_module_args args; + + guest_state_enter_irqoff(); + + /* + * TODO: optimization: + * - Eliminate copy between args and vcpu->arch.regs. + * - copyin/copyout registers only if (tdx->tdvmvall.regs_mask != 0) + * which means TDG.VP.VMCALL. + */ + args = (struct tdx_module_args) { + .rcx = tdx->tdvpr_pa, +#define REG(reg, REG) .reg = vcpu->arch.regs[VCPU_REGS_ ## REG] + REG(rdx, RDX), + REG(r8, R8), + REG(r9, R9), + REG(r10, R10), + REG(r11, R11), + REG(r12, R12), + REG(r13, R13), + REG(r14, R14), + REG(r15, R15), + REG(rbx, RBX), + REG(rdi, RDI), + REG(rsi, RSI), +#undef REG + }; + + tdx->vp_enter_ret = tdh_vp_enter(tdx->tdvpr_pa, &args); + +#define REG(reg, REG) vcpu->arch.regs[VCPU_REGS_ ## REG] = args.reg + REG(rcx, RCX); + REG(rdx, RDX); + REG(r8, R8); + REG(r9, R9); + REG(r10, R10); + REG(r11, R11); + REG(r12, R12); + REG(r13, R13); + REG(r14, R14); + REG(r15, R15); + REG(rbx, RBX); + REG(rdi, RDI); + REG(rsi, RSI); +#undef REG + + guest_state_exit_irqoff(); +} + +fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) +{ + struct vcpu_tdx *tdx = to_tdx(vcpu); + + /* TDX exit handle takes care of this error case. */ + if (unlikely(tdx->state != VCPU_TD_STATE_INITIALIZED)) { + /* Set to avoid collision with EXIT_REASON_EXCEPTION_NMI. */ + tdx->vp_enter_ret = TDX_SW_ERROR; + return EXIT_FASTPATH_NONE; + } + + trace_kvm_entry(vcpu, force_immediate_exit); + + tdx_vcpu_enter_exit(vcpu); + + vcpu->arch.regs_avail &= ~VMX_REGS_LAZY_LOAD_SET; + trace_kvm_exit(vcpu, KVM_ISA_VMX); + + return EXIT_FASTPATH_NONE; +} + void tdx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, int pgd_level) { u64 shared_bit = (pgd_level == 5) ? TDX_SHARED_BIT_PWL_5 : diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index 899654519df6..ebee1049b08b 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -51,6 +51,8 @@ struct vcpu_tdx { struct list_head cpu_list; + u64 vp_enter_ret; + enum vcpu_tdx_state state; }; diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index 06583b1afa4f..3d292a677b92 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -129,6 +129,7 @@ int tdx_vm_ioctl(struct kvm *kvm, void __user *argp); int tdx_vcpu_create(struct kvm_vcpu *vcpu); void tdx_vcpu_free(struct kvm_vcpu *vcpu); void tdx_vcpu_load(struct kvm_vcpu *vcpu, int cpu); +fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit); int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp); @@ -156,6 +157,10 @@ static inline int tdx_vm_ioctl(struct kvm *kvm, void __user *argp) { return -EOP static inline int tdx_vcpu_create(struct kvm_vcpu *vcpu) { return -EOPNOTSUPP; } static inline void tdx_vcpu_free(struct kvm_vcpu *vcpu) {} static inline void tdx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) {} +static inline fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) +{ + return EXIT_FASTPATH_NONE; +} static inline int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp) { return -EOPNOTSUPP; } From patchwork Thu Nov 21 20:14:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Hunter X-Patchwork-Id: 13882331 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2BEE51DD9A8; Thu, 21 Nov 2024 20:15:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220127; cv=none; b=P46o4cr/YuxYbnMfAmsD/6aavksp44QfIiZ7J4NhGK68Kjf2wXuQl2azdj6ivmiLotCUWgzWwEC9aet5ctBrb7SYPdYkb7o2FbouQdKPVaPfXpToZOdMDEDSK8hieheBKfwWbRxQIYNgqozNIvglU0fwh51SDfd4RLnGQSE7m+o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220127; c=relaxed/simple; bh=c9HCZctPwLBPjlJ46aJHAtvnSoCVKDnGWM//g84sQIQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HLGqELG8grU0Ba/B4W1MwUXZDshPH7xVBHh69gQYSWX/rYoUH5oG11G7H4ycI2Z4m5p9I5wyJm2eYdbYcTOlcUPI3zoRfKB1VTflWCO0kPRNPiMm2e0BerArB02H8ye9VYpab+F6XGynDh6TMRhGiJ5hM0UfTKldVnEVCPKzJag= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=af/lvajy; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="af/lvajy" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732220126; x=1763756126; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=c9HCZctPwLBPjlJ46aJHAtvnSoCVKDnGWM//g84sQIQ=; b=af/lvajyFyoWFEZbG8iHfvcK+Ux3dNv+RdmndZS7IxdSqovvDv0bCENl NPPImcnqIFrDNWSXtmLwJnRHEG2jzEofFM4NiPWnGACLcQfqG64zqs20g