From: Chao Gao <chao.gao@intel.com>
To: Adrian Hunter <adrian.hunter@intel.com>
Cc: <pbonzini@redhat.com>, <seanjc@google.com>, <kvm@vger.kernel.org>,
<dave.hansen@linux.intel.com>, <rick.p.edgecombe@intel.com>,
<kai.huang@intel.com>, <reinette.chatre@intel.com>,
<xiaoyao.li@intel.com>, <tony.lindgren@linux.intel.com>,
<binbin.wu@linux.intel.com>, <dmatlack@google.com>,
<isaku.yamahata@intel.com>, <nik.borisov@suse.com>,
<linux-kernel@vger.kernel.org>, <x86@kernel.org>,
<yan.y.zhao@intel.com>, <weijiang.yang@intel.com>
Subject: Re: [PATCH 4/7] KVM: TDX: restore host xsave state when exit from the guest TD
Date: Tue, 26 Nov 2024 10:20:09 +0800 [thread overview]
Message-ID: <Z0UwWT9bvmdOZiiq@intel.com> (raw)
In-Reply-To: <a42183ab-a25a-423e-9ef3-947abec20561@intel.com>
On Mon, Nov 25, 2024 at 01:10:37PM +0200, Adrian Hunter wrote:
>On 22/11/24 07:49, Chao Gao wrote:
>>> +static void tdx_restore_host_xsave_state(struct kvm_vcpu *vcpu)
>>> +{
>>> + struct kvm_tdx *kvm_tdx = to_kvm_tdx(vcpu->kvm);
>>> +
>>> + if (static_cpu_has(X86_FEATURE_XSAVE) &&
>>> + kvm_host.xcr0 != (kvm_tdx->xfam & kvm_caps.supported_xcr0))
>>> + xsetbv(XCR_XFEATURE_ENABLED_MASK, kvm_host.xcr0);
>>> + if (static_cpu_has(X86_FEATURE_XSAVES) &&
>>> + /* PT can be exposed to TD guest regardless of KVM's XSS support */
>>> + kvm_host.xss != (kvm_tdx->xfam &
>>> + (kvm_caps.supported_xss | XFEATURE_MASK_PT |
>>> + XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL)))
>>
>> Should we drop CET/PT from this series? I think they are worth a new
>> patch/series.
>
>This is not really about CET/PT
>
>What is happening here is that we are calculating the current
>MSR_IA32_XSS value based on the TDX Module spec which says the
>TDX Module sets MSR_IA32_XSS to the XSS bits from XFAM. The
>TDX Module does that literally, from TDX Module source code:
>
> #define XCR0_SUPERVISOR_BIT_MASK 0x0001FD00
>and
> ia32_wrmsr(IA32_XSS_MSR_ADDR, xfam & XCR0_SUPERVISOR_BIT_MASK);
>
>For KVM, rather than:
>
> kvm_tdx->xfam &
> (kvm_caps.supported_xss | XFEATURE_MASK_PT |
> XFEATURE_MASK_CET_USER | XFEATURE_MASK_CET_KERNEL)
>
>it would be more direct to define the bits and enforce them
>via tdx_get_supported_xfam() e.g.
>
>/*
> * Before returning from TDH.VP.ENTER, the TDX Module assigns:
> * XCR0 to the TD’s user-mode feature bits of XFAM (bits 7:0, 9)
> * IA32_XSS to the TD's supervisor-mode feature bits of XFAM (bits 8, 16:10)
> */
>#define TDX_XFAM_XCR0_MASK (GENMASK(7, 0) | BIT(9))
>#define TDX_XFAM_XSS_MASK (GENMASK(16, 10) | BIT(8))
>#define TDX_XFAM_MASK (TDX_XFAM_XCR0_MASK | TDX_XFAM_XSS_MASK)
>
>static u64 tdx_get_supported_xfam(const struct tdx_sys_info_td_conf *td_conf)
>{
> u64 val = kvm_caps.supported_xcr0 | kvm_caps.supported_xss;
>
> /* Ensure features are in the masks */
> val &= TDX_XFAM_MASK;
Before exposing a feature to TD VMs, both the TDX module and KVM must support
it. In other words, kvm_tdx->xfam & kvm_caps.supported_xss should yield the
same result as kvm_tdx->xfam & TDX_XFAM_XSS_MASK. So, to me, the current
approach and your new proposal are functionally identical.
I prefer checking against kvm_caps.supported_xss because we don't need to
update TDX_XFAM_XSS/XCR0_MASK when new user/supervisor xstate bits are added.
Note kvm_caps.supported_xss/xcr0 need to be updated for normal VMs anyway.
>
> if ((val & td_conf->xfam_fixed1) != td_conf->xfam_fixed1)
> return 0;
>
> val &= td_conf->xfam_fixed0;
>
> return val;
>}
>
>and then:
>
> if (static_cpu_has(X86_FEATURE_XSAVE) &&
> kvm_host.xcr0 != (kvm_tdx->xfam & TDX_XFAM_XCR0_MASK))
> xsetbv(XCR_XFEATURE_ENABLED_MASK, kvm_host.xcr0);
> if (static_cpu_has(X86_FEATURE_XSAVES) &&
> kvm_host.xss != (kvm_tdx->xfam & TDX_XFAM_XSS_MASK))
> wrmsrl(MSR_IA32_XSS, kvm_host.xss);
>
next prev parent reply other threads:[~2024-11-26 2:20 UTC|newest]
Thread overview: 82+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-21 20:14 [PATCH 0/7] KVM: TDX: TD vcpu enter/exit Adrian Hunter
2024-11-21 20:14 ` [PATCH RFC 1/7] x86/virt/tdx: Add SEAMCALL wrapper to enter/exit TDX guest Adrian Hunter
2024-11-22 11:10 ` Adrian Hunter
2024-11-22 16:33 ` Dave Hansen
2024-11-25 13:40 ` Adrian Hunter
2024-11-28 11:13 ` Adrian Hunter
2024-12-04 15:58 ` Adrian Hunter
2024-12-11 18:43 ` Adrian Hunter
2024-12-13 15:45 ` Adrian Hunter
2024-12-13 16:16 ` Dave Hansen
2024-12-13 16:30 ` Adrian Hunter
2024-12-13 16:44 ` Dave Hansen
2024-11-22 16:26 ` Dave Hansen
2024-11-22 17:29 ` Edgecombe, Rick P
2024-11-25 13:43 ` Adrian Hunter
2024-11-21 20:14 ` [PATCH 2/7] KVM: TDX: Implement TDX vcpu enter/exit path Adrian Hunter
2024-11-22 5:23 ` Xiaoyao Li
2024-11-22 5:56 ` Binbin Wu
2024-11-22 14:33 ` Adrian Hunter
2024-11-28 5:56 ` Yan Zhao
2024-11-28 6:26 ` Adrian Hunter
2024-11-21 20:14 ` [PATCH 3/7] KVM: TDX: vcpu_run: save/restore host state(host kernel gs) Adrian Hunter
2024-11-25 14:12 ` Nikolay Borisov
2024-11-26 16:15 ` Adrian Hunter
2024-11-21 20:14 ` [PATCH 4/7] KVM: TDX: restore host xsave state when exit from the guest TD Adrian Hunter
2024-11-22 5:49 ` Chao Gao
2024-11-25 11:10 ` Adrian Hunter
2024-11-26 2:20 ` Chao Gao [this message]
2024-11-28 6:50 ` Adrian Hunter
2024-12-02 2:52 ` Chao Gao
2024-12-02 6:36 ` Adrian Hunter
2024-12-17 16:09 ` Sean Christopherson
2024-12-20 15:22 ` Adrian Hunter
2024-12-20 16:22 ` Sean Christopherson
2024-12-20 21:24 ` PKEY syscall number for selftest? (was: [PATCH 4/7] KVM: TDX: restore host xsave state when exit from the guest TD) Sean Christopherson
2025-01-27 17:09 ` Sean Christopherson
2025-01-03 18:16 ` [PATCH 4/7] KVM: TDX: restore host xsave state when exit from the guest TD Adrian Hunter
2025-01-09 19:11 ` Sean Christopherson
2025-01-10 14:50 ` Adrian Hunter
2025-01-10 17:30 ` Sean Christopherson
2025-01-14 20:04 ` Adrian Hunter
2025-01-15 2:28 ` Sean Christopherson
2025-01-13 19:28 ` Adrian Hunter
2025-01-13 23:47 ` Sean Christopherson
2024-11-25 11:34 ` Adrian Hunter
2024-11-21 20:14 ` [PATCH 5/7] KVM: x86: Allow to update cached values in kvm_user_return_msrs w/o wrmsr Adrian Hunter
2024-11-21 20:14 ` [PATCH 6/7] KVM: TDX: restore user ret MSRs Adrian Hunter
2024-11-21 20:14 ` [PATCH 7/7] KVM: TDX: Add TSX_CTRL msr into uret_msrs list Adrian Hunter
2024-11-22 3:27 ` Chao Gao
2024-11-27 14:00 ` Sean Christopherson
2024-11-29 11:39 ` Adrian Hunter
2024-12-02 19:07 ` Sean Christopherson
2024-12-02 19:24 ` Edgecombe, Rick P
2024-12-03 0:34 ` Sean Christopherson
2024-12-03 17:34 ` Edgecombe, Rick P
2024-12-03 19:17 ` Adrian Hunter
2024-12-04 1:25 ` Chao Gao
2024-12-04 6:18 ` Adrian Hunter
2024-12-04 6:37 ` Chao Gao
2024-12-04 6:57 ` Adrian Hunter
2024-12-04 11:13 ` Chao Gao
2024-12-04 11:55 ` Adrian Hunter
2024-12-04 15:33 ` Xiaoyao Li
2024-12-04 23:51 ` Edgecombe, Rick P
2024-12-05 17:31 ` Adrian Hunter
2024-12-06 3:37 ` Xiaoyao Li
2024-12-06 14:40 ` Adrian Hunter
2024-12-09 2:46 ` Xiaoyao Li
2024-12-09 7:08 ` Adrian Hunter
2024-12-10 2:45 ` Xiaoyao Li
2024-12-04 23:40 ` Edgecombe, Rick P
2024-11-25 1:25 ` [PATCH 0/7] KVM: TDX: TD vcpu enter/exit Binbin Wu
2024-11-25 15:19 ` Sean Christopherson
2024-11-25 19:50 ` Huang, Kai
2024-11-25 22:51 ` Sean Christopherson
2024-11-26 1:43 ` Huang, Kai
2024-11-26 1:44 ` Binbin Wu
2024-11-26 3:52 ` Huang, Kai
2024-11-26 5:29 ` Binbin Wu
2024-11-26 5:37 ` Huang, Kai
2024-11-26 21:41 ` Sean Christopherson
2024-12-10 18:23 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z0UwWT9bvmdOZiiq@intel.com \
--to=chao.gao@intel.com \
--cc=adrian.hunter@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dmatlack@google.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nik.borisov@suse.com \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=seanjc@google.com \
--cc=tony.lindgren@linux.intel.com \
--cc=weijiang.yang@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.