From patchwork Mon Jun 26 14:12:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Huang, Kai" X-Patchwork-Id: 13292989 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8B14BEB64D7 for ; Mon, 26 Jun 2023 14:15:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2A4D58D0011; Mon, 26 Jun 2023 10:15:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 255138D0001; Mon, 26 Jun 2023 10:15:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0D37E8D0011; Mon, 26 Jun 2023 10:15:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id EBBC08D0001 for ; Mon, 26 Jun 2023 10:15:53 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id A9C4DA057D for ; Mon, 26 Jun 2023 14:15:53 +0000 (UTC) X-FDA: 80945097786.13.C947867 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf14.hostedemail.com (Postfix) with ESMTP id BCC8E100003 for ; Mon, 26 Jun 2023 14:15:50 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Y7JvzjTS; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf14.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687788951; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=WHd5ducrPhzPeb61zl6Eu49OCI6HogJNxi+D08YoFDw=; b=ziZQk6VcEw6h7UCN3UUz86ykqJuaC+TGJI7rRKyaM8p2GxqgvB2h7dyVI0mco5/TZXT1zq S4OAlaHtCzup+DH4rKcugKzRA1z3BL5DUdB1EhLxni2YVQ9eOhCs/D/G11yOFM2vgAD2yi 9UBnXGrRsq9Yc8BJpUOOt3u224oUyoM= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=Y7JvzjTS; dmarc=pass (policy=none) header.from=intel.com; spf=pass (imf14.hostedemail.com: domain of kai.huang@intel.com designates 134.134.136.126 as permitted sender) smtp.mailfrom=kai.huang@intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687788951; a=rsa-sha256; cv=none; b=Spua40nSWSXAayKPlfeMjl1pvnS2LufaWLp3o/5IEdTJUaH0ZFsZupultYPhxWPF9VRaL/ DcXQ1GemUF7fkPzrD3BhQf0WQhsJUBgICf6WkHW/vCbz/LW+s0Z+EEyEoXLc0Xr8IqAhgF 5GxN9RxA6dYyARRxzg0WIX4Ptj/RFB0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1687788950; x=1719324950; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=aUMKWf1P6Io805CmABy5YQpEPitiSlwsBehX9i/r0CA=; b=Y7JvzjTSg4KT4vnJ1nSGgdgMTiWWGRAnc525AiITfSDU+1ee6lqLNq3p 1cnTDqEPo51b1wHOtszfPK6W5mfF32q8lPnaSo4+ZbdbhB6MdH7KOMmIu ag+rbxKQO3R2nWLDhPNnW+67bkKLdusaEkwBl9K6lMIy7wltL4XooAJSx zVoNE1T2WA9oFfZ3fjdq8TMIOihMqwbMu25DuDtbiR5CUW8fWy+daH4XN nvGecQWO3dZCIF1PGBWg2uglXZlhadOOOVmGsUib2NsVy4u945yZcNI8s mbYjAPT8nMnTR3vDb+jEZ9IindahMQkWkD0Kz/MCRlAVV3yK5az8qXm0z Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10753"; a="346034211" X-IronPort-AV: E=Sophos;i="6.01,159,1684825200"; d="scan'208";a="346034211" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jun 2023 07:15:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10753"; a="890292482" X-IronPort-AV: E=Sophos;i="6.01,159,1684825200"; d="scan'208";a="890292482" Received: from smithau-mobl1.amr.corp.intel.com (HELO khuang2-desk.gar.corp.intel.com) ([10.213.179.223]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Jun 2023 07:15:43 -0700 From: Kai Huang To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: