[v8,064/103] KVM: TDX: Implement TDX vcpu enter/exit path

Message ID	911db6589bb49207c580f7fb23dacb953692cd18.1659854790.git.isaku.yamahata@intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <kvm-owner@kernel.org> From: isaku.yamahata@intel.com To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com, Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com, Sean Christopherson <seanjc@google.com>, Sagi Shahar <sagis@google.com> Subject: [PATCH v8 064/103] KVM: TDX: Implement TDX vcpu enter/exit path Date: Sun, 7 Aug 2022 15:01:49 -0700 Message-Id: <911db6589bb49207c580f7fb23dacb953692cd18.1659854790.git.isaku.yamahata@intel.com> In-Reply-To: <cover.1659854790.git.isaku.yamahata@intel.com> References: <cover.1659854790.git.isaku.yamahata@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	KVM TDX basic feature support \| expand [v8,000/103] KVM TDX basic feature support [v8,001/103] KVM: x86: Move check_processor_compatibility from init ops to runtime ops [v8,002/103] Partially revert "KVM: Pass kvm_init()'s opaque param to additional arch funcs" [v8,003/103] KVM: Refactor CPU compatibility check on module initialization [v8,004/103] KVM: VMX: Move out vmx_x86_ops to 'main.c' to wrap VMX and TDX [v8,005/103] KVM: x86: Refactor KVM VMX module init/exit functions [v8,006/103] KVM: Enable hardware before doing arch VM initialization [v8,007/103] KVM: TDX: Add placeholders for TDX VM/vcpu structure [v8,008/103] x86/virt/tdx: Add a helper function to return system wide info about TDX module [v8,009/103] KVM: TDX: Initialize the TDX module when loading the KVM intel kernel module [v8,010/103] KVM: x86: Introduce vm_type to differentiate default VMs from confidential VMs [v8,011/103] KVM: TDX: Make TDX VM type supported [v8,012/103,MARKER] The start of TDX KVM patch series: TDX architectural definitions [v8,013/103] KVM: TDX: Define TDX architectural definitions [v8,014/103] KVM: TDX: Add TDX "architectural" error codes [v8,015/103] KVM: TDX: Add C wrapper functions for SEAMCALLs to the TDX module [v8,016/103] KVM: TDX: Add helper functions to print TDX SEAMCALL error [v8,017/103,MARKER] The start of TDX KVM patch series: TD VM creation/destruction [v8,018/103] KVM: TDX: Stub in tdx.h with structs, accessors, and VMCS helpers [v8,019/103] x86/cpu: Add helper functions to allocate/free TDX private host key id [v8,020/103] KVM: TDX: create/destroy VM structure [v8,021/103] KVM: TDX: x86: Add ioctl to get TDX systemwide parameters [v8,022/103] KVM: TDX: Add place holder for TDX VM specific mem_enc_op ioctl [v8,023/103] KVM: TDX: initialize VM with TDX specific parameters [v8,024/103] KVM: TDX: Make pmu_intel.c ignore guest TD case [v8,025/103,MARKER] The start of TDX KVM patch series: TD vcpu creation/destruction [v8,026/103] KVM: TDX: allocate/free TDX vcpu structure [v8,027/103] KVM: TDX: Do TDX specific vcpu initialization [v8,028/103,MARKER] The start of TDX KVM patch series: KVM MMU GPA shared bits [v8,029/103] KVM: x86/mmu: introduce config for PRIVATE KVM MMU [v8,030/103] KVM: x86/mmu: Add address conversion functions for TDX shared bit of GPA [v8,031/103,MARKER] The start of TDX KVM patch series: KVM TDP refactoring for TDX [v8,032/103] KVM: x86/mmu: Allow non-zero value for non-present SPTE [v8,033/103] KVM: x86/mmu: Track shadow MMIO value/mask on a per-VM basis [v8,034/103] KVM: x86/mmu: Disallow fast page fault on private GPA [v8,035/103] KVM: x86/mmu: Allow per-VM override of the TDP max page level [v8,036/103] KVM: VMX: Introduce test mode related to EPT violation VE [v8,037/103,MARKER] The start of TDX KVM patch series: KVM TDP MMU hooks [v8,038/103] KVM: x86/tdp_mmu: refactor kvm_tdp_mmu_map() [v8,039/103] KVM: x86/tdp_mmu: Init role member of struct kvm_mmu_page at allocation [v8,040/103] KVM: x86/mmu: Require TDP MMU for TDX [v8,041/103] KVM: x86/mmu: Add a new is_private member for union kvm_mmu_page_role [v8,042/103] KVM: x86/mmu: Add a private pointer to struct kvm_mmu_page [v8,043/103] KVM: x86/tdp_mmu: Don't zap private pages for unsupported