From: Sean Christopherson <seanjc@google.com>
To: isaku.yamahata@intel.com
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
isaku.yamahata@gmail.com, Paolo Bonzini <pbonzini@redhat.com>,
erdemaktas@google.com, Sagi Shahar <sagis@google.com>,
David Matlack <dmatlack@google.com>,
Kai Huang <kai.huang@intel.com>,
Zhi Wang <zhi.wang.linux@gmail.com>,
chen.bo@intel.com, hang.yuan@intel.com, tina.zhang@intel.com
Subject: Re: [PATCH v17 092/116] KVM: TDX: Handle TDX PV HLT hypercall
Date: Fri, 5 Jan 2024 15:05:12 -0800 [thread overview]
Message-ID: <ZZiLKKobVcmvrPmb@google.com> (raw)
In-Reply-To: <7ca4b7af33646e3f5693472b4394ba0179b550e1.1699368322.git.isaku.yamahata@intel.com>
On Tue, Nov 07, 2023, isaku.yamahata@intel.com wrote:
> From: Isaku Yamahata <isaku.yamahata@intel.com>
>
> Wire up TDX PV HLT hypercall to the KVM backend function.
>
> Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
> ---
> arch/x86/kvm/vmx/tdx.c | 42 +++++++++++++++++++++++++++++++++++++++++-
> arch/x86/kvm/vmx/tdx.h | 3 +++
> 2 files changed, 44 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 3a1fe74b95c3..4e48989d364f 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -662,7 +662,32 @@ void tdx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
>
> bool tdx_protected_apic_has_interrupt(struct kvm_vcpu *vcpu)
> {
> - return pi_has_pending_interrupt(vcpu);
> + bool ret = pi_has_pending_interrupt(vcpu);
> + struct vcpu_tdx *tdx = to_tdx(vcpu);
> +
> + if (ret || vcpu->arch.mp_state != KVM_MP_STATE_HALTED)
> + return true;
> +
> + if (tdx->interrupt_disabled_hlt)
> + return false;
> +
> + /*
> + * This is for the case where the virtual interrupt is recognized,
> + * i.e. set in vmcs.RVI, between the STI and "HLT". KVM doesn't have
> + * access to RVI and the interrupt is no longer in the PID (because it
> + * was "recognized". It doesn't get delivered in the guest because the
> + * TDCALL completes before interrupts are enabled.
> + *
> + * TDX modules sets RVI while in an STI interrupt shadow.
> + * - TDExit(typically TDG.VP.VMCALL<HLT>) from the guest to TDX module.
> + * The interrupt shadow at this point is gone.
> + * - It knows that there is an interrupt that can be delivered
> + * (RVI > PPR && EFLAGS.IF=1, the other conditions of 29.2.2 don't
> + * matter)
> + * - It forwards the TDExit nevertheless, to a clueless hypervisor that
> + * has no way to glean either RVI or PPR.
WTF. Seriously, what in the absolute hell is going on. I reported this internally
four ***YEARS*** ago. This is not some obscure theoretical edge case, this is core
functionality and it's completely broken garbage.
NAK. Hard NAK. Fix the TDX module, full stop.
Even worse, TDX 1.5 apparently _already_ has the necessary logic for dealing with
interrupts that are pending in RVI when handling NESTED VM-Enter. Really!?!?!
Y'all went and added nested virtualization support of some kind, but can't find
the time to get the basics right?