NPaNMGtNjOIa6Mn59yWo1AJ6WQSNHG+oBRx6IXMlN35rAv+yEI6NeOio0 T+CQtUCVijHaKyNoh4iABNvt6za2rm4Q39T7Ugg4PHxJV1AmOEtCV+Xrb lr586ydHUPBQvJOnyC2M8pnYbQ+ECM7n3vcaz7KfUs0oU6GY/PICceiuC Fhlt6u/brXDz1VTAfQaQQ7kFnRGp/vZFroumaLxceF5Mq/1fOGipzkAZx Q==; X-CSE-ConnectionGUID: vI1QY8xmQrWSv93fkzGubQ== X-CSE-MsgGUID: V+bp6UnBT/CBSStqr37kMQ== X-IronPort-AV: E=McAfee;i="6700,10204,11263"; a="31715868" X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="31715868" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:26 -0800 X-CSE-ConnectionGUID: zkWfvqhpR6a9ZGMcS/22Pg== X-CSE-MsgGUID: /Tiu0zipT0WbCmiFUnGrHA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="90161109" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.ger.corp.intel.com) ([10.246.16.81]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:20 -0800 From: Adrian Hunter To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, dave.hansen@linux.intel.com Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com, dmatlack@google.com, isaku.yamahata@intel.com, nik.borisov@suse.com, linux-kernel@vger.kernel.org, x86@kernel.org, yan.y.zhao@intel.com, chao.gao@intel.com, weijiang.yang@intel.com Subject: [PATCH 3/7] KVM: TDX: vcpu_run: save/restore host state(host kernel gs) Date: Thu, 21 Nov 2024 22:14:42 +0200 Message-ID: <20241121201448.36170-4-adrian.hunter@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241121201448.36170-1-adrian.hunter@intel.com> References: <20241121201448.36170-1-adrian.hunter@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki From: Isaku Yamahata On entering/exiting TDX vcpu, preserved or clobbered CPU state is different from the VMX case. Add TDX hooks to save/restore host/guest CPU state. Save/restore kernel GS base MSR. Signed-off-by: Isaku Yamahata Signed-off-by: Adrian Hunter Reviewed-by: Paolo Bonzini --- TD vcpu enter/exit v1: - Clarify comment (Binbin) - Use lower case preserved and add the for VMX in log (Tony) - Fix bisectability issue with includes (Kai) --- arch/x86/kvm/vmx/main.c | 24 ++++++++++++++++++-- arch/x86/kvm/vmx/tdx.c | 46 ++++++++++++++++++++++++++++++++++++++ arch/x86/kvm/vmx/tdx.h | 4 ++++ arch/x86/kvm/vmx/x86_ops.h | 4 ++++ 4 files changed, 76 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 44ec6005a448..3a8ffc199be2 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -129,6 +129,26 @@ static void vt_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmx_vcpu_load(vcpu, cpu); } +static void vt_prepare_switch_to_guest(struct kvm_vcpu *vcpu) +{ + if (is_td_vcpu(vcpu)) { + tdx_prepare_switch_to_guest(vcpu); + return; + } + + vmx_prepare_switch_to_guest(vcpu); +} + +static void vt_vcpu_put(struct kvm_vcpu *vcpu) +{ + if (is_td_vcpu(vcpu)) { + tdx_vcpu_put(vcpu); + return; + } + + vmx_vcpu_put(vcpu); +} + static int vt_vcpu_pre_run(struct kvm_vcpu *vcpu) { if (is_td_vcpu(vcpu)) @@ -250,9 +270,9 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .vcpu_free = vt_vcpu_free, .vcpu_reset = vt_vcpu_reset, - .prepare_switch_to_guest = vmx_prepare_switch_to_guest, + .prepare_switch_to_guest = vt_prepare_switch_to_guest, .vcpu_load = vt_vcpu_load, - .vcpu_put = vmx_vcpu_put, + .vcpu_put = vt_vcpu_put, .update_exception_bitmap = vmx_update_exception_bitmap, .get_feature_msr = vmx_get_feature_msr, diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 5fa5b65b9588..6e4ea2d420bc 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -1,6 +1,7 @@ // SPDX-License-Identifier: GPL-2.0 #include #include +#include #include #include "capabilities.h" #include "mmu.h" @@ -9,6 +10,7 @@ #include "vmx.h" #include "mmu/spte.h" #include "common.h" +#include "posted_intr.h" #include #include "trace.h" @@ -605,6 +607,9 @@ int tdx_vcpu_create(struct kvm_vcpu *vcpu) if ((kvm_tdx->xfam & XFEATURE_MASK_XTILE) == XFEATURE_MASK_XTILE) vcpu->arch.xfd_no_write_intercept = true; + tdx->host_state_need_save = true; + tdx->host_state_need_restore = false; + tdx->state = VCPU_TD_STATE_UNINITIALIZED; return 0; @@ -631,6 +636,45 @@ void tdx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) local_irq_enable(); } +/* + * Compared to vmx_prepare_switch_to_guest(), there is not