[PATCH v2 0/2] x86/tdx: Port I/O emulation fixes

Linux kernel -stable discussions
 help / color / mirror / Atom feed

* [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes
@ 2026-04-28 12:56 Kiryl Shutsemau (Meta)
  2026-04-28 12:56 ` [PATCH v2 1/2] x86/tdx: Fix off-by-one in port I/O handling Kiryl Shutsemau (Meta)
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Kiryl Shutsemau (Meta) @ 2026-04-28 12:56 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86
  Cc: H . Peter Anvin, Rick Edgecombe, Kuppuswamy Sathyanarayanan,
	Kai Huang, Borys Tsyrulnikov, linux-kernel, linux-coco, kvm,
	stable, Kiryl Shutsemau (Meta)

This series addresses two technical inaccuracies in the TDX guest port
I/O emulation code reported by Borys Tsyrulnikov.

The first patch fixes an off-by-one error in the GENMASK() macro usage
where the mask was being calculated as one bit too wide (e.g. 9 bits for
an 8-bit operation).

The second patch ensures that 32-bit port I/O operations (INL) correctly
zero-extend the result to the full 64-bit RAX register, as required by
the x86 architecture. Currently, the emulation preserves the upper 32
bits of RAX during such operations.

Both issues were introduced in the initial implementation of the runtime
hypercalls for port I/O.

v1: https://lore.kernel.org/all/20260331112430.71425-1-kas@kernel.org/

Changes in v2:
  - Rephrase the size check in handle_in() as "if (size == 4)" for
    readability (Kuppuswamy)
  - Add Link: to the bug report on both patches (Kuppuswamy)
  - Collect Reviewed-by tags (Kai Huang, Kuppuswamy Sathyanarayanan)
  - Rebase onto v7.1-rc1

Kiryl Shutsemau (Meta) (2):
  x86/tdx: Fix off-by-one in port I/O handling
  x86/tdx: Fix zero-extension for 32-bit port I/O

 arch/x86/coco/tdx/tdx.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

base-commit: 254f49634ee16a731174d2ae34bc50bd5f45e731
-- 
2.51.2

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH v2 1/2] x86/tdx: Fix off-by-one in port I/O handling
  2026-04-28 12:56 [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau (Meta)
@ 2026-04-28 12:56 ` Kiryl Shutsemau (Meta)
  2026-04-28 12:56 ` [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O Kiryl Shutsemau (Meta)
  2026-05-08 22:52 ` [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau
  2 siblings, 0 replies; 8+ messages in thread
From: Kiryl Shutsemau (Meta) @ 2026-04-28 12:56 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86
  Cc: H . Peter Anvin, Rick Edgecombe, Kuppuswamy Sathyanarayanan,
	Kai Huang, Borys Tsyrulnikov, linux-kernel, linux-coco, kvm,
	stable, Kiryl Shutsemau (Meta)

handle_in() and handle_out() in arch/x86/coco/tdx/tdx.c use:

    u64 mask = GENMASK(BITS_PER_BYTE * size, 0);

GENMASK(h, l) includes bit h. For size=1 (INB), this produces
GENMASK(8, 0) = 0x1FF (9 bits) instead of GENMASK(7, 0) = 0xFF (8
bits). The mask is one bit too wide for all I/O sizes.

Fix the mask calculation.

Fixes: 03149948832a ("x86/tdx: Port I/O: Add runtime hypercalls")
Reported-by: Borys Tsyrulnikov <tsyrulnikov.borys@gmail.com>
Link: https://lore.kernel.org/all/CAKw_Dz96rfSQc6Rn+9QBcUFHhmkK+9zu+P=bxowfZwxrATCBRg@mail.gmail.com/
Signed-off-by: Kiryl Shutsemau (Meta) <kas@kernel.org>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Cc: stable@vger.kernel.org
---
 arch/x86/coco/tdx/tdx.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 186915a17c50..65119362f9a2 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -693,7 +693,7 @@ static bool handle_in(struct pt_regs *regs, int size, int port)
 		.r13 = PORT_READ,
 		.r14 = port,
 	};
-	u64 mask = GENMASK(BITS_PER_BYTE * size, 0);
+	u64 mask = GENMASK(BITS_PER_BYTE * size - 1, 0);
 	bool success;
 
