linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Dave Hansen <dave.hansen@linux.intel.com>
To: torvalds@linux-foundation.org
Cc: kirill.shutemov@linux.intel.com, x86@kernel.org,
	linux-kernel@vger.kernel.org,
	Dave Hansen <dave.hansen@linux.intel.com>
Subject: [GIT PULL] x86/tdx for 6.3
Date: Tue, 21 Feb 2023 16:16:36 -0800	[thread overview]
Message-ID: <20230222001636.211793-1-dave.hansen@linux.intel.com> (raw)

Hi Linus,

Please pull some x86/tdx changes for 6.3.  Other than a minor fixup,
the content here is to ensure that TDX guests never see virtualization
exceptions (#VE's) that might be induced by the untrusted VMM.

This is a highly desirable property.  Without it, #VE exception
handling would fall somewhere between NMIs, machine checks and
total insanity.  With it, #VE handling remains pretty mundane.

There is a conflict here with some cleanups which you already pulled
via tip:sched/core.  I've appended a conflict resolution from Ingo
that he used when merging these all together in tip/master.

--

The following changes since commit 5dc4c995db9eb45f6373a956eb1f69460e69e6d4:

  Linux 6.2-rc4 (2023-01-15 09:22:43 -0600)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git tags/x86_tdx_for_6.3

for you to fetch changes up to 1e70c680375aa33cca97bff0bca68c0f82f5023c:

  x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (2023-02-02 16:31:25 -0800)

----------------------------------------------------------------
 - Fixup comment typo
 - Prevent unexpected #VE's from:
  - Hosts removing perfectly good guest mappings (SEPT_VE_DISABLE
  - Excessive #VE notifications (NOTIFY_ENABLES) which are
    delivered via a #VE.

----------------------------------------------------------------
Kirill A. Shutemov (8):
      x86/tdx: Fix typo in comment in __tdx_hypercall()
      x86/tdx: Add more registers to struct tdx_hypercall_args
      x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments
      x86/tdx: Expand __tdx_hypercall() to handle more arguments
      x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE
      x86/tdx: Relax SEPT_VE_DISABLE check for debug TD
      x86/tdx: Disable NOTIFY_ENABLES
      x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall()

 arch/x86/coco/tdx/tdcall.S        | 83 ++++++++++++++++++++++++++++-----------
 arch/x86/coco/tdx/tdx.c           | 62 ++++++++++++++++++++++++++++-
 arch/x86/include/asm/shared/tdx.h |  6 +++
 arch/x86/kernel/asm-offsets.c     |  6 +++
 4 files changed, 131 insertions(+), 26 deletions(-)
--

Author: Ingo Molnar <mingo@kernel.org>
Date:   Tue Feb 21 09:30:27 2023 +0100

    Merge branch 'x86/tdx'
    
    Conflicts:
            arch/x86/coco/tdx/tdcall.S
    
    Signed-off-by: Ingo Molnar <mingo@kernel.org>

diff --cc arch/x86/coco/tdx/tdcall.S
index ad0d51f03cb4,2bd436a4790d..6a255e6809bc
--- a/arch/x86/coco/tdx/tdcall.S
+++ b/arch/x86/coco/tdx/tdcall.S
@@@ -27,12 -33,10 +33,12 @@@
   * details can be found in TDX GHCI specification, section
   * titled "TDCALL [TDG.VP.VMCALL] leaf".
   */
- #define TDVMCALL_EXPOSE_REGS_MASK	( TDX_R10 | TDX_R11 | \
- 					  TDX_R12 | TDX_R13 | \
- 					  TDX_R14 | TDX_R15 )
+ #define TDVMCALL_EXPOSE_REGS_MASK	\
+ 	( TDX_RDX | TDX_RBX | TDX_RSI | TDX_RDI | TDX_R8  | TDX_R9  | \
+ 	  TDX_R10 | TDX_R11 | TDX_R12 | TDX_R13 | TDX_R14 | TDX_R15 )
  
 +.section .noinstr.text, "ax"
 +
  /*
   * __tdx_module_call()  - Used by TDX guests to request services from
   * the TDX module (does not include VMM services) using TDCALL instruction.
@@@ -131,16 -156,21 +158,8 @@@ SYM_FUNC_START(__tdx_hypercall
  	/* Set TDCALL leaf ID (TDVMCALL (0)) in RAX */
  	xor %eax, %eax
  
- 	/* Copy hypercall registers from arg struct: */
- 	movq TDX_HYPERCALL_r10(%rdi), %r10
- 	movq TDX_HYPERCALL_r11(%rdi), %r11
- 	movq TDX_HYPERCALL_r12(%rdi), %r12
- 	movq TDX_HYPERCALL_r13(%rdi), %r13
- 	movq TDX_HYPERCALL_r14(%rdi), %r14
- 	movq TDX_HYPERCALL_r15(%rdi), %r15
- 
  	movl $TDVMCALL_EXPOSE_REGS_MASK, %ecx
  
 -	/*
 -	 * For the idle loop STI needs to be called directly before the TDCALL
 -	 * that enters idle (EXIT_REASON_HLT case). STI instruction enables
 -	 * interrupts only one instruction later. If there is a window between
 -	 * STI and the instruction that emulates the HALT state, there is a
 -	 * chance for interrupts to happen in this window, which can delay the
 -	 * HLT operation indefinitely. Since this is the not the desired
 -	 * result, conditionally call STI before TDCALL.
 -	 */
 -	testq $TDX_HCALL_ISSUE_STI, 8(%rsp)
 -	jz .Lskip_sti
 -	sti
 -.Lskip_sti:
  	tdcall
  
  	/*

             reply	other threads:[~2023-02-22  0:17 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-22  0:16 Dave Hansen [this message]
2023-02-25 17:33 ` [GIT PULL] x86/tdx for 6.3 pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230222001636.211793-1-dave.hansen@linux.intel.com \
    --to=dave.hansen@linux.intel.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).