much to do + * as SEAMCALL/SEAMRET calls take care of most of save and restore. + */ +void tdx_prepare_switch_to_guest(struct kvm_vcpu *vcpu) +{ + struct vcpu_tdx *tdx = to_tdx(vcpu); + + if (!tdx->host_state_need_save) + return; + + if (likely(is_64bit_mm(current->mm))) + tdx->msr_host_kernel_gs_base = current->thread.gsbase; + else + tdx->msr_host_kernel_gs_base = read_msr(MSR_KERNEL_GS_BASE); + + tdx->host_state_need_save = false; +} + +static void tdx_prepare_switch_to_host(struct kvm_vcpu *vcpu) +{ + struct vcpu_tdx *tdx = to_tdx(vcpu); + + tdx->host_state_need_save = true; + if (!tdx->host_state_need_restore) + return; + + ++vcpu->stat.host_state_reload; + + wrmsrl(MSR_KERNEL_GS_BASE, tdx->msr_host_kernel_gs_base); + tdx->host_state_need_restore = false; +} + +void tdx_vcpu_put(struct kvm_vcpu *vcpu) +{ + vmx_vcpu_pi_put(vcpu); + tdx_prepare_switch_to_host(vcpu); +} + void tdx_vcpu_free(struct kvm_vcpu *vcpu) { struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm); @@ -732,6 +776,8 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) tdx_vcpu_enter_exit(vcpu); + tdx->host_state_need_restore = true; + vcpu->arch.regs_avail &= ~VMX_REGS_LAZY_LOAD_SET; trace_kvm_exit(vcpu, KVM_ISA_VMX); diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index ebee1049b08b..48cf0a1abfcc 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -54,6 +54,10 @@ struct vcpu_tdx { u64 vp_enter_ret; enum vcpu_tdx_state state; + + bool host_state_need_save; + bool host_state_need_restore; + u64 msr_host_kernel_gs_base; }; void tdh_vp_rd_failed(struct vcpu_tdx *tdx, char *uclass, u32 field, u64 err); diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index 3d292a677b92..5bd45a720007 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -130,6 +130,8 @@ int tdx_vcpu_create(struct kvm_vcpu *vcpu); void tdx_vcpu_free(struct kvm_vcpu *vcpu); void tdx_vcpu_load(struct kvm_vcpu *vcpu, int cpu); fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit); +void tdx_prepare_switch_to_guest(struct kvm_vcpu *vcpu); +void tdx_vcpu_put(struct kvm_vcpu *vcpu); int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp); @@ -161,6 +163,8 @@ static inline fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediat { return EXIT_FASTPATH_NONE; } +static inline void tdx_prepare_switch_to_guest(struct kvm_vcpu *vcpu) {} +static inline void tdx_vcpu_put(struct kvm_vcpu *vcpu) {} static inline int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp) { return -EOPNOTSUPP; } From patchwork Thu Nov 21 20:14:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Hunter X-Patchwork-Id: 13882332 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B153F1DDC29; Thu, 21 Nov 2024 20:15:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220133; cv=none; b=bixJOYAUtOq8rJW/S3pgL4Ts9zqHk+D3f+1dy+lHP1BrkL93h2/E5/upUhEW6KSXuWxQdWoz9YKxjDXdVb8xGrj63iVuSdua6SK5R2lQxJo3iRqUOIILuY2+9EboZGnKl8I1ORrc6OIBppPxKt1xH0X9sYrMNv8CJXbnb0biqC8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220133; c=relaxed/simple; bh=+lyKQromjlZ1o8mi9dmy7hdTdeQ50uC0f5mCP8Awlyg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Pck3G6QdAVBPKFt3dB3Az01rZPXMc1WNFbsFLgpi8Cb851EyjR/+7HpKhZgg+BfB8hMOiw71VPOClg4e8O5GE88j/SSnurR3daYYMjKHhC8BMyMjh/h4gZi6eqUWkaUXcOGbZgiFdXoaU9p9oJEF7qT5fxw0oEoqfp4h98xBtb4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=K30g/Dsf; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="K30g/Dsf" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732220132; x=1763756132; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=+lyKQromjlZ1o8mi9dmy7hdTdeQ50uC0f5mCP8Awlyg=; b=K30g/DsfnGMVxPffCyhJRXraz6/he3cKt+HK7w1Z+xrESSMzb5d2vAx7 QILgvJa/qV26KB8OLiajGFi0tfg5beNFJf6nPhwIO8+tdaKntPMkDJequ lFT54h/ty1zVA80aJS2e7osW1BiohQtcCYEtmuw/3DpT/VwWQoFcAP/V9 5cGvCLWgWXNToRoHS4mybO16XU47Zxykbov0wb1st43KFZhcf0mFTPh2x W9bTbYzVEFewrrUyqxspT9L2vO8J4BJ0m3Pc2G5ewW0s+QFa7/tHz0cWU X/yW7K339YoPRf8lIRb8b9Ivi3WK0NmFVOmhkVyYOx8XpqIuRqcvJ96XT w==; X-CSE-ConnectionGUID: DfSiJJMQQgWFhQjCqUEDDQ== X-CSE-MsgGUID: It6uzUE0QTm5MtXSVjNzjQ== X-IronPort-AV: E=McAfee;i="6700,10204,11263"; a="31715892" X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="31715892" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:32 -0800 X-CSE-ConnectionGUID: LreYr/DVTqaEMJcxQ97JVg== X-CSE-MsgGUID: BFuFuoiUR+Gp96mAw8oivQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="90161114" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.ger.corp.intel.com) ([10.246.16.81]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:26 -0800 From: Adrian Hunter To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, dave.hansen@linux.intel.com Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com, dmatlack@google.com, isaku.yamahata@intel.com, nik.borisov@suse.com, linux-kernel@vger.kernel.org, x86@kernel.org, yan.y.zhao@intel.com, chao.gao@intel.com, weijiang.yang@intel.com Subject: [PATCH 4/7] KVM: TDX: restore host xsave state when exit from the guest TD Date: Thu, 21 Nov 2024 22:14:43 +0200 Message-ID: <20241121201448.36170-5-adrian.hunter@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241121201448.36170-1-adrian.hunter@intel.com> References: <20241121201448.36170-1-adrian.hunter@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki From: Isaku Yamahata On exiting from the guest TD, xsave state is clobbered. Restore xsave state on TD exit. Signed-off-by: Isaku Yamahata Signed-off-by: Adrian Hunter --- TD vcpu enter/exit v1: - Remove noinstr on tdx_vcpu_enter_exit() (Sean) - Switch to kvm_host struct for xcr0 and xss v19: - Add EXPORT_SYMBOL_GPL(host_xcr0) v15 -> v16: - Added CET flag mask --- arch/x86/kvm/vmx/tdx.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 6e4ea2d420bc..00fdd2932205 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -2,6 +2,8 @@ #include #include #include + +#include #include #include "capabilities.h" #include "mmu.h" @@ -709,6 +711,24 @@ void tdx_vcpu_free(struct kvm_vcpu *vcpu) } +static void tdx_restore_host_xsave_state(struct kvm_vcpu *vcpu) +{ + struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm); + + if (static_cpu_has(X86_FEATURE_XSAVE) && + kvm_host.xcr0 != (kvm_tdx->xfam & kvm_caps.supported_xcr0)) + xsetbv(XCR_XFEATURE_ENABLED_MASK, kvm_host.xcr0); + if (static_cpu_has(X86_FEATURE_XSAVES) && + /* PT can be exposed to TD guest regardless of KVM's XSS support */ + kvm_host.xss != (kvm_tdx->xfam & + (kvm_caps.supported_xss | XFEATURE_MASK_PT | + XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL))) + wrmsrl(MSR_IA32_XSS, kvm_host.xss); + if (static_cpu_has(X86_FEATURE_PKU) && + (kvm_tdx->xfam & XFEATURE_MASK_PKRU)) + write_pkru(vcpu->arch.host_pkru); +} + static void tdx_vcpu_enter_exit(struct kvm_vcpu *vcpu) { struct vcpu_tdx *tdx = to_tdx(vcpu); @@ -776,6 +796,7 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) tdx_vcpu_enter_exit(vcpu); + tdx_restore_host_xsave_state(vcpu); tdx->host_state_need_restore = true; vcpu->arch.regs_avail &= ~VMX_REGS_LAZY_LOAD_SET; From patchwork Thu Nov 21 20:14:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Hunter X-Patchwork-Id: 13882333 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 480B31DE2B5; Thu, 21 Nov 2024 20:15:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220139; cv=none; b=jkDezVvEmUMFPsbaCzkrCPsJDvpDENKZkDBCnDN/vsgWdecEu7B/Jh8AbwQ+X0Etz+HIKzZZPsmzM/qzaVmWaQU5lLJxoFbi3/iFjruhv8JDqWsStX6I4BXlaemGFCOVvJxq8ta8VverNmlNTHXmxwX4kwUqkcRcNcLOgXrtF4s= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220139; c=relaxed/simple; bh=PatvNqUnDEkJGUkiPz9VCdWdENsRWsvrlvB8gF01Pcw=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=TYdN4mAmBTPQNxyQf7qlQspBgyU5x1juSLtGSJwZpF5Ui7b/IXdcG0rVv7z7yTdsmFHjhu79xLpvU2XJZgnV89EhrZ8wPHGvi7LN7R3/qRRDhRhTNrewsNSiBO7JDBgxHmxjbqd4MPZXp/jAuMpRa82gc78XLn1vgqpEOOtD+24= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=AmVOsVPr; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="AmVOsVPr" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732220138; x=1763756138; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=PatvNqUnDEkJGUkiPz9VCdWdENsRWsvrlvB8gF01Pcw=; b=AmVOsVPr+syPu8VjcYW5UaoJ7iDbWpTj8v3b7yXN2pEiEY/voQFOnn0B CHBGaOE/2TfBCX791bqUa5TBbWVUgDj8my0P0LSDOzBLEU0DnR7bQ8Qp9 HtaI7Sn1VVnuYHRJV0msnxnIgfluYtYl48yfLVH7dwfNg64Ezc+t3/9WZ 3pNnYoNfZp5/FLOxnAFMNQI3OtOIebooZzFW2BjGTsKM33o1ixEgig49P 