 	/*
@@ -713,7 +713,7 @@ static bool handle_in(struct pt_regs *regs, int size, int port)
 
 static bool handle_out(struct pt_regs *regs, int size, int port)
 {
-	u64 mask = GENMASK(BITS_PER_BYTE * size, 0);
+	u64 mask = GENMASK(BITS_PER_BYTE * size - 1, 0);
 
 	/*
 	 * Emulate the I/O write via hypercall. More info about ABI can be found
-- 
2.51.2


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O
  2026-04-28 12:56 [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau (Meta)
  2026-04-28 12:56 ` [PATCH v2 1/2] x86/tdx: Fix off-by-one in port I/O handling Kiryl Shutsemau (Meta)
@ 2026-04-28 12:56 ` Kiryl Shutsemau (Meta)
  2026-05-13  1:14   ` Dave Hansen
  2026-05-08 22:52 ` [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau
  2 siblings, 1 reply; 8+ messages in thread
From: Kiryl Shutsemau (Meta) @ 2026-04-28 12:56 UTC (permalink / raw)
  To: Thomas Gleixner, Ingo Molnar, Borislav Petkov, Dave Hansen, x86
  Cc: H . Peter Anvin, Rick Edgecombe, Kuppuswamy Sathyanarayanan,
	Kai Huang, Borys Tsyrulnikov, linux-kernel, linux-coco, kvm,
	stable, Kiryl Shutsemau (Meta)

According to x86 architecture rules, 32-bit operations zero-extend the
result to 64 bits. The current implementation of handle_in() only masks
the lower 32 bits, which preserves the upper 32 bits of RAX when a
32-bit port IN instruction is emulated.

Update handle_in() to zero out the entire RAX register when the I/O size
is 4 bytes to ensure correct zero-extension. For smaller sizes (1 or 2
bytes), continue to preserve the unaffected upper bits.

Fixes: 03149948832a ("x86/tdx: Port I/O: Add runtime hypercalls")
Reported-by: Borys Tsyrulnikov <tsyrulnikov.borys@gmail.com>
Link: https://lore.kernel.org/all/CAKw_Dz96rfSQc6Rn+9QBcUFHhmkK+9zu+P=bxowfZwxrATCBRg@mail.gmail.com/
Signed-off-by: Kiryl Shutsemau (Meta) <kas@kernel.org>
Reviewed-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Cc: stable@vger.kernel.org
---
 arch/x86/coco/tdx/tdx.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c
index 65119362f9a2..e09636564237 100644
--- a/arch/x86/coco/tdx/tdx.c
+++ b/arch/x86/coco/tdx/tdx.c
@@ -703,8 +703,17 @@ static bool handle_in(struct pt_regs *regs, int size, int port)
 	 */
 	success = !__tdx_hypercall(&args);
 
-	/* Update part of the register affected by the emulated instruction */
-	regs->ax &= ~mask;
+	/*
+	 * Update part of the register affected by the emulated instruction.
+	 *
+	 * 32-bit operands generate a 32-bit result, zero-extended to a 64-bit
+	 * result.
+	 */
+	if (size == 4)
+		regs->ax = 0;
+	else
+		regs->ax &= ~mask;
+
 	if (success)
 		regs->ax |= args.r11 & mask;
 