cases [v8,044/103] KVM: x86/tdp_mmu: Support TDX private mapping for TDP MMU [v8,045/103,MARKER] The start of TDX KVM patch series: TDX EPT violation [v8,046/103] KVM: x86/mmu: Disallow dirty logging for x86 TDX [v8,047/103] KVM: x86/tdp_mmu: Ignore unsupported mmu operation on private GFNs [v8,048/103] KVM: VMX: Split out guts of EPT violation to common/exposed function [v8,049/103] KVM: VMX: Move setting of EPT MMU masks to common VT-x code [v8,050/103] KVM: TDX: Add load_mmu_pgd method for TDX [v8,051/103] KVM: TDX: don't request KVM_REQ_APIC_PAGE_RELOAD [v8,052/103] KVM: x86/VMX: introduce vmx tlb_remote_flush and tlb_remote_flush_with_range [v8,053/103] KVM: TDX: TDP MMU TDX support [v8,054/103,MARKER] The start of TDX KVM patch series: KVM TDP MMU MapGPA [v8,055/103] KVM: Add functions to track whether GFN is private or shared [v8,056/103] KVM: x86/mmu: Let vcpu re-try when faulting page type conflict [v8,057/103] KVM: x86/mmu: Introduce kvm_mmu_map_tdp_page() for use by TDX [v8,058/103] KVM: x86/tdp_mmu: implement MapGPA hypercall for TDX [v8,059/103,MARKER] The start of TDX KVM patch series: TD finalization [v8,060/103] KVM: TDX: Create initial guest memory [v8,061/103] KVM: TDX: Finalize VM initialization [v8,062/103,MARKER] The start of TDX KVM patch series: TD vcpu enter/exit [v8,063/103] KVM: TDX: Add helper assembly function to TDX vcpu [v8,064/103] KVM: TDX: Implement TDX vcpu enter/exit path [v8,065/103] KVM: TDX: vcpu_run: save/restore host state(host kernel gs) [v8,066/103] KVM: TDX: restore host xsave state when exit from the guest TD [v8,067/103] KVM: x86: Allow to update cached values in kvm_user_return_msrs w/o wrmsr [v8,068/103] KVM: TDX: restore user ret MSRs [v8,069/103,MARKER] The start of TDX KVM patch series: TD vcpu exits/interrupts/hypercalls [v8,070/103] KVM: TDX: complete interrupts after tdexit [v8,071/103] KVM: TDX: restore debug store when TD exit [v8,072/103] KVM: TDX: handle vcpu migration over logical processor [v8,073/103] KVM: x86: Add a switch_db_regs flag to handle TDX's auto-switched behavior [v8,074/103] KVM: TDX: Add support for find pending IRQ in a protected local APIC [v8,075/103] KVM: x86: Assume timer IRQ was injected if APIC state is proteced [v8,076/103] KVM: TDX: remove use of struct vcpu_vmx from posted_interrupt.c [v8,077/103] KVM: TDX: Implement interrupt injection [v8,078/103] KVM: TDX: Implements vcpu request_immediate_exit [v8,079/103] KVM: TDX: Implement methods to inject NMI [v8,080/103] KVM: VMX: Modify NMI and INTR handlers to take intr_info as function argument [v8,081/103] KVM: VMX: Move NMI/exception handler to common helper [v8,082/103] KVM: x86: Split core of hypercall emulation to helper function [v8,083/103] KVM: TDX: Add a place holder to handle TDX VM exit [v8,084/103] KVM: TDX: Retry seamcall when TDX_OPERAND_BUSY with operand SEPT [v8,085/103] KVM: TDX: handle EXIT_REASON_OTHER_SMI [v8,086/103] KVM: TDX: handle ept violation/misconfig exit [v8,087/103] KVM: TDX: handle EXCEPTION_NMI and EXTERNAL_INTERRUPT [v8,088/103] KVM: TDX: Add a place holder for handler of TDX hypercalls (TDG.VP.VMCALL) [v8,089/103] KVM: TDX: handle KVM hypercall with TDG.VP.VMCALL [v8,090/103] KVM: TDX: Handle TDX PV CPUID hypercall [v8,091/103] KVM: TDX: Handle TDX PV HLT hypercall [v8,092/103] KVM: TDX: Handle TDX PV port io hypercall [v8,093/103] KVM: TDX: Handle TDX PV MMIO hypercall [v8,094/103] KVM: TDX: Implement callbacks for MSR operations for TDX [v8,095/103] KVM: TDX: Handle TDX PV rdmsr/wrmsr hypercall [v8,096/103] KVM: TDX: Handle TDX PV report fatal error hypercall [v8,097/103] KVM: TDX: Handle TDX PV map_gpa hypercall [v8,098/103] KVM: TDX: Handle TDG.VP.VMCALL<GetTdVmCallInfo> hypercall [v8,099/103] KVM: TDX: Silently discard SMI request [v8,100/103] KVM: TDX: Silently ignore INIT/SIPI [v8,101/103] KVM: TDX: Add methods to ignore accesses to CPU state [v8,102/103] Documentation/virt/kvm: Document on Trust Domain Extensions(TDX) [v8,103/103] KVM: x86: design documentation on TDX support of x86 KVM TDP MMU

Message ID

911db6589bb49207c580f7fb23dacb953692cd18.1659854790.git.isaku.yamahata@intel.com (mailing list archive)

State

New, archived

Headers

From: isaku.yamahata@intel.com
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: isaku.yamahata@intel.com, isaku.yamahata@gmail.com,
        Paolo Bonzini <pbonzini@redhat.com>, erdemaktas@google.com,
        Sean Christopherson <seanjc@google.com>,
        Sagi Shahar <sagis@google.com>
Subject: [PATCH v8 064/103] KVM: TDX: Implement TDX vcpu enter/exit path
Date: Sun,  7 Aug 2022 15:01:49 -0700
Message-Id: 
 <911db6589bb49207c580f7fb23dacb953692cd18.1659854790.git.isaku.yamahata@intel.com>
In-Reply-To: <cover.1659854790.git.isaku.yamahata@intel.com>
References: <cover.1659854790.git.isaku.yamahata@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

KVM TDX basic feature support | expand

Commit Message

Isaku Yamahata Aug. 7, 2022, 10:01 p.m. UTC

From: Isaku Yamahata <isaku.yamahata@intel.com>

This patch implements running TDX vcpu.  Once vcpu runs on the logical
processor (LP), the TDX vcpu is associated with it.  When the TDX vcpu
moves to another LP, the TDX vcpu needs to flush its status on the LP.
When destroying TDX vcpu, it needs to complete flush and flush cpu memory
cache.  Track which LP the TDX vcpu run and flush it as necessary.

Do nothing on sched_in event as TDX doesn't support pause loop.

TDX vcpu execution requires restoring PMU debug store after returning back
to KVM because the TDX module unconditionally resets the value.  To reuse
the existing code, export perf_restore_debug_store.

Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
---
 arch/x86/kvm/vmx/main.c    | 21 +++++++++++++++++++--
 arch/x86/kvm/vmx/tdx.c     | 32 ++++++++++++++++++++++++++++++++
 arch/x86/kvm/vmx/tdx.h     | 33 +++++++++++++++++++++++++++++++++
 arch/x86/kvm/vmx/x86_ops.h |  2 ++
 arch/x86/kvm/x86.c         |  1 +
 5 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c
index cef84c52caa9..60c1e7357576 100644
--- a/arch/x86/kvm/vmx/main.c
+++ b/arch/x86/kvm/vmx/main.c
@@ -110,6 +110,23 @@  static void vt_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
 	return vmx_vcpu_reset(vcpu, init_event);
 }
 
+static int vt_vcpu_pre_run(struct kvm_vcpu *vcpu)
+{
+	if (is_td_vcpu(vcpu))
+		/* Unconditionally continue to vcpu_run(). */
+		return 1;
+
+	return vmx_vcpu_pre_run(vcpu);
+}
+
+static fastpath_t vt_vcpu_run(struct kvm_vcpu *vcpu)
+{
+	if (is_td_vcpu(vcpu))
+		return tdx_vcpu_run(vcpu);
+
+	return vmx_vcpu_run(vcpu);
+}
+
 static void vt_flush_tlb_all(struct kvm_vcpu *vcpu)
 {
 	if (is_td_vcpu(vcpu))
@@ -241,8 +258,8 @@  struct kvm_x86_ops vt_x86_ops __initdata = {
 	.flush_tlb_gva = vt_flush_tlb_gva,
 	.flush_tlb_guest = vt_flush_tlb_guest,
 
-	.vcpu_pre_run = vmx_vcpu_pre_run,
-	.vcpu_run = vmx_vcpu_run,
+	.vcpu_pre_run = vt_vcpu_pre_run,
+	.vcpu_run = vt_vcpu_run,
 	.handle_exit = vmx_handle_exit,
 	.skip_emulated_instruction = vmx_skip_emulated_instruction,
 	.update_emulated_instruction = vmx_update_emulated_instruction,
diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
index 8400388b8ddf..8075ca5f2f96 100644
--- a/arch/x86/kvm/vmx/tdx.c
+++ b/arch/x86/kvm/vmx/tdx.c
@@ -11,6 +11,9 @@ 
 #include "x86.h"
 #include "mmu.h"
 
+#include <trace/events/kvm.h>
+#include "trace.h"
+
 #undef pr_fmt
 #define pr_fmt(fmt) "tdx: " fmt
 
@@ -539,6 +542,35 @@  void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event)
 	vcpu->kvm->vm_bugged = true;
 }
 
+u64 __tdx_vcpu_run(hpa_t tdvpr, void *regs, u32 regs_mask);
+
+static noinstr void tdx_vcpu_enter_exit(struct kvm_vcpu *vcpu,
+					struct vcpu_tdx *tdx)
+{
+	guest_enter_irqoff();
+	tdx->exit_reason.full = __tdx_vcpu_run(tdx->tdvpr.pa, vcpu->arch.regs, 0);
+	guest_exit_irqoff();
+}
+
+fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu)
+{
+	struct vcpu_tdx *tdx = to_tdx(vcpu);
+
+	if (unlikely(vcpu->kvm->vm_bugged)) {
+		tdx->exit_reason.full = TDX_NON_RECOVERABLE_VCPU;
+		return EXIT_FASTPATH_NONE;
+	}
+
+	trace_kvm_entry(vcpu);
+
+	tdx_vcpu_enter_exit(vcpu, tdx);
+
+	vcpu->arch.regs_avail &= ~VMX_REGS_LAZY_LOAD_SET;
+	trace_kvm_exit(vcpu, KVM_ISA_VMX);
+
+	return EXIT_FASTPATH_NONE;
+}
+
 void tdx_load_mmu_pgd(struct kvm_vcpu *vcpu, hpa_t root_hpa, int pgd_level)
 {
 	td_vmcs_write64(to_tdx(vcpu), SHARED_EPT_POINTER, root_hpa & PAGE_MASK);
diff --git a/arch/x86/kvm/vmx/tdx.h b/arch/x86/kvm/vmx/tdx.h
index eace70f4a0a1..46e74b6ac6a2 100644
--- a/arch/x86/kvm/vmx/tdx.h
+++ b/arch/x86/kvm/vmx/tdx.h
@@ -47,12 +47,45 @@  struct kvm_tdx {
 	spinlock_t seamcall_lock;
 };
 
+union tdx_exit_reason {
+	struct {
+		/* 31:0 mirror the VMX Exit Reason format */
+		u64 basic		: 16;
+		u64 reserved16		: 1;
+		u64 reserved17		: 1;
+		u64 reserved18		: 1;
+		u64 reserved19		: 1;
+		u64 reserved20		: 1;
+		u64 reserved21		: 1;
+		u64 reserved22		: 1;
+		u64 reserved23		: 1;
+		u64 reserved24		: 1;
+		u64 reserved25		: 1;
+		u64 bus_lock_detected	: 1;
+		u64 enclave_mode	: 1;
+		u64 smi_pending_mtf	: 1;
+		u64 smi_from_vmx_root	: 1;
+		u64 reserved30		: 1;
+		u64 failed_vmentry	: 1;
+
+		/* 63:32 are TDX specific */
+		u64 details_l1		: 8;
+		u64 class		: 8;
+		u64 reserved61_48	: 14;
+		u64 non_recoverable	: 1;
+		u64 error		: 1;
+	};
+	u64 full;
+};
+
 struct vcpu_tdx {
 	struct kvm_vcpu	vcpu;
 
 	struct tdx_td_page tdvpr;
 	struct tdx_td_page *tdvpx;
 
+	union tdx_exit_reason exit_reason;
+
 	bool vcpu_initialized;
 
 	/*
diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h
index bae7b2edd045..0b00197a22f6 100644
--- a/arch/x86/kvm/vmx/x86_ops.h
+++ b/arch/x86/kvm/vmx/x86_ops.h
@@ -144,6 +144,7 @@  void tdx_vm_free(struct kvm *kvm);
 int tdx_vcpu_create(struct kvm_vcpu *vcpu);
 void tdx_vcpu_free(struct kvm_vcpu *vcpu);
 void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event);
+fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu);
 
 int tdx_vm_ioctl(struct kvm *kvm, void __user *argp);
 int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp);
@@ -165,6 +166,7 @@  static inline void tdx_vm_free(struct kvm *kvm) {}
 static inline int tdx_vcpu_create(struct kvm_vcpu *vcpu) { return -EOPNOTSUPP; }
 static inline void tdx_vcpu_free(struct kvm_vcpu *vcpu) {}
 static inline void tdx_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event) {}
+static inline fastpath_t tdx_vcpu_run(struct kvm_vcpu *vcpu) { return EXIT_FASTPATH_NONE; }
 
 static inline int tdx_vm_ioctl(struct kvm *kvm, void __user *argp) { return -EOPNOTSUPP; }
 static inline int tdx_vcpu_ioctl(struct kvm_vcpu *vcpu, void __user *argp) { return -EOPNOTSUPP; }
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index b126e407944f..ea7c32e259d6 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -300,6 +300,7 @@  const struct kvm_stats_header kvm_vcpu_stats_header = {
 };
 
 u64 __read_mostly host_xcr0;
+EXPORT_SYMBOL_GPL(host_xcr0);
 
 static struct kmem_cache *x86_emulator_cache;

[v8,064/103] KVM: TDX: Implement TDX vcpu enter/exit path

Commit Message

Patch