next prev parent reply other threads:[~2024-01-05 23:05 UTC|newest]
Thread overview: 154+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-07 14:55 [PATCH v17 000/116] KVM TDX basic feature support isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 001/116] KVM: VMX: Move out vmx_x86_ops to 'main.c' to wrap VMX and TDX isaku.yamahata
2023-12-05 0:48 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 002/116] KVM: x86/vmx: initialize loaded_vmcss_on_cpu in vmx_hardware_setup() isaku.yamahata
2023-12-05 6:02 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 003/116] KVM: x86/vmx: Refactor KVM VMX module init/exit functions isaku.yamahata
2023-12-05 7:42 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 004/116] KVM: VMX: Reorder vmx initialization with kvm vendor initialization isaku.yamahata
2023-12-04 8:25 ` Chao Gao
2023-12-05 7:55 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 005/116] KVM: TDX: Initialize the TDX module when loading the KVM intel kernel module isaku.yamahata
2023-12-05 9:40 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 006/116] KVM: TDX: Add placeholders for TDX VM/vcpu structure isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 007/116] KVM: TDX: Make TDX VM type supported isaku.yamahata
2023-12-14 23:22 ` Sagi Shahar
2023-11-07 14:55 ` [PATCH v17 008/116] [MARKER] The start of TDX KVM patch series: TDX architectural definitions isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 009/116] KVM: TDX: Define " isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 010/116] KVM: TDX: Add TDX "architectural" error codes isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 011/116] KVM: TDX: Add C wrapper functions for SEAMCALLs to the TDX module isaku.yamahata
2023-12-06 5:17 ` Binbin Wu
2023-12-19 10:39 ` Huang, Kai
2023-11-07 14:55 ` [PATCH v17 012/116] KVM: TDX: Retry SEAMCALL on the lack of entropy error isaku.yamahata
2023-12-06 5:32 ` Binbin Wu
2023-12-19 10:41 ` Huang, Kai
2023-11-07 14:55 ` [PATCH v17 013/116] KVM: TDX: Add helper functions to print TDX SEAMCALL error isaku.yamahata
2023-12-06 6:47 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 014/116] [MARKER] The start of TDX KVM patch series: TD VM creation/destruction isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 015/116] x86/cpu: Add helper functions to allocate/free TDX private host key id isaku.yamahata
2023-11-15 7:35 ` Chenyi Qiang
2023-11-17 0:02 ` Isaku Yamahata
2023-11-07 14:55 ` [PATCH v17 016/116] x86/virt/tdx: Add a helper function to return system wide info about TDX module isaku.yamahata
2023-12-06 7:40 ` Binbin Wu
2023-12-11 22:38 ` Huang, Kai
2023-11-07 14:55 ` [PATCH v17 017/116] KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 018/116] KVM: TDX: x86: Add ioctl to get TDX systemwide parameters isaku.yamahata
2023-12-06 8:43 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 019/116] KVM: x86, tdx: Make KVM_CAP_MAX_VCPUS backend specific isaku.yamahata
2023-12-11 9:22 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 020/116] KVM: TDX: create/destroy VM structure isaku.yamahata
2023-11-19 6:30 ` Binbin Wu
2023-11-21 19:15 ` Isaku Yamahata
2023-12-12 14:19 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 021/116] KVM: TDX: initialize VM with TDX specific parameters isaku.yamahata
2023-12-13 6:29 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 022/116] KVM: TDX: Make pmu_intel.c ignore guest TD case isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 023/116] KVM: TDX: Refuse to unplug the last cpu on the package isaku.yamahata
2023-12-13 8:02 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 024/116] [MARKER] The start of TDX KVM patch series: TD vcpu creation/destruction isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 025/116] KVM: TDX: allocate/free TDX vcpu structure isaku.yamahata
2023-12-13 8:29 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 026/116] KVM: TDX: Do TDX specific vcpu initialization isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 027/116] [MARKER] The start of TDX KVM patch series: KVM MMU GPA shared bits isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 028/116] KVM: x86/mmu: introduce config for PRIVATE KVM MMU isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 029/116] KVM: x86/mmu: Add address conversion functions for TDX shared bit of GPA isaku.yamahata
2023-12-13 9:04 ` Binbin Wu
2023-11-07 14:55 ` [PATCH v17 030/116] [MARKER] The start of TDX KVM patch series: KVM TDP refactoring for TDX isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 031/116] KVM: Allow page-sized MMU caches to be initialized with custom 64-bit values isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 032/116] KVM: x86/mmu: Replace hardcoded value 0 for the initial value for SPTE isaku.yamahata
