From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F171C6379F for ; Mon, 13 Feb 2023 22:39:20 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 27DCD6B0072; Mon, 13 Feb 2023 17:39:20 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 22DC96B0074; Mon, 13 Feb 2023 17:39:20 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0F64D280001; Mon, 13 Feb 2023 17:39:20 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id EFC666B0072 for ; Mon, 13 Feb 2023 17:39:19 -0500 (EST) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id B5D17407D4 for ; Mon, 13 Feb 2023 22:39:19 +0000 (UTC) X-FDA: 80463736038.11.1C6CDCD Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by imf23.hostedemail.com (Postfix) with ESMTP id D4E2E140009 for ; Mon, 13 Feb 2023 22:39:16 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Txc9yjNL; spf=pass (imf23.hostedemail.com: domain of dave.hansen@intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=dave.hansen@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1676327957; a=rsa-sha256; cv=none; b=BNLqo4lLxuQzWs/LorZLJcJV2W5Yjq7E/ZKgui2U9F2zPHfqcq3LsdVcyoqTxQdby8Ij9w 44Em7r4NUVxmYnFqJq+FY/5+qD8j60AcHVeRkm/6wO0NCM5HxVq3+tIeRcHLR5qHyqIgX8 0kF4x+PKfKHHUNpONA4u+FyrbLAjlnk= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Txc9yjNL; spf=pass (imf23.hostedemail.com: domain of dave.hansen@intel.com designates 192.55.52.43 as permitted sender) smtp.mailfrom=dave.hansen@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676327957; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=mGAyUxS9vr6zB/8HKeBi1W/igMFGs7sbc3MPxEK+VLA=; b=qMXjSdmVFxRKrCPwzCYvEjAc/AJgsKGjbbLTia0gFHorkYjK65R9YQxWL/VMLPtjpUqsJS 51/OaueM3vDevqAL1+5BJR0KJ+6LXR5yUgb79T8qt8qYxzKxNlaDqmvb+pvO+m86/ohTr2 lm+792398FHpFUAYD8PM7bQBEAwD+iQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1676327957; x=1707863957; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=EvXRq4WvvrIfSOly7lAH+tO1e/+pSngrKTNrFWJ8/SE=; b=Txc9yjNLB3qHguZEjExM/6DFcTScbv1XJ5iu7nCfW9Yu4E9PesLYUEMl Z44BnMFThhqQqh+Y4E928wKz5UeyWUC9zzvTwJjRoORLBn/8A0bFKASFP s7WYWXkiqyZHGXI1wfb5Wgt2Prg6hObuIcasB46YeRTp0cIMm1i8LP7Ru 3mHEMGnpR7P4YZRnNm8OllfIKRwmE9vIiVk1LAr6GQS09snH43uBX+VUu /tTUZXdhV4VBN9Lt9AWumJXcFq+ktn9mEGO+LmiHLw1uVyaU3nVxsgmhr RX3qRv+pN8NCVnUEUBk8pq+9vORSaQikd/x7ElTDnRkkl9esZegmOyaKh w==; X-IronPort-AV: E=McAfee;i="6500,9779,10620"; a="417235621" X-IronPort-AV: E=Sophos;i="5.97,294,1669104000"; d="scan'208";a="417235621" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Feb 2023 14:39:15 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10620"; a="732651966" X-IronPort-AV: E=Sophos;i="5.97,294,1669104000"; d="scan'208";a="732651966" Received: from mlswanso-mobl.amr.corp.intel.com (HELO [10.251.26.232]) ([10.251.26.232]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Feb 2023 14:39:12 -0800 Message-ID: <37d5736e-93b1-aed1-c21c-07fe1044f2d0@intel.com> Date: Mon, 13 Feb 2023 14:39:12 -0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1 Subject: Re: [PATCH v9 05/18] x86/virt/tdx: Add SEAMCALL infrastructure Content-Language: en-US To: Kai Huang , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, peterz@infradead.org, tglx@linutronix.de, seanjc@google.com, pbonzini@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, kirill.shutemov@linux.intel.com, ying.huang@intel.com, reinette.chatre@intel.com, len.brown@intel.com, tony.luck@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, david@redhat.