-- 
2.51.2


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O
  2026-04-28 12:56 ` [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O Kiryl Shutsemau (Meta)
@ 2026-05-13  1:14   ` Dave Hansen
  2026-05-13  2:32     ` H. Peter Anvin
  0 siblings, 1 reply; 8+ messages in thread
From: Dave Hansen @ 2026-05-13  1:14 UTC (permalink / raw)
  To: Kiryl Shutsemau (Meta), Thomas Gleixner, Ingo Molnar,
	Borislav Petkov, Dave Hansen, x86
  Cc: H . Peter Anvin, Rick Edgecombe, Kuppuswamy Sathyanarayanan,
	Kai Huang, Borys Tsyrulnikov, linux-kernel, linux-coco, kvm,
	stable

On 4/28/26 05:56, Kiryl Shutsemau (Meta) wrote:
> +	if (size == 4)
> +		regs->ax = 0;
> +	else
> +		regs->ax &= ~mask;

I haven't thought about this _that_ much, but this feels wrong. Why is
is 4 so special cased?

Also, what _are_ the limits on the registers that 'in' can be used on?

RAX - n/a, no 64-bit I/O
EAX - size=4
AX  - size=2
AH  - n/a no encoding for inb
AL  - size=1

I'd find this much easier to grasp if there was a nice table of what the
registers, sizes, and masks ended up being usable. As usual, x86 is
"fun" here.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O
  2026-05-13  1:14   ` Dave Hansen
@ 2026-05-13  2:32     ` H. Peter Anvin
  2026-05-13 12:48       ` Sean Christopherson
  0 siblings, 1 reply; 8+ messages in thread
From: H. Peter Anvin @ 2026-05-13  2:32 UTC (permalink / raw)
  To: Dave Hansen, Kiryl Shutsemau (Meta), Thomas Gleixner, Ingo Molnar,
	Borislav Petkov, Dave Hansen, x86
  Cc: Rick Edgecombe, Kuppuswamy Sathyanarayanan, Kai Huang,
	Borys Tsyrulnikov, linux-kernel, linux-coco, kvm, stable

On May 12, 2026 6:14:13 PM PDT, Dave Hansen <dave.hansen@intel.com> wrote:
>On 4/28/26 05:56, Kiryl Shutsemau (Meta) wrote:
>> +	if (size == 4)
>> +		regs->ax = 0;
>> +	else
>> +		regs->ax &= ~mask;
>
>I haven't thought about this _that_ much, but this feels wrong. Why is
>is 4 so special cased?
>
>Also, what _are_ the limits on the registers that 'in' can be used on?
>
>RAX - n/a, no 64-bit I/O
>EAX - size=4
>AX  - size=2
>AH  - n/a no encoding for inb
>AL  - size=1
>
>I'd find this much easier to grasp if there was a nice table of what the
>registers, sizes, and masks ended up being usable. As usual, x86 is
>"fun" here.

Because zero extension only applies to dwords.

x86-64 has three subregisters per GPR:

Bits 7-0
Bits 15-8
Bits 63-16

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O
  2026-05-13  2:32     ` H. Peter Anvin
@ 2026-05-13 12:48       ` Sean Christopherson
  0 siblings, 0 replies; 8+ messages in thread
From: Sean Christopherson @ 2026-05-13 12:48 UTC (permalink / raw)
  To: H. Peter Anvin
  Cc: Dave Hansen, Kiryl Shutsemau (Meta), Thomas Gleixner, Ingo Molnar,
	Borislav Petkov, Dave Hansen, x86, Rick Edgecombe,
	Kuppuswamy Sathyanarayanan, Kai Huang, Borys Tsyrulnikov,
	linux-kernel, linux-coco, kvm, stable

On Tue, May 12, 2026, H. Peter Anvin wrote:
> On May 12, 2026 6:14:13 PM PDT, Dave Hansen <dave.hansen@intel.com> wrote:
> >On 4/28/26 05:56, Kiryl Shutsemau (Meta) wrote:
> >> +	if (size == 4)
> >> +		regs->ax = 0;
> >> +	else
> >> +		regs->ax &= ~mask;
> >
> >I haven't thought about this _that_ much, but this feels wrong. Why is
> >is 4 so special cased?
> >
> >Also, what _are_ the limits on the registers that 'in' can be used on?
> >
> >RAX - n/a, no 64-bit I/O
> >EAX - size=4
> >AX  - size=2
> >AH  - n/a no encoding for inb
> >AL  - size=1
> >
> >I'd find this much easier to grasp if there was a nice table of what the
> >registers, sizes, and masks ended up being usable. As usual, x86 is
> >"fun" here.
> 
> Because zero extension only applies to dwords.
> 
> x86-64 has three subregisters per GPR:

Aren't there four?  The fourth being 31:0, which is the one that is zero-extended
and so "clobbers" 63:32.

> Bits 7-0
> Bits 15-8
> Bits 63-16

I assume you mean 15:0?  63:16 isn't addressable.  And these are the ones that
aren't zero-extended, i.e. don't "clobber" other bits.

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes
  2026-04-28 12:56 [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau (Meta)
  2026-04-28 12:56 ` [PATCH v2 1/2] x86/tdx: Fix off-by-one in port I/O handling Kiryl Shutsemau (Meta)
  2026-04-28 12:56 ` [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O Kiryl Shutsemau (Meta)
@ 2026-05-08 22:52 ` Kiryl Shutsemau
  2026-05-08 22:53   ` Dave Hansen
  2 siblings, 1 reply; 8+ messages in thread
From: Kiryl Shutsemau @ 2026-05-08 22:52 UTC (permalink / raw)
  To: Dave Hansen
  Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86,
	H . Peter Anvin, Rick Edgecombe, Kuppuswamy Sathyanarayanan,
	Kai Huang, Borys Tsyrulnikov, linux-kernel, linux-coco, kvm,
	stable

On Tue, Apr 28, 2026 at 01:56:30PM +0100, Kiryl Shutsemau (Meta) wrote:
> Kiryl Shutsemau (Meta) (2):
>   x86/tdx: Fix off-by-one in port I/O handling
>   x86/tdx: Fix zero-extension for 32-bit port I/O

Dave, could get them applied?

-- 
  Kiryl Shutsemau / Kirill A. Shutemov

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes
  2026-05-08 22:52 ` [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau
@ 2026-05-08 22:53   ` Dave Hansen
  0 siblings, 0 replies; 8+ messages in thread
From: Dave Hansen @ 2026-05-08 22:53 UTC (permalink / raw)
  To: Kiryl Shutsemau, Dave Hansen
  Cc: Thomas Gleixner, Ingo Molnar, Borislav Petkov, x86,
	H . Peter Anvin, Rick Edgecombe, Kuppuswamy Sathyanarayanan,
	Kai Huang, Borys Tsyrulnikov, linux-kernel, linux-coco, kvm,
	stable

On 5/8/26 15:52, Kiryl Shutsemau wrote:
> On Tue, Apr 28, 2026 at 01:56:30PM +0100, Kiryl Shutsemau (Meta) wrote:
>> Kiryl Shutsemau (Meta) (2):
>>   x86/tdx: Fix off-by-one in port I/O handling
>>   x86/tdx: Fix zero-extension for 32-bit port I/O
> Dave, could get them applied?

I'll look on Monday. Thanks for the reminder.

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2026-05-13 12:48 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-28 12:56 [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau (Meta)
2026-04-28 12:56 ` [PATCH v2 1/2] x86/tdx: Fix off-by-one in port I/O handling Kiryl Shutsemau (Meta)
2026-04-28 12:56 ` [PATCH v2 2/2] x86/tdx: Fix zero-extension for 32-bit port I/O Kiryl Shutsemau (Meta)
2026-05-13  1:14   ` Dave Hansen
2026-05-13  2:32     ` H. Peter Anvin
2026-05-13 12:48       ` Sean Christopherson
2026-05-08 22:52 ` [PATCH v2 0/2] x86/tdx: Port I/O emulation fixes Kiryl Shutsemau
2026-05-08 22:53   ` Dave Hansen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox