[PATCH v6 11/11] x86/tdx: Handle CPUID via #VE

From: Kuppuswamy Sathyanarayanan
Date: Fri Sep 03 2021 - 13:29:03 EST

Next message: Mrs Chantel Hermans: "ATTENTION"
Previous message: Kuppuswamy Sathyanarayanan: "[PATCH v6 08/11] x86/tdx: Wire up KVM hypercalls"
In reply to: Kuppuswamy Sathyanarayanan: "[PATCH v6 08/11] x86/tdx: Wire up KVM hypercalls"
Next in thread: Dave Hansen: "Re: [PATCH v6 11/11] x86/tdx: Handle CPUID via #VE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: "Kirill A. Shutemov" <kirill.shutemov@xxxxxxxxxxxxxxx>

TDX has three classes of CPUID leaves: some CPUID leaves are always
handled by the CPU, others are handled by the TDX module, and some
others are handled by the VMM. Since the VMM cannot directly intercept
the instruction these are reflected with a #VE exception to the guest,
which then converts it into a hypercall to the VMM, or handled
directly.

The TDX module specification [1], sec 16.2 has a full list of CPUID
leaves which are handled natively or by the TDX module. Only unknown
CPUIDs are handled by the #VE method. In practice this typically only
applies to the hypervisor-specific CPUIDs unknown to the native CPU.

Therefore there is no risk of causing this in early CPUID code which
runs before the #VE handler is set up because it will never access
those exotic CPUID leaves.

[1] - https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-module-1.0-public-spec-v0.931.pdf

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Reviewed-by: Andi Kleen <ak@xxxxxxxxxxxxxxx>
Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
---

Changes since v5:
* Fixed commit log as per review comments.
* Removed WARN_ON() in tdx_handle_cpuid().
* Renamed "tdg" prefix with "tdx".

Changes since v4:
* None

Changes since v3:
* None
arch/x86/kernel/tdx.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)

diff --git a/arch/x86/kernel/tdx.c b/arch/x86/kernel/tdx.c
index 5c52dde4a5fd..c65c117aff5f 100644
--- a/arch/x86/kernel/tdx.c
+++ b/arch/x86/kernel/tdx.c
@@ -150,6 +150,21 @@ static int tdx_write_msr_safe(unsigned int msr, unsigned int low,
return ret ? -EIO : 0;
}

+static u64 tdx_handle_cpuid(struct pt_regs *regs)
+{
+ struct tdx_hypercall_output out = {0};
+ u64 ret;
+
+ ret = _tdx_hypercall(EXIT_REASON_CPUID, regs->ax, regs->cx, 0, 0, &out);
+
+ regs->ax = out.r12;
+ regs->bx = out.r13;
+ regs->cx = out.r14;
+ regs->dx = out.r15;
+
+ return ret;
+}
+
unsigned long tdx_get_ve_info(struct ve_info *ve)
{
struct tdx_module_output out = {0};
@@ -193,6 +208,9 @@ int tdx_handle_virtualization_exception(struct pt_regs *regs,
case EXIT_REASON_MSR_WRITE:
ret = tdx_write_msr_safe(regs->cx, regs->ax, regs->dx);
break;
+ case EXIT_REASON_CPUID:
+ ret = tdx_handle_cpuid(regs);
+ break;
default:
pr_warn("Unexpected #VE: %lld\n", ve->exit_reason);
return -EFAULT;
--
2.25.1

Next message: Mrs Chantel Hermans: "ATTENTION"
Previous message: Kuppuswamy Sathyanarayanan: "[PATCH v6 08/11] x86/tdx: Wire up KVM hypercalls"
In reply to: Kuppuswamy Sathyanarayanan: "[PATCH v6 08/11] x86/tdx: Wire up KVM hypercalls"
Next in thread: Dave Hansen: "Re: [PATCH v6 11/11] x86/tdx: Handle CPUID via #VE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]