9I3UZGomNeo1V8ab63GRQQUR6o1wHuqb5RN4d0Xxgs6VB7oCRkDSSbUiR UeMwQfpIlWaF85WaSjsGNpwEjhbJC2pUIqFAGy+6uxE6kk2F4XqPAlzbr w==; X-CSE-ConnectionGUID: t0VPECI5Q82VIVpsRf90rQ== X-CSE-MsgGUID: 1zQNSqMtRO6/YvC32bkA9Q== X-IronPort-AV: E=McAfee;i="6700,10204,11263"; a="31715906" X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="31715906" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:37 -0800 X-CSE-ConnectionGUID: ODRuC8OMSWCSmdLpsnA7Xg== X-CSE-MsgGUID: pXrabNxUTyOCY/RWC8eHVw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="90161118" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.ger.corp.intel.com) ([10.246.16.81]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:31 -0800 From: Adrian Hunter To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, dave.hansen@linux.intel.com Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com, dmatlack@google.com, isaku.yamahata@intel.com, nik.borisov@suse.com, linux-kernel@vger.kernel.org, x86@kernel.org, yan.y.zhao@intel.com, chao.gao@intel.com, weijiang.yang@intel.com Subject: [PATCH 5/7] KVM: x86: Allow to update cached values in kvm_user_return_msrs w/o wrmsr Date: Thu, 21 Nov 2024 22:14:44 +0200 Message-ID: <20241121201448.36170-6-adrian.hunter@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241121201448.36170-1-adrian.hunter@intel.com> References: <20241121201448.36170-1-adrian.hunter@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki From: Chao Gao Several MSRs are constant and only used in userspace(ring 3). But VMs may have different values. KVM uses kvm_set_user_return_msr() to switch to guest's values and leverages user return notifier to restore them when the kernel is to return to userspace. To eliminate unnecessary wrmsr, KVM also caches the value it wrote to an MSR last time. TDX module unconditionally resets some of these MSRs to architectural INIT state on TD exit. It makes the cached values in kvm_user_return_msrs are inconsistent with values in hardware. This inconsistency needs to be fixed. Otherwise, it may mislead kvm_on_user_return() to skip restoring some MSRs to the host's values. kvm_set_user_return_msr() can help correct this case, but it is not optimal as it always does a wrmsr. So, introduce a variation of kvm_set_user_return_msr() to update cached values and skip that wrmsr. Signed-off-by: Chao Gao Signed-off-by: Isaku Yamahata Signed-off-by: Adrian Hunter Reviewed-by: Paolo Bonzini --- TD vcpu enter/exit v1: - Rename functions and remove useless comment (Binbin) --- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/x86.c | 24 +++++++++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index dfa89a5d15ef..e51a95aba824 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -2303,6 +2303,7 @@ int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ipi_bitmap_low, int kvm_add_user_return_msr(u32 msr); int kvm_find_user_return_msr(u32 msr); int kvm_set_user_return_msr(unsigned index, u64 val, u64 mask); +void kvm_user_return_msr_update_cache(unsigned int index, u64 val); static inline bool kvm_is_supported_user_return_msr(u32 msr) { diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 92de7ebf2cee..2b5b0ae3dd7e 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -637,6 +637,15 @@ static void kvm_user_return_msr_cpu_online(void) } } +static void kvm_user_return_register_notifier(struct kvm_user_return_msrs *msrs) +{ + if (!msrs->registered) { + msrs->urn.on_user_return = kvm_on_user_return; + user_return_notifier_register(&msrs->urn); + msrs->registered = true; + } +} + int kvm_set_user_return_msr(unsigned slot, u64 value, u64 mask) { struct kvm_user_return_msrs *msrs = this_cpu_ptr(user_return_msrs); @@ -650,15 +659,20 @@ int kvm_set_user_return_msr(unsigned slot, u64 value, u64 mask) return 1; msrs->values[slot].curr = value; - if (!msrs->registered) { - msrs->urn.on_user_return = kvm_on_user_return; - user_return_notifier_register(&msrs->urn); - msrs->registered = true; - } + kvm_user_return_register_notifier(msrs); return 0; } EXPORT_SYMBOL_GPL(kvm_set_user_return_msr); +void kvm_user_return_msr_update_cache(unsigned int slot, u64 