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com References: From: Dave Hansen In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspam-User: X-Rspamd-Queue-Id: D4E2E140009 X-Rspamd-Server: rspam01 X-Stat-Signature: w3zckbppc7i6zwnqa3ix7zsuhowig4mk X-HE-Tag: 1676327956-489281 X-HE-Meta: U2FsdGVkX1+qFYf5KyBEuYy/9MoS9nS1DBb924frr0miyae3QI/qgI5eedXWEPwTxthVF9D67b6soHh6lPM2I0AGAwoby+6rmIgUmIB5BQQbJmZ0UdKXs5Zega/OSLa1yvILS5U8VKGm2Zuh0ObaIkE3ymg3tFrU2QsHj92vPmqcz0YOiHUGoAWK2wHQGAt3apUL9155EmTvpu0gMWpDD8KtR0FOhhAeW40QbLZ1f8KeEikjxN1hPAiPHetZXCnfxmyNIitBQWMAdNFvHYbc9Wuwg5P4nPk0AnaKRZhOFMLi06kNKdvmHIdqLJkmOxZg5xWtbVRJEy6t0C5Jr3y3NuEljDcgqun3kK/yHdeFG1wDYnwydaEkuxZpM5LrU1UXPA2oUxNMgiiwxBosUrTeooOYe3DfpnbSahOqv6dJQ6VpvfOkjSjVOn7A9EONqEObDr7Cs0Xv2R+DJw1VYikV4hQpwrEsLOgai+Nim3j5sGHXSJPz/9EBoZCEsS9mSWX7gT5vpc0OfGeOA7a3djJX4lAx0JQPJCfP5IOYCEpm1OWHvtRVn2eFdDHrHIcKMMJrbaq9TGaJ/p+fZLLbLJdR2UtLeLy73GyohK/h+U/+YcW1k4tCKuwVnQoG1tiJjUYGw5nhUCb4ilwgMMAZr5gkzZf6xjuXimtw5WSwpHJzQ1iCrALkYHk5K+aMBiSDWNgR3+LHoeR6OBZeztibuZwSy8UTK7OSLD0TArPOdQemk7yP3mb5uvgmrTQBtodiOJQByGlno3S39e9bVTkDriykv1MDiFtdjsaaEbas2sdPMOj5f9jnV/YilKlTLCIb4oAtYZK6q1vmyAZ4zaFJPCM8OQmYwVYjSGFTJqG/Uw22pppMAE6JECE9w5HOSQduUdjEQLibNiO5/qruFxidDd25HeLMs+J8yvhjZRpnpyLNf/UDp432ciOQCO/rKy2Z8dVktZDOVDjY1rBRl8C850u 5/G1uakU WkTqfWd2P43/6vcpvDvDz8kMkSiIM8H86eCuR7HMq10b8HewuV2URuhz7yCgggS1gzYCUdtFUdXkBRnUZTWKpKRfwH6Gah7VfhgYbKOX16Y2Jndd+DXP1UmdB9w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000005, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2/13/23 03:59, Kai Huang wrote: > SEAMCALL instruction causes #GP when TDX isn't BIOS enabled, and #UD > when CPU is not in VMX operation. The current TDX_MODULE_CALL macro > doesn't handle any of them. There's no way to check whether the CPU is > in VMX operation or not. Really? ... *REALLY*? Like, there's no possible way for the kernel to record whether it has executed VMXON or not? I think what you're saying here is that there's no architecturally visible flag that tells you whether in spot #1 or #2 in the following code: static int kvm_cpu_vmxon(u64 vmxon_pointer) { u64 msr; cr4_set_bits(X86_CR4_VMXE); // spot #1 asm_volatile_goto("1: vmxon %[vmxon_pointer]\n\t" _ASM_EXTABLE(1b, %l[fault]) : : [vmxon_pointer] "m"(vmxon_pointer) : : fault); // spot #2 That's _maybe_ technically correct (I don't know enough about VMX enabling to tell you). But, what I *DO* know is that it's nonsense to say that it's impossible in the *kernel* to tell whether we're on a CPU that's successfully executed VMXON or not. kvm_cpu_vmxon() has two paths through it: 1. Successfully executes VMXON and leaves with X86_CR4_VMXE=1 2. Fails VMXON and leaves with X86_CR4_VMXE=0 Guess what? CR4 is rather architecturally visible. From what I can tell, it's *ENTIRELY* plausible to assume that X86_CR4_VMXE==1 means that VMXON has been done. Even if that's wrong, it's only a cpumask and a cpumask_set() away from becoming plausible. Like so: static int kvm_cpu_vmxon(u64 vmxon_pointer) { u64 msr; cr4_set_bits(X86_CR4_VMXE); asm_volatile_goto("1: vmxon %[vmxon_pointer]\n\t" _ASM_EXTABLE(1b, %l[fault]) : : [vmxon_pointer] "m"(vmxon_pointer) : : fault); // set cpumask bit here return 0; fault: // clear cpu bit here cr4_clear_bits(X86_CR4_VMXE); return -EFAULT; } How many design decisions down the line in this series were predicated on the idea that: There's no way to check whether the CPU is in VMX operation or not. ?