From: Dave Hansen <dave.hansen@linux.intel.com>
To: torvalds@linux-foundation.org
Cc: kirill.shutemov@linux.intel.com, x86@kernel.org,
linux-kernel@vger.kernel.org,
Dave Hansen <dave.hansen@linux.intel.com>
Subject: [GIT PULL] x86/tdx for 6.3
Date: Tue, 21 Feb 2023 16:16:36 -0800 [thread overview]
Message-ID: <20230222001636.211793-1-dave.hansen@linux.intel.com> (raw)
Hi Linus,
Please pull some x86/tdx changes for 6.3. Other than a minor fixup,
the content here is to ensure that TDX guests never see virtualization
exceptions (#VE's) that might be induced by the untrusted VMM.
This is a highly desirable property. Without it, #VE exception
handling would fall somewhere between NMIs, machine checks and
total insanity. With it, #VE handling remains pretty mundane.
There is a conflict here with some cleanups which you already pulled
via tip:sched/core. I've appended a conflict resolution from Ingo
that he used when merging these all together in tip/master.
--
The following changes since commit 5dc4c995db9eb45f6373a956eb1f69460e69e6d4:
Linux 6.2-rc4 (2023-01-15 09:22:43 -0600)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_tdx_for_6.3
for you to fetch changes up to 1e70c680375aa33cca97bff0bca68c0f82f5023c:
x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (2023-02-02 16:31:25 -0800)
----------------------------------------------------------------
- Fixup comment typo
- Prevent unexpected #VE's from:
- Hosts removing perfectly good guest mappings (SEPT_VE_DISABLE
- Excessive #VE notifications (NOTIFY_ENABLES) which are
delivered via a #VE.
----------------------------------------------------------------
Kirill A. Shutemov (8):
x86/tdx: Fix typo in comment in __tdx_hypercall()
x86/tdx: Add more registers to struct tdx_hypercall_args
x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments
x86/tdx: Expand __tdx_hypercall() to handle more arguments
x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE
x86/tdx: Relax SEPT_VE_DISABLE check for debug TD
x86/tdx: Disable NOTIFY_ENABLES
x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall()
arch/x86/coco/tdx/tdcall.S | 83 ++++++++++++++++++++++++++++-----------
arch/x86/coco/tdx/tdx.c | 62 ++++++++++++++++++++++++++++-
arch/x86/include/asm/shared/tdx.h | 6 +++
arch/x86/kernel/asm-offsets.c | 6 +++
4 files changed, 131 insertions(+), 26 deletions(-)
--
Author: Ingo Molnar <mingo@kernel.org>
Date: Tue Feb 21 09:30:27 2023 +0100
Merge branch 'x86/tdx'
Conflicts:
arch/x86/coco/tdx/tdcall.S
Signed-off-by: Ingo Molnar <mingo@kernel.org>
diff --cc arch/x86/coco/tdx/tdcall.S
index ad0d51f03cb4,2bd436a4790d..6a255e6809bc
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@@ -27,12 -33,10 +33,12 @@@
* details can be found in TDX GHCI specification, section
* titled "TDCALL [TDG.VP.VMCALL] leaf".
*/
- #define TDVMCALL_EXPOSE_REGS_MASK ( TDX_R10 | TDX_R11 | \
- TDX_R12 | TDX_R13 | \
- TDX_R14 | TDX_R15 )
+ #define TDVMCALL_EXPOSE_REGS_MASK \
+ ( TDX_RDX | TDX_RBX | TDX_RSI | TDX_RDI | TDX_R8 | TDX_R9 | \
+ TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15 )
+.section .noinstr.text, "ax"
+
/*
* __tdx_module_call() - Used by TDX guests to request services from
* the TDX module (does not include VMM services) using TDCALL instruction.
@@@ -131,16 -156,21 +158,8 @@@ SYM_FUNC_START(__tdx_hypercall
/* Set TDCALL leaf ID (TDVMCALL (0)) in RAX */
xor %eax, %eax
- /* Copy hypercall registers from arg struct: */
- movq TDX_HYPERCALL_r10(%rdi), %r10
- movq TDX_HYPERCALL_r11(%rdi), %r11
- movq TDX_HYPERCALL_r12(%rdi), %r12
- movq TDX_HYPERCALL_r13(%rdi), %r13
- movq TDX_HYPERCALL_r14(%rdi), %r14
- movq TDX_HYPERCALL_r15(%rdi), %r15
-
movl $TDVMCALL_EXPOSE_REGS_MASK, %ecx
- /*
- * For the idle loop STI needs to be called directly before the TDCALL
- * that enters idle (EXIT_REASON_HLT case). STI instruction enables
- * interrupts only one instruction later. If there is a window between
- * STI and the instruction that emulates the HALT state, there is a
- * chance for interrupts to happen in this window, which can delay the
- * HLT operation indefinitely. Since this is the not the desired
- * result, conditionally call STI before TDCALL.
- */
- testq $TDX_HCALL_ISSUE_STI, 8(%rsp)
- jz .Lskip_sti
- sti
-.Lskip_sti:
tdcall
/*
next reply other threads:[~2023-02-22 0:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-22 0:16 Dave Hansen [this message]
2023-02-25 17:33 ` [GIT PULL] x86/tdx for 6.3 pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230222001636.211793-1-dave.hansen@linux.intel.com \
--to=dave.hansen@linux.intel.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.