linux-mm@kvack.org, x86@kernel.org, dave.hansen@intel.com, kirill.shutemov@linux.intel.com, tony.luck@intel.com, peterz@infradead.org, tglx@linutronix.de, bp@alien8.de, mingo@redhat.com, hpa@zytor.com, seanjc@google.com, pbonzini@redhat.com, david@redhat.com, dan.j.williams@intel.com, rafael.j.wysocki@intel.com, ashok.raj@intel.com, reinette.chatre@intel.com, len.brown@intel.com, ak@linux.intel.com, isaku.yamahata@intel.com, ying.huang@intel.com, chao.gao@intel.com, sathyanarayanan.kuppuswamy@linux.intel.com, nik.borisov@suse.com, bagasdotme@gmail.com, sagis@google.com, imammedo@redhat.com, kai.huang@intel.com Subject: [PATCH v12 20/22] x86/virt/tdx: Allow SEAMCALL to handle #UD and #GP Date: Tue, 27 Jun 2023 02:12:50 +1200 Message-Id: X-Mailer: git-send-email 2.40.1 In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: BCC8E100003 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: k6eckpe4mg7ubby9z54s5xfb5sa3oagt X-HE-Tag: 1687788950-468210 X-HE-Meta: U2FsdGVkX19PZ3rjoiIDKSKbxP5PYFZykcspy4FCar33XHkKK5D/w8tvlWB4UKslFppIpyZkJdZU2LnPKBW+nPNe8lYbNdBM03ZgSZ1zl/igUHNPAwgyfDvI/P8v2wYuaKigBTFwD5nYOIxO5zuidREsm9m7vcGfyPWNST+8SnVRwxWfHQyYYHWBqeeQblM9JCGWdFV+dYNqCTAgoAHcCdEsu8nL/qSgnTeCrhPvHbUm9MjQuiqT+/PiDdSCNGjbej+0gK+cmwXU9lWe9JvDwCt73/uFL94sGzutklAzFvMUrt3HXqkP4/+1doYaXGMBs1JFHnY0O2p/qLChADc2qEqBnOsZTsyfVuC+ILh6o3K4Lpwtu2R/bfuwXpUSKHs10RNOQyYd34Uw8PbJAUwL/VAX8ZgVZtfbGDzT00w0vh/zsecQHXMaJ87WHKNGsyvBfQqgZR1PKDu+RTpNTk/IlKhLcWQChEB8oY4FY3paxwRSSQLv4fAJpprZ26XFdEnCxQrFimbfZWhU9yNDizC+6WiWg8/OvuTDFHw5mD77cO/uCN2zW2jaLdnl4lycJccBqNv4dDBMhX5VeHiBA2bdxK/K+1Oso3zZ/eXWjl582JPhG8pmfFTPNQyfwbu5PNUlWhePWHOC6I9wiIp56FmKQHF8hfyNjz6V2jeK+hPhkA4jJPLZ4097OL5mVzPp3ojbmTVrxKZzmPM5FBYs6OvnNohNBndseeEzvJAWLfqAIxQAJPHFWdnJO5eCpw1NU5pe1kd5D/od6Al2RPrSUabTRl7wkotfxhcB5vlZ8k7ObxHkK9pKWruAAujX2fb2z5yabdnNWnzEB5vGCe62vb4HRDzKx5q4LNYfhVBiaPIGIILUUJcRPDLRNyveElmlf1MWcanGJesdoVS6BQYXFzzoA7I8tekg7DASA+tNL2SbazqTvAFpapRgvMhzAO0rTXi+duQANAlk5brLtz62fBD FUNqgrBR XVGwK6CpM693kKg1G18QMwmU4ADEZScBjBbT8+cnI4EzhpCGiPb+OkWAUs2P83DKsSdnMpzR4aURBQaO+7EjvfxNTBVOYD3lg24sdhrGUWgvk5gqywx0XbyUR4QCGoneaXMwYdYI0OHhU2W09C9sZ7QP/TEl5VMA8ZuVxJ1VEIQmgUkjFPpPI1hyhGHptv6/gU2C2 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On the platform with the "partial write machine check" erratum, a kernel partial write to TDX private memory may cause unexpected machine check. It would be nice if the #MC handler could print additional information to show the #MC was TDX private memory error due to possible kernel bug. To do that, the machine check handler needs to use SEAMCALL to query page type of the error memory from the TDX module, because there's no existing infrastructure to track TDX private pages. SEAMCALL instruction causes #UD if CPU isn't in VMX operation. In #MC handler, it is legal that CPU isn't in VMX operation when making this SEAMCALL. Extend the TDX_MODULE_CALL macro to handle #UD so the SEAMCALL can return error code instead of Oops in the #MC handler. Opportunistically