[16/18] KVM: TDX: Add a method to ignore hypercall patching

Message ID	20241210004946.3718496-17-binbin.wu@linux.intel.com (mailing list archive)
State	New
Headers	show Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC561226173; Tue, 10 Dec 2024 00:48:47 +0000 (UTC) From: Binbin Wu <binbin.wu@linux.intel.com> To: pbonzini@redhat.com, seanjc@google.com, kvm@vger.kernel.org Cc: rick.p.edgecombe@intel.com, kai.huang@intel.com, adrian.hunter@intel.com, reinette.chatre@intel.com, xiaoyao.li@intel.com, tony.lindgren@linux.intel.com, isaku.yamahata@intel.com, yan.y.zhao@intel.com, chao.gao@intel.com, linux-kernel@vger.kernel.org, binbin.wu@linux.intel.com Subject: [PATCH 16/18] KVM: TDX: Add a method to ignore hypercall patching Date: Tue, 10 Dec 2024 08:49:42 +0800 Message-ID: <20241210004946.3718496-17-binbin.wu@linux.intel.com> In-Reply-To: <20241210004946.3718496-1-binbin.wu@linux.intel.com> References: <20241210004946.3718496-1-binbin.wu@linux.intel.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	KVM: TDX: TDX "the rest" part \| expand [00/18] KVM: TDX: TDX "the rest" part [01/18] KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched behavior [02/18] KVM: TDX: Handle EPT violation/misconfig exit [03/18] KVM: TDX: Detect unexpected SEPT violations due to pending SPTEs [04/18] KVM: TDX: Handle TDX PV CPUID hypercall [05/18] KVM: TDX: Handle TDX PV HLT hypercall [06/18] KVM: x86: Move KVM_MAX_MCE_BANKS to header file [07/18] KVM: TDX: Implement callbacks for MSR operations [08/18] KVM: TDX: Handle TDX PV rdmsr/wrmsr hypercall [09/18] KVM: TDX: Enable guest access to LMCE related MSRs [10/18] KVM: TDX: Handle TDG.VP.VMCALL<GetTdVmCallInfo> hypercall [11/18] KVM: TDX: Add methods to ignore accesses to CPU state [12/18] KVM: TDX: Add method to ignore guest instruction emulation [13/18] KVM: TDX: Add methods to ignore VMX preemption timer [14/18] KVM: TDX: Add methods to ignore accesses to TSC [15/18] KVM: TDX: Ignore setting up mce [16/18] KVM: TDX: Add a method to ignore hypercall patching [17/18] KVM: TDX: Make TDX VM type supported [18/18] Documentation/virt/kvm: Document on Trust Domain Extensions(TDX)

Message ID

20241210004946.3718496-17-binbin.wu@linux.intel.com (mailing list archive)

State

New

Headers

From: Binbin Wu <binbin.wu@linux.intel.com>
To: pbonzini@redhat.com,
	seanjc@google.com,
	kvm@vger.kernel.org
Cc: rick.p.edgecombe@intel.com,
	kai.huang@intel.com,
	adrian.hunter@intel.com,
	reinette.chatre@intel.com,
	xiaoyao.li@intel.com,
	tony.lindgren@linux.intel.com,
	isaku.yamahata@intel.com,
	yan.y.zhao@intel.com,
	chao.gao@intel.com,
	linux-kernel@vger.kernel.org,
	binbin.wu@linux.intel.com
Subject: [PATCH 16/18] KVM: TDX: Add a method to ignore hypercall patching
Date: Tue, 10 Dec 2024 08:49:42 +0800
Message-ID: <20241210004946.3718496-17-binbin.wu@linux.intel.com>
In-Reply-To: <20241210004946.3718496-1-binbin.wu@linux.intel.com>
References: <20241210004946.3718496-1-binbin.wu@linux.intel.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

KVM: TDX: TDX "the rest" part | expand

Commit Message

Binbin Wu Dec. 10, 2024, 12:49 a.m. UTC

From: Isaku Yamahata <isaku.yamahata@intel.com>

Because guest TD memory is protected, VMM patching guest binary for
hypercall instruction isn't possible.  Add a method to ignore hypercall
patching.  Note: guest TD kernel needs to be modified to use
TDG.VP.VMCALL for hypercall.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Signed-off-by: Binbin Wu <binbin.wu@linux.intel.com>
---
TDX "the rest" breakout:
- Renamed from
  "KVM: TDX: Add a method to ignore for TDX to ignore hypercall patch"
  to "KVM: TDX: Add a method to ignore hypercall patching".
- Dropped KVM_BUG_ON() in vt_patch_hypercall(). (Rick)
- Remove "with a warning" from "Add a method to ignore hypercall
  patching with a warning." in changelog to reflect code change.
---
 arch/x86/kvm/vmx/main.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index 01ad3865d54f..81b9d2379a74 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -657,6 +657,19 @@  static u32 vt_get_interrupt_shadow(struct kvm_vcpu *vcpu)
 	return vmx_get_interrupt_shadow(vcpu);
 }
 
+static void vt_patch_hypercall(struct kvm_vcpu *vcpu,
+				  unsigned char *hypercall)
+{
+	/*
+	 * Because guest memory is protected, guest can't be patched. TD kernel
+	 * is modified to use TDG.VP.VMCALL for hypercall.
+	 */
+	if (is_td_vcpu(vcpu))
+		return;
+
+	vmx_patch_hypercall(vcpu, hypercall);
+}
+
 static void vt_inject_irq(struct kvm_vcpu *vcpu, bool reinjected)
 {
 	if (is_td_vcpu(vcpu))
@@ -921,7 +934,7 @@  struct kvm_x86_ops vt_x86_ops __initdata = {
 	.update_emulated_instruction = vmx_update_emulated_instruction,
 	.set_interrupt_shadow = vt_set_interrupt_shadow,
 	.get_interrupt_shadow = vt_get_interrupt_shadow,
-	.patch_hypercall = vmx_patch_hypercall,
+	.patch_hypercall = vt_patch_hypercall,
 	.inject_irq = vt_inject_irq,
 	.inject_nmi = vt_inject_nmi,
 	.inject_exception = vt_inject_exception,

[16/18] KVM: TDX: Add a method to ignore hypercall patching

Commit Message

Patch