2023-11-07 14:55 ` [PATCH v17 033/116] KVM: x86/mmu: Allow non-zero value for non-present SPTE and removed SPTE isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 034/116] KVM: x86/mmu: Add Suppress VE bit to shadow_mmio_mask/shadow_present_mask isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 035/116] KVM: x86/mmu: Track shadow MMIO value on a per-VM basis isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 036/116] KVM: x86/mmu: Disallow fast page fault on private GPA isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 037/116] KVM: x86/mmu: Allow per-VM override of the TDP max page level isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 038/116] KVM: VMX: Introduce test mode related to EPT violation VE isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 039/116] [MARKER] The start of TDX KVM patch series: KVM TDP MMU hooks isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 040/116] KVM: x86/mmu: Assume guest MMIOs are shared isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 041/116] KVM: x86/tdp_mmu: Init role member of struct kvm_mmu_page at allocation isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 042/116] KVM: x86/mmu: Add a new is_private member for union kvm_mmu_page_role isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 043/116] KVM: x86/mmu: Add a private pointer to struct kvm_mmu_page isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 044/116] KVM: x86/tdp_mmu: Don't zap private pages for unsupported cases isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 045/116] KVM: x86/tdp_mmu: Sprinkle __must_check isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 046/116] KVM: x86/tdp_mmu: Support TDX private mapping for TDP MMU isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 047/116] [MARKER] The start of TDX KVM patch series: TDX EPT violation isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 048/116] KVM: x86/mmu: TDX: Do not enable page track for TD guest isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 049/116] KVM: VMX: Split out guts of EPT violation to common/exposed function isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 050/116] KVM: VMX: Move setting of EPT MMU masks to common VT-x code isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 051/116] KVM: TDX: Add accessors VMX VMCS helpers isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 052/116] KVM: TDX: Add load_mmu_pgd method for TDX isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 053/116] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 054/116] KVM: TDX: Require TDP MMU and mmio caching for TDX isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 055/116] KVM: TDX: TDP MMU TDX support isaku.yamahata
2024-01-30 8:05 ` Yuan Yao
2023-11-07 14:56 ` [PATCH v17 056/116] KVM: TDX: MTRR: implement get_mt_mask() for TDX isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 057/116] [MARKER] The start of TDX KVM patch series: TD finalization isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 058/116] KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 059/116] KVM: TDX: Create initial guest memory isaku.yamahata
2023-11-16 6:35 ` Binbin Wu
2023-11-17 0:04 ` Isaku Yamahata
2023-11-17 5:25 ` Binbin Wu
2023-11-07 14:56 ` [PATCH v17 060/116] KVM: TDX: Finalize VM initialization isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 061/116] [MARKER] The start of TDX KVM patch series: TD vcpu enter/exit isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 062/116] KVM: TDX: Implement TDX vcpu enter/exit path isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 063/116] KVM: TDX: vcpu_run: save/restore host state(host kernel gs) isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 064/116] KVM: TDX: restore host xsave state when exit from the guest TD isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 065/116] KVM: x86: Allow to update cached values in kvm_user_return_msrs w/o wrmsr isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 066/116] KVM: TDX: restore user ret MSRs isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 067/116] KVM: TDX: Add TSX_CTRL msr into uret_msrs list isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 068/116] [MARKER] The start of TDX KVM patch series: TD vcpu exits/interrupts/hypercalls isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 069/116] KVM: TDX: complete interrupts after tdexit isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 070/116] KVM: TDX: restore debug store when TD exit isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 071/116] KVM: TDX: handle vcpu migration over logical processor isaku.yamahata
2023-11-15 6:49 ` Yuan Yao
2023-11-17 8:08 ` Isaku Yamahata
2023-11-07 14:56 ` [PATCH v17 072/116] KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched behavior isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 073/116] KVM: TDX: Add support for find pending IRQ in a protected local APIC isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 074/116] KVM: x86: Assume timer IRQ was injected if APIC state is proteced isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 075/116] KVM: TDX: remove use of struct vcpu_vmx from posted_interrupt.c isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 076/116] KVM: TDX: Implement interrupt injection isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 077/116] KVM: TDX: Implements vcpu request_immediate_exit isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 078/116] KVM: TDX: Implement