value) +{ + struct kvm_user_return_msrs *msrs = this_cpu_ptr(user_return_msrs); + + msrs->values[slot].curr = value; + kvm_user_return_register_notifier(msrs); +} +EXPORT_SYMBOL_GPL(kvm_user_return_msr_update_cache); + static void drop_user_return_notifiers(void) { struct kvm_user_return_msrs *msrs = this_cpu_ptr(user_return_msrs); From patchwork Thu Nov 21 20:14:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Hunter X-Patchwork-Id: 13882334 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EE6EC1DE2DC; Thu, 21 Nov 2024 20:15:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220144; cv=none; b=D4TGF4E3ayojfn0zFz/tLxbPhCXHLYUOUcF6/DxXvQL7RthKvXbNg1H8VQBiaEF9VbXZ6uyP0ioJZE++ji9/yxyOiFuP0zY7zLC7Aaua/AK9ZX6T6APzn7LT4Rm1ktRwhdZtUNnuIo+OC2OzyaTAisqlkKXCYmPa74NfuIb8eIU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220144; c=relaxed/simple; bh=ipju11d9uomFIv1hzZmYguMlYVvUFAhODJWr4EVRraM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qfMQdd7NNkQ6A4vZNXFo8RRjHuDspkusLLmBCiKe/9P39I17SLNJsYCjwfA2Mx4eLTwuQWAIaBuxIZa41+KIE6dpsc6HCma4gIjNr4qIXRkkiW0v/sg5rn0P0DGvjw09oRWVoCj0TRO40jTqX2lgHOgUD/uIsF1js8NL97oouGM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=JJHQ5wiD; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="JJHQ5wiD" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732220143; x=1763756143; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=ipju11d9uomFIv1hzZmYguMlYVvUFAhODJWr4EVRraM=; b=JJHQ5wiDL+rz4a2VqaTNRadwuaGY+WdtC1GV/ml+UaI+E7zcOGUFF3wh if5TVl4W9uI3cTwu/PMRpTWJpTHvhHxNUMBkiEdCRKd96ehE1GP+PLwaD 0V09xaTKx6LdeQIFGdR7nUZ1ypwJinXAXDaFHPEAaFAmHRjKf8l/N0ku7 XfqLwcwLZHptReJR3Ex7K4psQwJQju0o+5XiXvw4NBU/ex3CwjVr43jbx x4Mw/w11cAI0/3NezSvP4Vw0i00SFX+RUYdMV65Wq0XbQ9z7YlSGOsJ4l jJpZoelzJN0M5hxSFk5XlM1/5Z1w21yaGwlTUtfHUX1teP/sPb7mdnZww Q==; X-CSE-ConnectionGUID: pq5ev+iSRGGr4RL+cZNEeg== X-CSE-MsgGUID: Fpf6t8/yQseBcI1lsOTRRA== X-IronPort-AV: E=McAfee;i="6700,10204,11263"; a="31715928" X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="31715928" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:43 -0800 X-CSE-ConnectionGUID: NXOnp3amSWWnuaEgFzKtvw== X-CSE-MsgGUID: iSnH9ZwsQJ+EoWnhMpKDwQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="90161121" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.ger.corp.intel.com) ([10.246.16.81]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:37 -0800 From: Adrian Hunter To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, dave.hansen@linux.intel.com Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com, dmatlack@google.com, isaku.yamahata@intel.com, nik.borisov@suse.com, linux-kernel@vger.kernel.org, x86@kernel.org, yan.y.zhao@intel.com, chao.gao@intel.com, weijiang.yang@intel.com Subject: [PATCH 6/7] KVM: TDX: restore user ret MSRs Date: Thu, 21 Nov 2024 22:14:45 +0200 Message-ID: <20241121201448.36170-7-adrian.hunter@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241121201448.36170-1-adrian.hunter@intel.com> References: <20241121201448.36170-1-adrian.hunter@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki From: Isaku Yamahata Several user ret MSRs are clobbered on TD exit. Restore those values on TD exit and before returning to ring 3. Because TSX_CTRL requires special treatment, this patch doesn't address it. Co-developed-by: Tony Lindgren Signed-off-by: Tony Lindgren Signed-off-by: Isaku Yamahata Signed-off-by: Adrian Hunter Reviewed-by: Paolo Bonzini --- TD vcpu enter/exit v1: - Rename tdx_user_return_update_cache() -> tdx_user_return_msr_update_cache() (extrapolated from Binbin) - Adjust to rename in previous patches (Binbin) - Simplify comment (Tony) - Move code change in tdx_hardware_setup() to __tdx_bringup(). --- arch/x86/kvm/vmx/tdx.c | 42 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 00fdd2932205..4a33ca54c8ba 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -2,7 +2,6 @@ #include #include #include - #include #include #include "capabilities.h" @@ -711,6 +710,28 @@ void tdx_vcpu_free(struct kvm_vcpu *vcpu) } +struct tdx_uret_msr { + u32 msr; + unsigned int slot; + u64 defval; +}; + +static struct tdx_uret_msr tdx_uret_msrs[] = { + {.msr = MSR_SYSCALL_MASK, .defval = 0x20200 }, + {.msr = MSR_STAR,}, + {.msr = MSR_LSTAR,}, + {.msr = MSR_TSC_AUX,}, +}; + +static void tdx_user_return_msr_update_cache(void) +{ + int i; + + for (i = 0; i < ARRAY_SIZE(tdx_uret_msrs); i++) + kvm_user_return_msr_update_cache(tdx_uret_msrs[i].slot, + tdx_uret_msrs[i].defval); +} + static void tdx_restore_host_xsave_state(struct kvm_vcpu *vcpu) { struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm); @@ -796,6 +817,7 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) tdx_vcpu_enter_exit(vcpu); + tdx_user_return_msr_update_cache(); tdx_restore_host_xsave_state(vcpu); tdx->host_state_need_restore = true; @@ -2233,6 +2255,24 @@ static int __init __tdx_bringup(void) for_each_possible_cpu(i) INIT_LIST_HEAD(&per_cpu(associated_tdvcpus, i)); + for (i = 0; i < ARRAY_SIZE(tdx_uret_msrs); i++) { + /* + * Check if MSRs (tdx_uret_msrs) can be saved/restored + * before returning to user space. + * + * this_cpu_ptr(user_return_msrs)->registered isn't checked + * because the registration is done at vcpu runtime by + * tdx_user_return_msr_update_cache(). + */ + tdx_uret_msrs[i].slot = kvm_find_user_return_msr(tdx_uret_msrs[i].msr); + if (tdx_uret_msrs[i].slot == -1) { + /* If any MSR isn't supported, it is a KVM bug */ + pr_err("MSR %x isn't included by kvm_find_user_return_msr\n", + tdx_uret_msrs[i].msr); + return -EIO; + } + } + /* * Enabling TDX requires enabling hardware virtualization first, * as making SEAMCALLs requires CPU being in post-VMXON state. From patchwork Thu Nov 21 20:14:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Hunter X-Patchwork-Id: 13882335 Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7DBF91DE3BB; Thu, 21 Nov 2024 20:15:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=192.198.163.18 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220150; cv=none; b=pZcgI4tTU7MJOu1gtUCabSVbtGZg4cOVxgrI1fZDxMay7cs7GTsuwhvOJLqRr/QXsVLkv6wNAuPAop1cuPkKb7wCssmI0Rt2VPqcvpdPdGM/FHrg6FcEVOzRVpYQ0CwfVasEvr5ky4hSHOUsntztCNvuQPtE9W2oIH8pNb4uRo0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1732220150; c=relaxed/simple; bh=RZvbXVGdZqP+GZ6zZdt9zxr03hnLUhvkUiPH4UxJI6k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=EErH0QpWUlCyLK6wK9bfyuirBRGUqF+KBqLdDX+ClJ/D7Wj9S7gU56TjYqGeMp/pmQtGAMEWwlcdrewad+KH8uWE3agAZwTgHyk26T0tlM1H45TU4Jk/6RRGA7uJu2Bs5VU9vhlk2V/eDH6S71SlElqlRfY1f7eAlo6SBBtLRc0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com; spf=pass smtp.mailfrom=intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=XNp8tE+r; arc=none smtp.client-ip=192.198.163.18 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=intel.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="XNp8tE+r" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732220149; x=1763756149; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=RZvbXVGdZqP+GZ6zZdt9zxr03hnLUhvkUiPH4UxJI6k=; b=XNp8tE+rZqUZyNEr6MSj8WbOPSTm9hfiZyivQKIZBBxduMubLsEQbvRl xr+9zmzQyI1ejfXTCenPiiWcM3lWVhuoHBuVBfCndN3yAS0zFZpX1+mRi pzRIqMsabceIU3aTmcaPl1VBepZd+r8zsYHS1zUVMHTJkZLOGk/KiGWN4 SGa+VHVZwNvWzY/V5RsjJ8i0hciRN1wQ1zpi/Bt523y3KaxYhJKKzD1g0 yUwD57ug2L8ovXf2Eft16jM6cUcMR+b76KsN/VQOozfp9EQFhM+8Yl59E GsIlGkX+l1jt1wTu39Slg7KRt7fHDEkPKrNrFDZ+w4BvscRIt22eKiFo8 g==; X-CSE-ConnectionGUID: osg1SZ3TTlCHLITWj2nVWg== X-CSE-MsgGUID: 5ljI2RHkSKaXfd9Py2uNkw== X-IronPort-AV: E=McAfee;i="6700,10204,11263"; a="31715944" X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="31715944" Received: from fmviesa007.fm.intel.com ([10.60.135.147]) by fmvoesa112.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:48 -0800 X-CSE-ConnectionGUID: +2hgsIzEQ8+EVK0QHd+4ig== X-CSE-MsgGUID: 4iFgIhKgTkKq6pJi44ogwQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,173,1728975600"; d="scan'208";a="90161127" Received: from ahunter6-mobl1.ger.corp.intel.com (HELO ahunter-VirtualBox.ger.corp.intel.com) ([10.246.16.81]) by fmviesa007-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Nov 2024 12:15:42 -0800 From: Adrian Hunter To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org, dave.hansen@linux.intel.com Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, binbin.wu@linux.intel.com, dmatlack@google.com, isaku.yamahata@intel.com, nik.borisov@suse.com, linux-kernel@vger.kernel.org, x86@kernel.org, yan.y.zhao@intel.com, chao.gao@intel.com, weijiang.yang@intel.com Subject: [PATCH 7/7] KVM: TDX: Add TSX_CTRL msr into uret_msrs list Date: Thu, 21 Nov 2024 22:14:46 +0200 Message-ID: <20241121201448.36170-8-adrian.hunter@intel.