handles #GP too since they share the same code. A bonus is when kernel mistakenly calls SEAMCALL when CPU isn't in VMX operation, or when TDX isn't enabled by the BIOS, or when the BIOS is buggy, the kernel can get a nicer error message rather than a less understandable Oops. Signed-off-by: Kai Huang Reviewed-by: Kirill A. Shutemov --- v11 -> v12 (new patch): - Splitted out from "SEAMCALL infrastructure" patch for better review. - Provide justification in changelog (Dave/David) --- arch/x86/include/asm/tdx.h | 5 +++++ arch/x86/virt/vmx/tdx/tdx.c | 7 +++++++ arch/x86/virt/vmx/tdx/tdxcall.S | 19 +++++++++++++++++-- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index e95c9fbf52e4..8d3f85bcccc1 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -8,6 +8,8 @@ #include #include +#include + /* * SW-defined error codes. * @@ -18,6 +20,9 @@ #define TDX_SW_ERROR (TDX_ERROR | GENMASK_ULL(47, 40)) #define TDX_SEAMCALL_VMFAILINVALID (TDX_SW_ERROR | _UL(0xFFFF0000)) +#define TDX_SEAMCALL_GP (TDX_SW_ERROR | X86_TRAP_GP) +#define TDX_SEAMCALL_UD (TDX_SW_ERROR | X86_TRAP_UD) + #ifndef __ASSEMBLY__ /* TDX supported page sizes from the TDX module ABI. */ diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c index 1107f4227568..eba7ff91206d 100644 --- a/arch/x86/virt/vmx/tdx/tdx.c +++ b/arch/x86/virt/vmx/tdx/tdx.c @@ -93,6 +93,13 @@ static int __always_unused seamcall(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, case TDX_SEAMCALL_VMFAILINVALID: pr_err_once("module is not loaded.\n"); return -ENODEV; + case TDX_SEAMCALL_GP: + pr_err_once("not enabled by BIOS.\n"); + return -ENODEV; + case TDX_SEAMCALL_UD: + pr_err_once("SEAMCALL failed: CPU %d is not in VMX operation.\n", + cpu); + return -EINVAL; default: pr_err_once("SEAMCALL failed: CPU %d: leaf %llu, error 0x%llx.\n", cpu, fn, sret); diff --git a/arch/x86/virt/vmx/tdx/tdxcall.S b/arch/x86/virt/vmx/tdx/tdxcall.S index 49a54356ae99..757b0c34be10 100644 --- a/arch/x86/virt/vmx/tdx/tdxcall.S +++ b/arch/x86/virt/vmx/tdx/tdxcall.S @@ -1,6 +1,7 @@ /* SPDX-License-Identifier: GPL-2.0 */ #include #include +#include /* * TDCALL and SEAMCALL are supported in Binutils >= 2.36. @@ -45,6 +46,7 @@ /* Leave input param 2 in RDX */ .if \host +1: seamcall /* * SEAMCALL instruction is essentially a VMExit from VMX root @@ -57,10 +59,23 @@ * This value will never be used as actual SEAMCALL error code as * it is from the Reserved status code class. */ - jnc .Lno_vmfailinvalid + jnc .Lseamcall_out mov $TDX_SEAMCALL_VMFAILINVALID, %rax -.Lno_vmfailinvalid: + jmp .Lseamcall_out +2: + /* + * SEAMCALL caused #GP or #UD. By reaching here %eax contains + * the trap number. Convert the trap number to the TDX error + * code by setting TDX_SW_ERROR to the high 32-bits of %rax. + * + * Note cannot OR TDX_SW_ERROR directly to %rax as OR instruction + * only accepts 32-bit immediate at most. + */ + mov $TDX_SW_ERROR, %r12 + orq %r12, %rax + _ASM_EXTABLE_FAULT(1b, 2b) +.Lseamcall_out: .else tdcall .endif