methods to inject NMI isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 079/116] KVM: VMX: Modify NMI and INTR handlers to take intr_info as function argument isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 080/116] KVM: VMX: Move NMI/exception handler to common helper isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 081/116] KVM: x86: Split core of hypercall emulation to helper function isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 082/116] KVM: TDX: Add a place holder to handle TDX VM exit isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 083/116] KVM: TDX: Handle vmentry failure for INTEL TD guest isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 084/116] KVM: TDX: handle EXIT_REASON_OTHER_SMI isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 085/116] KVM: TDX: handle ept violation/misconfig exit isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 086/116] KVM: TDX: handle EXCEPTION_NMI and EXTERNAL_INTERRUPT isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 087/116] KVM: TDX: Handle EXIT_REASON_OTHER_SMI with MSMI isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 088/116] KVM: TDX: Add a place holder for handler of TDX hypercalls (TDG.VP.VMCALL) isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 089/116] KVM: TDX: handle KVM hypercall with TDG.VP.VMCALL isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 090/116] KVM: TDX: Add KVM Exit for TDX TDG.VP.VMCALL isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 091/116] KVM: TDX: Handle TDX PV CPUID hypercall isaku.yamahata
2023-11-07 14:56 ` [PATCH v17 092/116] KVM: TDX: Handle TDX PV HLT hypercall isaku.yamahata
2024-01-05 23:05 ` Sean Christopherson [this message]
2024-01-08 5:09 ` Chao Gao
2024-01-09 16:21 ` Sean Christopherson
2024-01-09 17:36 ` Isaku Yamahata
2023-11-07 14:56 ` [PATCH v17 093/116] KVM: TDX: Handle TDX PV port io hypercall isaku.yamahata
2023-12-09 0:26 ` Sagi Shahar
2023-11-07 14:57 ` [PATCH v17 094/116] KVM: TDX: Handle TDX PV MMIO hypercall isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 095/116] KVM: TDX: Implement callbacks for MSR operations for TDX isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 096/116] KVM: TDX: Handle TDX PV rdmsr/wrmsr hypercall isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 097/116] KVM: TDX: Handle MSR MTRRCap and MTRRDefType access isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 098/116] KVM: TDX: Handle MSR IA32_FEAT_CTL MSR and IA32_MCG_EXT_CTL isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 099/116] KVM: TDX: Handle TDG.VP.VMCALL<GetTdVmCallInfo> hypercall isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 100/116] KVM: TDX: Silently discard SMI request isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 101/116] KVM: TDX: Silently ignore INIT/SIPI isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 102/116] KVM: TDX: Add methods to ignore accesses to CPU state isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 103/116] KVM: TDX: Add methods to ignore guest instruction emulation isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 104/116] KVM: TDX: Add a method to ignore dirty logging isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 105/116] KVM: TDX: Add methods to ignore VMX preemption timer isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 106/116] KVM: TDX: Add methods to ignore accesses to TSC isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 107/116] KVM: TDX: Ignore setting up mce isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 108/116] KVM: TDX: Add a method to ignore for TDX to ignore hypercall patch isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 109/116] KVM: TDX: Add methods to ignore virtual apic related operation isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 110/116] KVM: TDX: Inhibit APICv for TDX guest isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 111/116] Documentation/virt/kvm: Document on Trust Domain Extensions(TDX) isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 112/116] KVM: x86: design documentation on TDX support of x86 KVM TDP MMU isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 113/116] KVM: TDX: Add hint TDX ioctl to release Secure-EPT isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 114/116] RFC: KVM: x86: Add x86 callback to check cpuid isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 115/116] RFC: KVM: x86, TDX: Add check for KVM_SET_CPUID2 isaku.yamahata
2023-11-07 14:57 ` [PATCH v17 116/116] [MARKER] the end of (the first phase of) TDX KVM patch series isaku.yamahata
2023-11-07 16:56 ` [PATCH v17 000/116] KVM TDX basic feature support Nikolay Borisov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZZiLKKobVcmvrPmb@google.com \
--to=seanjc@google.com \
--cc=chen.bo@intel.com \
--cc=dmatlack@google.com \
--cc=erdemaktas@google.com \
--cc=hang.yuan@intel.com \
--cc=isaku.yamahata@gmail.com \
--cc=isaku.yamahata@intel.com \
--cc=kai.huang@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=sagis@google.com \
--cc=tina.zhang@intel.com \
--cc=zhi.wang.linux@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).