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20241121201448.36170-1-adrian.hunter@intel.com> References: <20241121201448.36170-1-adrian.hunter@intel.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Organization: Intel Finland Oy, Registered Address: PL 281, 00181 Helsinki, Business Identity Code: 0357606 - 4, Domiciled in Helsinki From: Yang Weijiang TDX module resets the TSX_CTRL MSR to 0 at TD exit if TSX is enabled for TD. Or it preserves the TSX_CTRL MSR if TSX is disabled for TD. VMM can rely on uret_msrs mechanism to defer the reload of host value until exiting to user space. Signed-off-by: Yang Weijiang Signed-off-by: Isaku Yamahata Signed-off-by: Adrian Hunter --- TD vcpu enter/exit v1: - Update from rename in earlier patches (Binbin) v19: - fix the type of tdx_uret_tsx_ctrl_slot. unguent int => int. --- arch/x86/kvm/vmx/tdx.c | 33 +++++++++++++++++++++++++++++++-- arch/x86/kvm/vmx/tdx.h | 8 ++++++++ 2 files changed, 39 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c index 4a33ca54c8ba..2c7b6308da73 100644 --- a/arch/x86/kvm/vmx/tdx.c +++ b/arch/x86/kvm/vmx/tdx.c @@ -722,14 +722,21 @@ static struct tdx_uret_msr tdx_uret_msrs[] = { {.msr = MSR_LSTAR,}, {.msr = MSR_TSC_AUX,}, }; +static int tdx_uret_tsx_ctrl_slot; -static void tdx_user_return_msr_update_cache(void) +static void tdx_user_return_msr_update_cache(struct kvm_vcpu *vcpu) { int i; for (i = 0; i < ARRAY_SIZE(tdx_uret_msrs); i++) kvm_user_return_msr_update_cache(tdx_uret_msrs[i].slot, tdx_uret_msrs[i].defval); + /* + * TSX_CTRL is reset to 0 if guest TSX is supported. Otherwise + * preserved. + */ + if (to_kvm_tdx(vcpu->kvm)->tsx_supported && tdx_uret_tsx_ctrl_slot != -1) + kvm_user_return_msr_update_cache(tdx_uret_tsx_ctrl_slot, 0); } static void tdx_restore_host_xsave_state(struct kvm_vcpu *vcpu) @@ -817,7 +824,7 @@ fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) tdx_vcpu_enter_exit(vcpu); - tdx_user_return_msr_update_cache(); + tdx_user_return_msr_update_cache(vcpu); tdx_restore_host_xsave_state(vcpu); tdx->host_state_need_restore = true; @@ -1258,6 +1265,22 @@ static int setup_tdparams_cpuids(struct kvm_cpuid2 *cpuid, return 0; } +static bool tdparams_tsx_supported(struct kvm_cpuid2 *cpuid) +{ + const struct kvm_cpuid_entry2 *entry; + u64 mask; + u32 ebx; + + entry = kvm_find_cpuid_entry2(cpuid->entries, cpuid->nent, 0x7, 0); + if (entry) + ebx = entry->ebx; + else + ebx = 0; + + mask = __feature_bit(X86_FEATURE_HLE) | __feature_bit(X86_FEATURE_RTM); + return ebx & mask; +} + static int setup_tdparams(struct kvm *kvm, struct td_params *td_params, struct kvm_tdx_init_vm *init_vm) { @@ -1299,6 +1322,7 @@ static int setup_tdparams(struct kvm *kvm, struct td_params *td_params, MEMCPY_SAME_SIZE(td_params->mrowner, init_vm->mrowner); MEMCPY_SAME_SIZE(td_params->mrownerconfig, init_vm->mrownerconfig); + to_kvm_tdx(kvm)->tsx_supported = tdparams_tsx_supported(cpuid); return 0; } @@ -2272,6 +2296,11 @@ static int __init __tdx_bringup(void) return -EIO; } } + tdx_uret_tsx_ctrl_slot = kvm_find_user_return_msr(MSR_IA32_TSX_CTRL); + if (tdx_uret_tsx_ctrl_slot == -1 && boot_cpu_has(X86_FEATURE_MSR_TSX_CTRL)) { + pr_err("MSR_IA32_TSX_CTRL isn't included by kvm_find_user_return_msr\n"); + return -EIO; + } /* * Enabling TDX requires enabling hardware virtualization first, diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h index 48cf0a1abfcc..815ff6bdbc7e 100644 --- a/arch/x86/kvm/vmx/tdx.h +++ b/arch/x86/kvm/vmx/tdx.h @@ -29,6 +29,14 @@ struct kvm_tdx { u8 nr_tdcs_pages; u8 nr_vcpu_tdcx_pages; + /* + * Used on each TD-exit, see tdx_user_return_msr_update_cache(). + * TSX_CTRL value on TD exit + * - set 0 if guest TSX enabled + * - preserved if guest TSX disabled + */ + bool tsx_supported; + u64 tsc_offset; enum kvm_tdx_state state;